On Tue, 2025-06-10 at 09:50 -0700, Rick Edgecombe wrote: > Why do we need an opt-in interface instead of a way to expose which exit's are > supported by KVM? I would think the need for a TDVMCALL opt-in interface would > only come up if there was a bad guest that was making TDVMCALLs that it did not > see in GetTdVmCallInfo. So that we would actually require an opt-in is not > guaranteed. > > Another consideration could be how to handle GetQuote for an eventual TDVMCALL > opt-in interface, should it be needed. The problem would be GetQuote would be > opted in by default and make the interface weird. But we may not want to have a > TDVMCall specific opt-in interface. There could be other TDX behaviors that we > need to opt-in around. In which case the opt-in interface could be more generic, > and by implementing the TDVMCall opt-in interface ahead of time we would end up > with two opt-in interfaces instead of one. > > So how about just adding a field to struct kvm_tdx_capabilities to describe the > KVM TDVMcalls? Or some other place? But don't invent an opt-in interface > until/if we need it. Oh, and there already is a hypercall exit opt-in interface, so KVM_CAP_TDX_USER_EXIT_TDVMCALL would overlap with it, right?
