Andi Kleen
2021-Oct-12 17:55 UTC
[PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared
> I mean ... it's already wide spread.I meant wide spread usage with confidential guests.> If we support it with TDX > it will be used with TDX.It has some security trade offs. The main reason to use TDX is security. Also when people take the VT-d tradeoffs they might be ok with the BIOS trade offs too. -Andi
Michael S. Tsirkin
2021-Oct-12 20:59 UTC
[PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared
On Tue, Oct 12, 2021 at 10:55:20AM -0700, Andi Kleen wrote:> > > I mean ... it's already wide spread. > > > I meant wide spread usage with confidential guests. > > > If we support it with TDX > > it will be used with TDX. > > It has some security trade offs. The main reason to use TDX is security. > Also when people take the VT-d tradeoffs they might be ok with the BIOS > trade offs too. > > -AndiInteresting. VT-d tradeoffs ... what are they? Allowing hypervisor to write into BIOS looks like it will trivially lead to code execution, won't it? -- MST