lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e9d58d64-ab0f-49e8-ac87-c02bda6bc837@suse.com>
Date: Mon, 10 Mar 2025 13:28:38 +0100
From: Juergen Gross <jgross@...e.com>
To: Alexey Gladkov <legion@...nel.org>, Joerg Roedel <joro@...tes.org>
Cc: "Alexey Gladkov (Intel)" <alexey.gladkov@...el.com>,
 "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
 Dave Hansen <dave.hansen@...el.com>, Borislav Petkov <bp@...en8.de>,
 Joerg Roedel <jroedel@...e.de>, Ingo Molnar <mingo@...nel.org>,
 x86@...nel.org, hpa@...or.com, Tom Lendacky <thomas.lendacky@....com>,
 Nikunj A Dadhania <nikunj@....com>, linux-kernel@...r.kernel.org,
 Larry.Dewey@....com
Subject: Re: [PATCH] x86/sev: Make SEV_STATUS available via SYSFS

On 10.03.25 12:24, Alexey Gladkov wrote:
> On Mon, Mar 10, 2025 at 11:28:46AM +0100, Joerg Roedel wrote:
>> On Thu, Mar 06, 2025 at 11:37:28AM +0100, Alexey Gladkov (Intel) wrote:
>>> I was thinking to suggest something like that
>>>
>>> /sys/firmware/coco/tdx/...
>>> /sys/firmware/coco/sev/...
>>
>> So on a second thought I'd like to vote for the /sys/hypervisor/
>> hierarchy. The `firmware` term is a bit amibious here, the TDX module
>> can be seen as a kind of firmware for the guest OS, but realistically it
>> is more like another hypervisor sitting between KVM and the guest.
>>
>> Also the settings on the SEV side that need to be exposed (VMPL and
>> SEV_STATUS) are CPU properties, but on the other side also set by some
>> form of hypervisor (either KVM/QEMU, the SVSM, or some other paravisor
>> in-between).
>>
>> Overall /sys/hypervisor/ seems to be the best-fitting location for all
>> this data. To avoid ambiguation I propose:
>>
>> 	/sys/hypervisor/common/[coco/]tdx/
>> 	/sys/hypervisor/common/[coco/]sev/
> 
> The /sys/hypervisor requires CONFIG_SYS_HYPERVISOR=y. Now, this parameter
> is not required for the minimum TDX guest configuration.
> 
> As I can see right now [1] this directory is used exclusively by xen team.
> It's part of their ABI stable. I'm not sure we can go in there.

We can (saying that with my Xen maintainer hat on).

There is /sys/hypervisor/type which should return the used virtualization
environment ("xen" when running as a Xen guest).


Juergen

Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3684 bytes)

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (496 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ