Re: [PATCH 1/2] x86/microcode/AMD: Load late on both threads too

From: Borislav Petkov
Date: Thu Aug 17 2023 - 11:41:35 EST

Next message: Rob Herring: "Re: [PATCH v3 09/11] dt-bindings: PCI: Add StarFive JH7110 PCIe controller"
Previous message: Rob Herring: "Re: [PATCH v3 01/11] dt-bindings: PCI: Add PLDA XpressRICH PCIe host common properties"
In reply to: Jim Mattson: "Re: [PATCH 1/2] x86/microcode/AMD: Load late on both threads too"
Next in thread: Peter Shier: "Re: [PATCH 1/2] x86/microcode/AMD: Load late on both threads too"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 16, 2023 at 03:37:20PM -0700, Jim Mattson wrote:
> SEV-SNP is supposed to protect the guest from a malicious host. A
> malicious host may not load the microcode update on both threads. As a
> result, it gives me some concern when I see something like this
> (https://lore.kernel.org/lkml/20230808190239.131508-1-john.allen@xxxxxxx/):

All I can say is that if this is needed for a SEV/SNP-relevant fix, the
attestation flow will be adjusted to handle this properly.

> I had assumed that the SEV-SNP microcode revision attestation was for
> all logical processors on the host. Are you saying that it is not?

The attestation flow is fine as it takes into account the lowest
microcode revision across all cores in the system. So it doesn't matter
for SNP which core has been applied successfully or which one hasn't.

HTH.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Rob Herring: "Re: [PATCH v3 09/11] dt-bindings: PCI: Add StarFive JH7110 PCIe controller"
Previous message: Rob Herring: "Re: [PATCH v3 01/11] dt-bindings: PCI: Add PLDA XpressRICH PCIe host common properties"
In reply to: Jim Mattson: "Re: [PATCH 1/2] x86/microcode/AMD: Load late on both threads too"
Next in thread: Peter Shier: "Re: [PATCH 1/2] x86/microcode/AMD: Load late on both threads too"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]