lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b2e585a7-edd5-4b13-b904-3d0913177aee@suse.com>
Date: Mon, 10 Mar 2025 13:49:46 +0100
From: Juergen Gross <jgross@...e.com>
To: Joerg Roedel <joro@...tes.org>
Cc: Alexey Gladkov <legion@...nel.org>,
 "Alexey Gladkov (Intel)" <alexey.gladkov@...el.com>,
 "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
 Dave Hansen <dave.hansen@...el.com>, Borislav Petkov <bp@...en8.de>,
 Joerg Roedel <jroedel@...e.de>, Ingo Molnar <mingo@...nel.org>,
 x86@...nel.org, hpa@...or.com, Tom Lendacky <thomas.lendacky@....com>,
 Nikunj A Dadhania <nikunj@....com>, linux-kernel@...r.kernel.org,
 Larry.Dewey@....com
Subject: Re: [PATCH] x86/sev: Make SEV_STATUS available via SYSFS

On 10.03.25 13:35, Joerg Roedel wrote:
> On Mon, Mar 10, 2025 at 01:28:38PM +0100, Juergen Gross wrote:
>> We can (saying that with my Xen maintainer hat on).
>>
>> There is /sys/hypervisor/type which should return the used virtualization
>> environment ("xen" when running as a Xen guest).
> 
> In CoCo environments there can be more than one hypervisor beneath the
> guest. For example KVM as the untrusted host, SVSM or another para-visor
> as the trusted in-guest hypervisor. On TDX there is also the TDX module
> in-between, which is another level of hypervisors. ARM and Risc-V will
> have similar architectures.

There are multiple possible approaches here:

1. Only name the hypervisor nearest to the guest (similar to running Xen on
    top of another hypervisor in nested virtualization, which would still
    say "xen").

2. Add another entry for naming the outer hypervisor(s) (if possible).

3. Name all known hypervisor levels, like "kvm,svsm" or "svsm,kvm").

BTW, I've found another user of /sys/hypervisor: s390 running as a z/VM
guest is saying "z/VM Hypervisor" in /sys/hypervisor/type.


Juergen

Download attachment "OpenPGP_0xB0DE9DD628BF132F.asc" of type "application/pgp-keys" (3684 bytes)

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (496 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ