On Fri, Sep 02, 2022 at 03:26:35PM +0000, Sean Christopherson wrote: > On Fri, Sep 02, 2022, Gerd Hoffmann wrote: > > > > Hmm, ok, but shouldn't the SEPT_VE bit *really* controlled by the guest > > then? > > > > Having a hypervisor-controlled config bit to protect against a malicious > > hypervisor looks pointless to me ... > > IIRC, all (most?) of the attributes are included in the attestation report, > so a > guest/customer can refuse to provision secrets to the guest if the hypervisor > is > misbehaving.
Good. I think we sorted all issues then. Acked-by: Gerd Hoffmann <kra...@redhat.com> take care, Gerd
