Hypercall to let the VTL0 or VTL1 to retrieve its VMPCK so that it can communicate with the PSP#3408
Open
sunilmut wants to merge 2 commits intomicrosoft:mainfrom
Open
Hypercall to let the VTL0 or VTL1 to retrieve its VMPCK so that it can communicate with the PSP#3408sunilmut wants to merge 2 commits intomicrosoft:mainfrom
sunilmut wants to merge 2 commits intomicrosoft:mainfrom
Conversation
|
This PR modifies files containing For more on why we check whole files, instead of just diffs, check out the Rustonomicon |
sunilmut
commented
Apr 30, 2026
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Contributor
There was a problem hiding this comment.
Pull request overview
Implements a new Hyper-V hypercall for lower VTL guests (VTL0/VTL1) to retrieve their SEV-SNP VMPCK so they can communicate directly with the PSP, and centralizes some host CPUID feature detection for OpenHCL.
Changes:
- Added
HvCallGetSnpVmpckhypercall definition + output struct inhvdefand dispatch plumbing inhv1_hypercall. - Extracted/stored VMPCKs from the SNP secrets page at partition init and exposed them via a new Underhill hypercall handler.
- Introduced
openhcl_cpuid_featurescrate and plumbed cached CPUID features from worker startup intoHcl.
Reviewed changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| vm/x86/x86defs/src/snp.rs | Adds SNP secrets-page VMPCK offsets/size constants. |
| vm/hv1/hvdef/src/lib.rs | Extends enlightenment bitfield flags; adds hypercall code + VMPCK output type/size constant. |
| vm/hv1/hv1_hypercall/src/imp.rs | Adds hypercall type alias + handler trait for HvGetSnpVmpck. |
| openhcl/virt_mshv_vtl/src/processor/snp/mod.rs | Caches VMPCK keys from secrets page and implements the new hypercall handler. |
| openhcl/virt_mshv_vtl/src/lib.rs | Plumbs cached CPUID features into Hcl::new on x86_64 guest builds. |
| openhcl/virt_mshv_vtl/Cargo.toml | Adds dependency on openhcl_cpuid_features. |
| openhcl/underhill_core/src/worker.rs | Initializes CPUID feature snapshot once and reuses it for MMIO-hypercall + x2APIC decisions. |
| openhcl/underhill_core/Cargo.toml | Swaps direct CPUID deps for openhcl_cpuid_features. |
| openhcl/openhcl_cpuid_features/src/lib.rs | New crate centralizing a small set of host CPUID feature queries. |
| openhcl/openhcl_cpuid_features/Cargo.toml | New crate manifest with x86_64-only deps. |
| openhcl/hcl/src/ioctl.rs | Adds CPUID feature caching to Hcl and changes Hcl::new signature on x86_64 guest builds. |
| openhcl/hcl/Cargo.toml | Adds openhcl_cpuid_features dependency. |
| Cargo.toml | Registers openhcl_cpuid_features as a workspace member dependency. |
| Cargo.lock | Adds lock entries for the new crate and updated dependency graph. |
sunilmut
changed the title
sunilmut
commented
Apr 30, 2026
smalis-msft
reviewed
Apr 30, 2026
sunilmut
force-pushed
the
sunilmut/lower_vtl_vmpck
branch
from
5592161 to
115b8d3
Compare
mingweishih
approved these changes
May 8, 2026
sunilmut
force-pushed
the
sunilmut/lower_vtl_vmpck
branch
from
115b8d3 to
9d4917a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implement the hypercall that allows the VTL0 or VTL1 retrieve the VM Platform Communication Key (VMPCK) for its own VTL, so that it can directly communicate with the PSP. The VMPCK is used to encrypt/decrypt the communication with the PSP.