Hi,

On Sat, Sep 13, 2025 at 07:10:00AM -0700, Mike Larkin wrote:
> On Tue, Sep 09, 2025 at 11:42:38AM +0200, Hans-Jörg Höxer wrote:
> > Hi,
> >
> > this is an updated diff that works well on vmd/vmm and linux/kvm hosts
> > with SEV-ES enabled guests.
> >
> > The previous discussion raised some questions, thanks for your input!
> > All in all we came to the conclusion to proceed with this approach.
> >
> > ok?
> >
> 
> what was the final decision here?

well, I'd say we all agree that depending on ACPI is problematic.
Mark suggested to try to use the static tables only.  As we want to
ignore most of the qemu emulated hardware (in a confidentail comp setting)
anyway, this migth work good enough.  I will look into this.

For qemu/kvm we need busspace paravirtualization which is not (yet)
supported by vmm and vmd.  When using the proposed whitelist diff, we
only attach devices, that work in both settings (qemu and vmm/vmd with
confidentiallity enabled; other configurations are not affected anyway).
So this should help us to improve and test both scenarios more easily.

• smime.p7s (5K)