On Tue, Jan 18, 2022 at 05:34:49PM +0100, Borislav Petkov wrote: > On Tue, Jan 18, 2022 at 08:37:30AM -0600, Michael Roth wrote: > > Actually, no, because doing that would provide hypervisor a means to > > effectively disable CPUID page for an SNP guest by provided a table with > > count == 0, which needs to be guarded against. > > Err, I'm confused. > > Isn't that "SEV-SNP guests will be provided the location of special > 'secrets' 'CPUID' pages via the Confidential Computing blob..." and the > HV has no say in there? > > Why does the HV provide the CPUID page? The HV fills out the initial contents of the CPUID page, which includes the count. SNP/PSP firmware will validate the contents the HV tries to put in the initial page, but does not currently enforce that the 'count' field is non-zero. So we can't rely on the 'count' field as an indicator of whether or not the CPUID page is active, we need to rely on the presence of the ccblob as the true indicator, then treat a non-zero 'count' field as an invalid state. I think we discussed this to some extent in the past. The following document was added to clarify the security model for CPUID page: https://lore.kernel.org/lkml/20211210154332.11526-29-brijesh.singh@xxxxxxx/ > > And when I read "secrets page" I think, encrypted/signed and given > directly to the guest, past the HV which cannot even touch it. The CPUID page is also encrypted, but its initial contents come from the HV, which are then passed through the PSP for initial validation before being placed in the CPUID page. But the count==0 case is not disallowed by the PSP firmware, so can't be relied upon as a means to indicate that the CPUID page is not active. > > Hmmm. > > -- > Regards/Gruss, > Boris. > > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpeople.kernel.org%2Ftglx%2Fnotes-about-netiquette&data=04%7C01%7Cmichael.roth%40amd.com%7C9e8f64f998744605658608d9daa073ee%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637781205020570217%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=26Fkw4FJ9jOLVRW7SMs6IWYyaY5gO8iUfdm3x4HDaJk%3D&reserved=0