On Wed, Mar 11, 2020 at 12:12:47PM +1100, David Gibson wrote: > I am wondering if we have to introduce an "svm=on" flag anyway. It's > pretty ugly, since all it would be doing is changing defaults here and > there for compatibilty with a possible future SVM transition, but > maybe it's the best we can do :/.
Frankly I'm surprised there's no way for the hypervisor to block VM transition to secure mode. To me an inability to disable DRM looks like a security problem. Does not the ultravisor somehow allow enabling/disabling this functionality from the hypervisor? It would be even better if the hypervisor could block the guest from poking at the ultravisor completely but I guess that would be too much to hope for.
