I guess it could be helpful for the discussion when you can outine the
'big picture' for tdx initialization. How does kvm accel setup look
like without TDX, and what additional actions are needed for TDX? What
ordering requirements and other constrains exist?
To boot a TDX VM, it requires several changes/additional steps in the flow:
1. specify the vm type KVM_X86_TDX_VM when creating VM with
IOCTL(KVM_CREATE_VM);
- When initializing KVM accel
2. initialize VM scope configuration before creating any VCPU;
3. initialize VCPU scope configuration;
- done inside machine_init_done_notifier;
4. initialize virtual firmware in guest private memory before vcpu running;
- done inside machine_init_done_notifier;
5. finalize the TD's measurement;
- done inside machine init_done_notifier;
And we are discussing where to do step 2).
We can find from the code of tdx_pre_create_vcpu(), that it needs
cpuid entries[] and attributes as input to KVM.
cpuid entries[] is set up by kvm_x86_arch_cpuid() mainly based on
'CPUX86State *env'
attributes.pks is retrieved from env->features[]
and attributes.pmu is retrieved from x86cpu->enable_pmu
to make VM-socpe data is consistent with VCPU data, we do choose the point
late enough to ensure all the info/configurations from VCPU are settle down,
that just before calling KVM API to do VCPU-scope configuration.