Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler

From: Borislav Petkov
Date: Thu Oct 21 2021 - 10:51:07 EST

Next message: Sean Christopherson: "Re: [PATCH 1/4] KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid()"
Previous message: Dan Li: "Re: [PATCH] [PATCH V5]ARM64: SCS: Add gcc plugin to support Shadow Call Stack"
In reply to: Michael Roth: "Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler"
Next in thread: Michael Roth: "Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 20, 2021 at 11:10:23AM -0500, Michael Roth wrote:
> The CPUID calls in snp_cpuid_init() weren't added specifically to induce
> the #VC-based SEV MSR read, they were added only because I thought the
> gist of your earlier suggestions were to do more validation against the
> CPUID table advertised by EFI

Well, if EFI is providing us with the CPUID table, who verified it? The
attestation process? Is it signed with the AMD platform key?

Because if we can verify the firmware is ok, then we can trust the CPUID
page, right?

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Sean Christopherson: "Re: [PATCH 1/4] KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid()"
Previous message: Dan Li: "Re: [PATCH] [PATCH V5]ARM64: SCS: Add gcc plugin to support Shadow Call Stack"
In reply to: Michael Roth: "Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler"
Next in thread: Michael Roth: "Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]