Hi This is a complex question and we need to set to separate out what needs to be supported from Platform firmware (like TF-A, TF-RMM) and what the RMM spec supports for Realms. I will skip device hot plug support for now as Devices Assignment is not supported in RMMv1.0.
Platform firmware support for CPU and memory hotplug needs to be present and one of several way to implement this support in TF-A and RMM today is to overcommit the MAX_CPU_COUNT and RMM_MAX_GRANULES to cover any additional CPU and memory which may get added in future. We have some plans to add dynamic support for CPU and memory hotplug in TF-RMM additions in future.
For the rest of the answer, I assume that platform firmware does support CPU and memory hotplug.
On the matter of CPUs, the Realms VMs only deal with RECs (equivalent of vCPUs). The REC can be scheduled to run on any CPU including those which are hotplugged later after Realm VM is ACTIVE. The RMM spec today does not allow additional RECs to be added to the Realm VM once the Realm is ACTIVE. On the memory side, RMI_DATA_CREATE_UNKNOWN can be called to add memory to ACTIVE realms. See "Add memory to Active Realm flow" in the RMM spec.
Best Regards Soby Mathew
-----Original Message----- From: wuweinan@huawei.com wuweinan@huawei.com Sent: Wednesday, July 24, 2024 3:20 AM To: tf-rmm@lists.trustedfirmware.org Subject: [tf-rmm] Does the confidential virtual machine support hot-plug for CPU, memory, and devices?
Cloud vendors hope that cloud servers have hot-plug capabilities for CPU, memory, and devices. In confidential virtual machine scenarios, the measurement values will change after hot-plug , and rmi_data_create needs to be called to dynamically update the device tree information. Please consult CCA's plan for the hot-plug capability , and under the security model of confidential virtual machines, should the hot-plug capability of confidential virtual machines be supported? _______________________________________________ tf-rmm mailing list -- tf-rmm@lists.trustedfirmware.org To unsubscribe send an email to tf-rmm-leave@lists.trustedfirmware.org