qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 20/31] i386/sev: Add support for SNP CPUID validation

From: Xiaoyao Li
Subject: Re: [PATCH v4 20/31] i386/sev: Add support for SNP CPUID validation
Date: Tue, 2 Jul 2024 11:07:18 +0800
User-agent: Mozilla Thunderbird 
On 5/30/2024 7:16 PM, Pankaj Gupta wrote:

From: Michael Roth <michael.roth@amd.com>

SEV-SNP firmware allows a special guest page to be populated with a
table of guest CPUID values so that they can be validated through
firmware before being loaded into encrypted guest memory where they can
be used in place of hypervisor-provided values[1].

As part of SEV-SNP guest initialization, use this interface to validate
the CPUID entries reported by KVM_GET_CPUID2 prior to initial guest
start and populate the CPUID page reserved by OVMF with the resulting
encrypted data.


How is KVM CPUIDs (leaf 0x40000001) validated?
I suppose not all KVM_FEATURE_XXX are supported for SNP guest. And SNP firmware doesn't validate such CPUID range. So how does them get validated? 


[1] SEV SNP Firmware ABI Specification, Rev. 0.8, 8.13.2.6
reply via email to
[Prev in Thread] Current Thread [Next in Thread]