To mirror SEV-ES VMs the mirror VM needs to call LAUNCH_UPDATE_VMSA before the original VM runs LAUNCH_FINISH. This allows the mirror's vCPUs to be encrypted into the SEV-ES guests context and measured into the launch digest. Peter Gonda (2): KVM: SEV: Update svm_vm_copy_asid_from for SEV-ES KVM: SEV: Allow launch vmsa from mirror VM arch/x86/kvm/svm/sev.c | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) Cc: Marc Orr <marcorr@xxxxxxxxxx> Cc: Nathan Tempelman <natet@xxxxxxxxxx> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx> Cc: Sean Christopherson <seanjc@xxxxxxxxxx> Cc: Steve Rutherford <srutherford@xxxxxxxxxx> Cc: Brijesh Singh <brijesh.singh@xxxxxxx> Cc: kvm@xxxxxxxxxxxxxxx Cc: linux-kernel@xxxxxxxxxxxxxxx -- 2.33.0.464.g1972c5931b-goog
