On Wed, Jan 25, 2023 at 12:44:13PM +0100, Ard Biesheuvel wrote:

On Wed, 25 Jan 2023 at 10:18, Gerd Hoffmann <kraxel@...> wrote:

On Wed, Jan 25, 2023 at 10:01:47AM +0100, Ard Biesheuvel wrote:

Exactly. And my Fedora kernel has those bits enabled by default.

So I suppose the way forward here is to expose this protocol only on
OVMF builds that target SEV-SNP, instead of introducing it as a
generic CoCo feature.

OVMF builds already adapt at runtime, so this needs to be a runtime
check too. But IIRC the module already checks whenever SNP-SEV or TDX
is active before installing, so we only need to tweak that check to drop
the TDX check.

Sure. But Dionna's series introduces a new CocoDxe driver that is
intended to carry shared logic, but we should probably add this stuff
to AmdSevDxe instead.

OvmfPkgX64.dsc can run in SEV/TDX modes too, so it is needed there as
well. We can probably leave it out from IntelTdx (assuming Intel's
upstream merge plans work out as expected and tdx-guest + unaccepted
memory actually land in the same kernel release).