Re: [RFC PATCH 3/4] KVM: TDX: Exit to userspace for GetTdVmCallInfo

[Huang, Kai]

On Wed, 2025-06-11 at 11:13 -0700, Sean Christopherson wrote:
> On Wed, Jun 11, 2025, Rick P Edgecombe wrote:
> > On Wed, 2025-06-11 at 09:26 -0700, Sean Christopherson wrote:
> > > > GetQuote is not part of the "Base" TDVMCALLs and so has a bit in
> > > > GetTdVmCallInfo. We could move it to base?
> > > 
> > > Is GetQuote actually optional?  TDX without attestation seems rather
> > > pointless.
> > 
> > I don't know if that was a consideration for why it got added to the optional
> > category. The inputs were gathered from more than just Linux.
> 
> If there's an actual use case for TDX without attestation, then by all means,
> make it optional.  I'm genuinely curious if there's a hypervisor that plans on
> productizing TDX without supporting attestation.  It's entirely possible (likely?)
> I'm missing or forgetting something.

With no intention to disrupt this discussion, but even w/o GetQuote TDX can
also support attestation, because TD can just get the TDREPORT and send to
remote Quoting Enclave to get it signed, via whatever communication channel
available (vsock, TCP/IP etc). :-)

It's just not all TDX guests have those communication channels available in
CSP's deployment, and GetQuote can fill up the hole as a last resort.

Of course now TD userspace may choose to only support GetQuote simply
because kernel supports "unified ABI" to return remotely verifiable blob
across vendors, but still ...