[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC v2 15/18] guest memory protection: Decouple kvm_memcrypt_*() he
From: |
David Gibson |
Subject: |
Re: [RFC v2 15/18] guest memory protection: Decouple kvm_memcrypt_*() helpers from KVM |
Date: |
Wed, 3 Jun 2020 20:18:13 +1000 |
On Mon, Jun 01, 2020 at 09:13:01PM -0700, Richard Henderson wrote:
> On 5/20/20 8:43 PM, David Gibson wrote:
> > The kvm_memcrypt_enabled() and kvm_memcrypt_encrypt_data() helper functions
> > don't conceptually have any connection to KVM (although it's not possible
> > in practice to use them without it).
>
> Yet?
>
> I would expect TCG implementations of these interfaces eventually, for
> simulation of such hardware. Or are we expecting *this* interface to be used
> only with kvm/any-other-hw-accel, as the nested guest inside of the outermost
> tcg qemu that's simulating hardware that supports...
Yes, this. The whole point of this stuff is that the guest is
protected *from the hypervisor*, and therefore qemu can't expect to
access guest memory. It's hard to imagine any way TCG could deal with
that.
An implementation for a non-KVM accelerator is entirely plausible, on
the other hand.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature