On 03/01/23 01:12, Borislav Petkov wrote: > On Mon, Jan 02, 2023 at 08:50:23PM +0530, Nikunj A. Dadhania wrote: >> I think the "why" part depends on the user. Whether or not the user needs a >> certain feature enabled for the confidential guest. >> >> If the cloud provider(hypervisor) enables the feature on user request, the >> guest terminates with GHCB_SNP_FEAT_NOT_IMPLEMENTED when guest kernel does >> have corresponding code/implementation. > > I think you mean "does not have" here. Yes, that is correct. > > In any case, I think this whole handling of SEV features could go both ways: > > * Cloud provider could say: we've enabled features X, Y and Z and if the guest > doesn't have support for them, then it would fail booting. > > There would optimally be some text sowewhere in the cloud provider documentation > stating why those features are enabled and thus required to be supported by the > guest. > > * Guest owner could require a minimal subset of features which must be present > in the HV in order to even boot on that HV. > > Of course, I'm only speculating here. How it ends up really playing out in > reality we will have to see... >
