On Mon, Sep 15, 2025 at 02:40:22PM +0200, Hans-Jörg Höxer wrote:
> Hi,
>
> On Sat, Sep 13, 2025 at 07:10:00AM -0700, Mike Larkin wrote:
> > On Tue, Sep 09, 2025 at 11:42:38AM +0200, Hans-Jörg Höxer wrote:
> > > Hi,
> > >
> > > this is an updated diff that works well on vmd/vmm and linux/kvm hosts
> > > with SEV-ES enabled guests.
> > >
> > > The previous discussion raised some questions, thanks for your input!
> > > All in all we came to the conclusion to proceed with this approach.
> > >
> > > ok?
> > >
> >
> > what was the final decision here?
>
> well, I'd say we all agree that depending on ACPI is problematic.
> Mark suggested to try to use the static tables only.  As we want to
> ignore most of the qemu emulated hardware (in a confidentail comp setting)
> anyway, this migth work good enough.  I will look into this.
>
> For qemu/kvm we need busspace paravirtualization which is not (yet)
> supported by vmm and vmd.  When using the proposed whitelist diff, we
> only attach devices, that work in both settings (qemu and vmm/vmd with
> confidentiallity enabled; other configurations are not affected anyway).
> So this should help us to improve and test both scenarios more easily.

So, to recap -

1. you're going to try to use the static tables, and we should see a diff
   for that at some point

2. we can do the whitelist but not until #1 is done

is that right?

-ml