Hi Joerg, I am working on device tree support for SVSM to allow it to discover MMIO devices that should be used only by SVSM. In this way we can differentiate the devices attached to VMPL0 and VMPLX. As we discussed in the SVSM community call, we can use IGVM to expose the device tree to SVSM. This should be generic enough to be supported by any hypervisor (vs the PoC we currently have that uses the fw-cfg).
My idea is to use the IGVM directive "IGVM_VHT_DEVICE_TREE", basically replicating what was done for MADT, allocating a page (maybe more?) for the DT blob, using a new index for the parameter area. I think that the DT parameter, just like MADT, should be marked as optional for now, as not all hypervisors support it. For the QEMU support, I had an offline discussion with Stefano, who suggested creating a new object (for example "svsm-devices") where we can specify all the devices that need to be attached to SVSM. something like this: -machine [..] svsm-bus=bus1 -device virtio-blk-device,drive=svsm_storage,id=dev1 -object svsm-devices,id=bus1,devices=dev1,dev2,dev3 This object would be in charge of creating the DT. Note that we are not sure if it's doable or not, we still need to investigate the best QEMU interface. What do you think? Do you have a different idea for the DT support? Of course I am very open to suggestions and comments from everybody. Thanks, Luigi
