On Mon, Sep 15, 2025 at 06:52:59AM -0700, Mike Larkin wrote:
> On Mon, Sep 15, 2025 at 02:50:14PM +0200, Hans-J?rg H?xer wrote:
> > Hi,
> >
> > On Mon, Sep 15, 2025 at 05:46:32AM -0700, Mike Larkin wrote:
> > > >
> > > > well, I'd say we all agree that depending on ACPI is problematic.
> > > > Mark suggested to try to use the static tables only.  As we want to
> > > > ignore most of the qemu emulated hardware (in a confidentail comp setting)
> > > > anyway, this migth work good enough.  I will look into this.
> > > >
> > > > For qemu/kvm we need busspace paravirtualization which is not (yet)
> > > > supported by vmm and vmd.  When using the proposed whitelist diff, we
> > > > only attach devices, that work in both settings (qemu and vmm/vmd with
> > > > confidentiallity enabled; other configurations are not affected anyway).
> > > > So this should help us to improve and test both scenarios more easily.
> > >
> > > So, to recap -
> > >
> > > 1. you're going to try to use the static tables, and we should see a diff
> > >    for that at some point
> > >
> > > 2. we can do the whitelist but not until #1 is done
> > >
> > > is that right?
> >
> > I'd say the other way round:
> >
> >  1. do the whitelist now
> >
> >  2. improve further by using the static table apporach
> >
> > Take care,
> > HJ.
> 
> I worry that if we do it in this order, we won't be incentivized to do the
> static table stuff. We will end up committing it and not fixing it.
> 
> Is there a reason we can't quickly verify that the static table approach works?

The whitelist is the next step.  Otherwise I cannot test anything.
Either my KVM/qemu or vmm/vmd setup will break without it.  Any
further diff is untested unless combined with whitelist.

bluhm