On 28/03/2024 14:41, Borislav Petkov wrote: > On Thu, Mar 28, 2024 at 12:51:17PM +0100, Jeremi Piotrowski wrote: >> Shouldn't this line be inside the cpu_has(c, X86_FEATURE_SEV_SNP) check? > > The cc_vendor is not dependent on X86_FEATURE_SEV_SNP. > It's not but if you set it before the check it will be set for all AMD systems, even if they are neither CC hosts nor CC guests. cc_vendor being unset is handled correctly in cc_platform_has() checks. >> How about turning this into a more specific check: >> >> if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP) && > > Why? > To leave open the possibility of an SNP hypervisor running nested. > The check is "am I running as a hypervisor on baremetal". > I thought you wanted to filter out SEV-SNP guests, which also have X86_FEATURE_SEV_SNP CPUID bit set. My understanding is that these are the cases: CPUID(SEV_SNP) | MSR(SEV_SNP) | what am I --------------------------------------------- set | set | SNP-guest set | unset | SNP-host unset | ?? | not SNP
