Sagi Shahar wrote:
From: Ackerley Tng ackerleytng@google.com
TDX protected memory needs to be measured and encrypted before it can be used by the guest. Traverse the VM's memory regions and initialize all the protected ranges by calling KVM_TDX_INIT_MEM_REGION.
Once all the memory is initialized, the VM can be finalized by calling KVM_TDX_FINALIZE_VM.
Signed-off-by: Ackerley Tng ackerleytng@google.com Co-developed-by: Erdem Aktas erdemaktas@google.com Signed-off-by: Erdem Aktas erdemaktas@google.com Co-developed-by: Sagi Shahar sagis@google.com Signed-off-by: Sagi Shahar sagis@google.com
.../selftests/kvm/include/x86/tdx/tdx_util.h | 2 + .../selftests/kvm/lib/x86/tdx/tdx_util.c | 58 +++++++++++++++++++ 2 files changed, 60 insertions(+)
diff --git a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h index a2509959c7ce..2467b6c35557 100644 --- a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h +++ b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h @@ -71,4 +71,6 @@ void vm_tdx_load_common_boot_parameters(struct kvm_vm *vm); void vm_tdx_load_vcpu_boot_parameters(struct kvm_vm *vm, struct kvm_vcpu *vcpu); void vm_tdx_set_vcpu_entry_point(struct kvm_vcpu *vcpu, void *guest_code); +void vm_tdx_finalize(struct kvm_vm *vm);
FWIW this is not what I was expecting to see based on the previous discussion. Knowing that this call is needed later I'm inclined to let it go but generally it would have been better to separate out this call when/if the follow on tests require it; rather than defining this call here without context.
That said:
Reviewed-by: Ira Weiny ira.weiny@intel.com
[snip]