On Thu, Aug 28, 2025, Binbin Wu wrote: > > Note #2, relying on guest firmware to handle this scenario, e.g. by setting > > virtual MTRRs and then consuming them in Linux, is not a viable option, as > > the virtual MTRR state is managed by the untrusted hypervisor, and because > > OVMF at least has stopped programming virtual MTRRs when running as a TDX > > guest. > > Not sure if it needs to mention that with this option, Linux kernel will set > CR0.CD=1 when programming MTRRs, which will trigger unexpected #VE in TDX guest. I don't think it's worth bringing up, because that is a very solvable problem, and orthogonal to the issues with using the untrusted hypervisor to store/track the virtual MTRR values.
