Hi Marc,
On Fri, Aug 13, 2021 at 11:44:39AM -0700, Marc Orr
wrote:> To date, we have _most_ x86 test cases (39/44) working under UEFI and
> we've also got some of the test cases to boot under SEV-ES, using the
> UEFI #VC handler.
While the EFI APP approach simplifies the implementation a lot, I don't
think it is the best path to SEV and TDX testing for a couple of
reasons:
1) It leaves the details of #VC/#VE handling and the SEV-ES
specific communication channels (GHCB) under control of the
firmware. So we can't reliably test those interfaces from an
EFI APP.
2) Same for the memory validation/acceptance interface needed
for SEV-SNP and TDX. Using an EFI APP leaves those under
firmware control and we are not able to reliably test them.
3) The IDT also stays under control of the firmware in an EFI
APP, otherwise the firmware couldn't provide a #VC handler.
This makes it unreliable to test anything IDT or IRQ related.
4) Relying on the firmware #VC hanlder limits the tests to its
abilities. Implementing a separate #VC handler routine for
kvm-unit-tests is more work, but it makes test development
much more flexible.
So it comes down to the fact that and EFI APP leaves control over
SEV/TDX specific hypervisor interfaces in the firmware, making it hard
and unreliable to test these interfaces from kvm-unit-tests. The stub
approach on the other side gives the tests full control over the VM,
allowing to test all aspects of the guest-host interface.
Regards,
Joerg