On Thu, Mar 13, 2025 at 04:39:15PM +0530, Ani Sinha wrote:
> Right so what we are proposing is generic enough so that if the VM
> wants to use an IGVM container as opposed to an actual firmware image
> in a FUKI, that is totally possible. Then you need to have that IGVM
> setup the memory in a well defined way like you suggest. Sure, the
> IGVM is not passed through a command line but it can be loaded by the
> guest in a well defined memory location and then its instructions can
> be executed.
That makes sense. In this scenario, how does the VMM detect that it got
an IGVM image instead of a firmware image? As I understood the current
documentation the defined behavior is to copy the guest-provided
FW-image to the BIOS region, no?
> In our proposal, we do not want to dictate how the guest would want to
> do that. So hopefully you see now that IGVM and our approach is not
> mutually exclusive but can be complementary to each other.
Fine with me. Just note that supporting the current non-IGVM process for
confidential guests still causes the implicit ABI issue I mentioned
before. But not being a KVM/QEMU maintainer I can live with that :)
Regards,
Joerg
