On Thu, Jun 05, 2025 at 11:25:29AM +0800, Xu Yilun wrote: > That's good point, thanks. S-EPT is controlled by TSM, but the fact is, > unlike RMP it needs too much help from VMM side, and now KVM is the > helper. I will continue to investigate if TDX TSM driver could opt in to > become another helper and how to coordinate with KVM. I think it would be quite a simplification if the iommufd operation would also cause the TSM to setup the secure MMIO directly from the pPCI device and remove hypervisor access to it. Then you don't need DMABUF to KVM at all. The create vPCI call would have to specify the base virtual addresses of all the BARs from userspace, which is probably OK as I suspose you also cannot disable or relocate the MMIO BAR while in T=1 mode. Jason
