On Mon, Sep 14, 2020 at 03:15:39PM -0500, Tom Lendacky wrote: > From: Tom Lendacky <thomas.lendacky@xxxxxxx> > > Since many of the registers used by the SEV-ES are encrypted and cannot > be read or written, adjust the __get_sregs() / __set_sregs() to only get > or set the registers being tracked (efer, cr0, cr4 and cr8) once the VMSA > is encrypted. Is there an actual use case for writing said registers after the VMSA is encrypted? Assuming there's a separate "debug mode" and live migration has special logic, can KVM simply reject the ioctl() if guest state is protected?
