On Tue, Sep 09, 2025 at 06:07:24PM +0200, Hans-J?rg H?xer wrote:
> commit 336adc09ff764a02b44c771b81f7bec639b7365d
> Author: Hans-Joerg Hoexer <hshoexer@genua.de>
> Date:   Sat Aug 2 12:58:50 2025 +0200
> 
>     Whitelist devices in cfdriver for use when SEV is enabled
>     
>     Skip devices, that are not flagged for use with SEV.  Hook into
>     config_search() and isascan().
>     
>     To be a bit more generic prefer "COCO" (confidential computing)
>     over "SEV" (AMD specific term).

This is not only about security and trusted device emulation, but
to build a GENERIC kernel that runs confidentially as guest on
KVM/qemu and vmm/vmd.

KVM/qemu needs bus space paravirtualization, but vmm/vmd does not
support it.  The current whitelist attaches only devices that work
for both.

With this diff we can make progress and it allows me to test both
setups easily.  Fine tuning can be done in tree.

OK bluhm@