On Wed, Oct 20, 2021 at 11:10:23AM -0500, Michael Roth wrote: > The CPUID calls in snp_cpuid_init() weren't added specifically to induce > the #VC-based SEV MSR read, they were added only because I thought the > gist of your earlier suggestions were to do more validation against the > CPUID table advertised by EFI Well, if EFI is providing us with the CPUID table, who verified it? The attestation process? Is it signed with the AMD platform key? Because if we can verify the firmware is ok, then we can trust the CPUID page, right? -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette