Re: [PATCH Part2 v6 17/49] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command
From: Dionna Amalie Glaze <hidden>
Date: 2022-08-08 23:25:46
Also in:
kvm, linux-crypto, linux-mm, lkml
From: Dionna Amalie Glaze <hidden>
Date: 2022-08-08 23:25:46
Also in:
kvm, linux-crypto, linux-mm, lkml
Would it be burden to supply all the certificates, both system and per-VM, in this KVM call? On the SNP Extended Guest Request, the hypervisor could just check if there is a per-VM blob and return that or else return the system-wide blob (if present).
I think that's fine by me. We can use SNP_GET_EXT_CONFIG, merge in user space, and create an instance override with a KVM ioctl without touching ccp. -- -Dionna Glaze, PhD (she/her)