From: Tom Lendacky <thomas.lendacky@amd.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, Andy Lutomirski <luto@kernel.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
Brijesh Singh <brijesh.singh@amd.com>
Subject: Re: [PATCH] x86/sev: Add AMD_SEV_ES_GUEST Kconfig for including SEV-ES support
Date: Mon, 18 Jan 2021 12:16:37 -0600 [thread overview]
Message-ID: <efb0ae61-d333-2872-5a5b-9e22e2fab55a@amd.com> (raw)
In-Reply-To: <2d795f19-2ac8-ea74-4365-41ea07f8eeec@redhat.com>
On 1/18/21 12:03 PM, Paolo Bonzini wrote:
> On 16/01/21 06:40, Tom Lendacky wrote:
>>
>>> Introduce a new Kconfig, AMD_SEV_ES_GUEST, to control the inclusion of
>>> support for running as an SEV-ES guest. Pivoting on AMD_MEM_ENCRYPT for
>>> guest SEV-ES support is undesirable for host-only kernel builds as
>>> AMD_MEM_ENCRYPT is also required to enable KVM/host support for SEV and
>>> SEV-ES.
>>
>> I believe only KVM_AMD_SEV is required to enable the KVM support to run
>> SEV and SEV-ES guests. The AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT setting is
>> only used to determine whether to enable the KVM SEV/SEV-ES support by
>> default on module load.
>
> Right:
>
> if (IS_ENABLED(CONFIG_KVM_AMD_SEV) && sev) {
> sev_hardware_setup();
> } else {
> sev = false;
> sev_es = false;
> }
>
> I removed the addition to "config AMD_MEM_ENCRYPT_ from Sean's patch, but
> (despite merging it not once but twice) I don't really like the hidden
> dependency on AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT and thus AMD_MEM_ENCRYPT.
> Is there any reason to not always enable sev/sev_es by default?
I don't remember where the AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT suggestion
originally came from. I thought it was from review feedback on the
original SEV patches, but can't find anything about it. @Brijesh might
remember.
But I see no reason not to enable them by default.
Thanks,
Tom
>
> Paolo
>
next prev parent reply other threads:[~2021-01-18 18:18 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-16 0:25 [PATCH] x86/sev: Add AMD_SEV_ES_GUEST Kconfig for including SEV-ES support Sean Christopherson
2021-01-16 5:40 ` Tom Lendacky
2021-01-18 18:03 ` Paolo Bonzini
2021-01-18 18:16 ` Tom Lendacky [this message]
2021-01-18 17:59 ` Paolo Bonzini
2021-01-18 20:26 ` Borislav Petkov
2021-01-18 20:30 ` Paolo Bonzini
2021-01-18 20:29 ` Borislav Petkov
2021-01-18 20:32 ` Paolo Bonzini
2021-01-18 20:47 ` Borislav Petkov
2021-01-19 16:23 ` Sean Christopherson
2021-01-19 17:09 ` Borislav Petkov
2021-01-19 17:12 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=efb0ae61-d333-2872-5a5b-9e22e2fab55a@amd.com \
--to=thomas.lendacky@amd.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.