On 22/3/24 19:11, Paolo Bonzini wrote:
KVM is introducing a new API to create confidential guests, which
will be used by TDX and SEV-SNP but is also available for SEV and
SEV-ES. The API uses the VM type argument to KVM_CREATE_VM to
identify which confidential computing technology to use.
Since there are no other expected uses of VM types, delegate
mc->kvm_type() for x86 boards to the confidential-guest-support
s/mc/cgs/ here and in subject?
object pointed to by ms->cgs.
For example, if a sev-guest object is specified to confidential-guest-support,
like,
qemu -machine ...,confidential-guest-support=sev0 \
-object sev-guest,id=sev0,...
it will check if a VM type KVM_X86_SEV_VM or KVM_X86_SEV_ES_VM
is supported, and if so use them together with the KVM_SEV_INIT2
function of the KVM_MEMORY_ENCRYPT_OP ioctl. If not, it will fall back to
KVM_SEV_INIT and KVM_SEV_ES_INIT.
This is a preparatory work towards TDX and SEV-SNP support, but it
will also enable support for VMSA features such as DebugSwap, which
are only available via KVM_SEV_INIT2.
Co-developed-by: Xiaoyao Li <xiaoyao...@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao...@intel.com>
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
---
target/i386/confidential-guest.h | 19 ++++++++++++++
target/i386/kvm/kvm_i386.h | 2 ++
hw/i386/x86.c | 11 ++++++++
target/i386/kvm/kvm.c | 44 ++++++++++++++++++++++++++++++++
4 files changed, 76 insertions(+)
