On Tue, Mar 16, 2021 at 12:51:20PM +0200, Maxim Levitsky wrote: > I agree but what is wrong with that? > This is a debug feature, and it only can be enabled by the root, > and so someone might actually want this case to happen > (e.g to see if a SEV guest can cope with extra #VC exceptions). That doesn't make sense, we know that and SEV-ES guest can't cope with extra #VC exceptions, so there is no point in testing this. It is more a way to shot oneself into the foot for the user and a potential source of bug reports for SEV-ES guests. > I have nothing against not allowing this for SEV-ES guests though. > What do you think? I think SEV-ES guests should only have the intercept bits set which guests acutally support. Regards, Joerg
