On 01/04/22 14:08, Xiaoyao Li wrote:
+ Laszlo,
Regarding laoding TDVF as pflash, I have some questions:
- pflash requires KVM to support readonly mmeory. However, for TDX, it
doesn't support readonly memory. Is it a must? or we can make an
exception for TDX?
- I saw from
https://lists.gnu.org/archive/html/qemu-discuss/2018-04/msg00045.html,
you said when load OVMF as pflash, it's MMIO. But for TDVF, it's treated
as private memory. I'm not sure whether it will cause some potential
problem if loading TDVF with pflash.
Anyway I tried changing the existing pflash approach to load TDVF. It
can boot a TDX VM and no issue.
I have no comments on whether TDX should or should not use pflash.
If you go without pflash, then you likely will not have a
standards-conformant UEFI variable store. (Unless you reimplement the
variable arch protocols in edk2 on top of something else than the Fault
Tolerant Write and Firmware Volume Block protocols.) Whether a
conformant UEFI varstore matters to you (or to TDX in general) is
something I can't comment on.
(I've generally stopped commenting on confidential computing topics, but
this message allows for comments on just pflash, and how it impacts OVMF.)
Regarding pflash itself, the read-only KVM memslot is required for it.
Otherwise pflash cannot work as a "ROMD device" (= you can't flip it
back and forth between ROM mode and programming (MMIO) mode).