On Fri, Aug 25, 2023 at 01:52:57PM +0100, Daniel P. Berrangé wrote:
> The SEV-ES boot measurement includes the initial CPU register state
> (VMSA) and one of the fields includes the CPU identification. When
> building a VMSA blob we get the CPU family/model/stepping from the
> host capabilities, however, the VMSA must reflect the guest CPU not
> host CPU. Thus using host capabilities is only when whe the guest
> has the 'host-passthrough' CPU mode active. With 'host-model' it is
> cannot be assumed host and guest match, because QEMU may not (yet)
> have a named CPU model for a given host CPU.
>
> Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
> ---
> tools/virt-qemu-sev-validate | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate
> index 209f19a4a8..c279741004 100755
> --- a/tools/virt-qemu-sev-validate
> +++ b/tools/virt-qemu-sev-validate
> @@ -1054,6 +1054,11 @@ class LibvirtConfidentialVM(ConfidentialVM):
> raise InsecureUsageException(
> "Using CPU SKU from capabilities is not secure")
>
> + mode = doc.xpath("/domain/cpu/@mode")
> + if mode != "host-passthrough":
> + raise UnsupportedUsageException(
> + "Using CPU family/model/stepping from host not possible unless 'host-passthrough' is used")
> +
> sig = capsdoc.xpath("/capabilities/host/cpu/signature")
> if len(sig) != 1:
> raise UnsupportedUsageException(
> --
> 2.41.0
>
Reviewed-by: Erik Skultety <eskultet@xxxxxxxxxx>
