Re: [PATCH v4 20/31] i386/sev: Add support for SNP CPUID validation

2024-07-03 Thread Paolo Bonzini
On Thu, Jul 4, 2024 at 6:10 AM Xiaoyao Li wrote: > > So there are specific ranges that are checked, mainly ones where there > > is potential for guests to misbehave if they are being lied to. But > > hypervisor-ranges are paravirtual in a sense so there's no assumptions > > being made about what t

Re: [PATCH v4 20/31] i386/sev: Add support for SNP CPUID validation

2024-07-03 Thread Xiaoyao Li
On 7/4/2024 8:34 AM, Michael Roth wrote: On Tue, Jul 02, 2024 at 11:07:18AM +0800, Xiaoyao Li wrote: On 5/30/2024 7:16 PM, Pankaj Gupta wrote: From: Michael Roth SEV-SNP firmware allows a special guest page to be populated with a table of guest CPUID values so that they can be validated throu

Re: [PATCH v4 20/31] i386/sev: Add support for SNP CPUID validation

2024-07-03 Thread Michael Roth
On Tue, Jul 02, 2024 at 11:07:18AM +0800, Xiaoyao Li wrote: > On 5/30/2024 7:16 PM, Pankaj Gupta wrote: > > From: Michael Roth > > > > SEV-SNP firmware allows a special guest page to be populated with a > > table of guest CPUID values so that they can be validated through > > firmware before bein

Re: [PATCH v4 20/31] i386/sev: Add support for SNP CPUID validation

2024-07-01 Thread Xiaoyao Li
On 5/30/2024 7:16 PM, Pankaj Gupta wrote: From: Michael Roth SEV-SNP firmware allows a special guest page to be populated with a table of guest CPUID values so that they can be validated through firmware before being loaded into encrypted guest memory where they can be used in place of hypervis

[PATCH v4 20/31] i386/sev: Add support for SNP CPUID validation

2024-05-30 Thread Pankaj Gupta
From: Michael Roth SEV-SNP firmware allows a special guest page to be populated with a table of guest CPUID values so that they can be validated through firmware before being loaded into encrypted guest memory where they can be used in place of hypervisor-provided values[1]. As part of SEV-SNP g