On 28.12.2025 13:49, Teddy Astie wrote: > Under SEV, the pagetables needs to be post-processed to add the C-bit > (to make the mapping encrypted). The guest is expected to query the C-bit > through CPUID. However, under SEV-ES and SEV-SNP modes, this instruction > now triggers #VC instead. The guest would need to setup a IDT very early > and instead use the early-GHCB protocol to emulate CPUID, which is > complicated.
But isn't this going to be needed for plain HVM anyway? > --- a/xen/include/public/xen.h > +++ b/xen/include/public/xen.h > @@ -890,6 +890,8 @@ typedef struct start_info start_info_t; > #define SIF_MOD_START_PFN (1<<3) /* Is mod_start a PFN? */ > #define SIF_VIRT_P2M_4TOOLS (1<<4) /* Do Xen tools understand a virt. mapped > */ > /* P->M making the 3 level tree obsolete? > */ > +#define SIF_HVM_GHCB (1<<5) /* Domain is SEV-ES/SNP guest that > requires */ > + /* use of GHCB. */ Naming-wise, do we really want to tie this to AMD (and hence exclude other vendors, or require yet another bit to be allocated later)? Jan
