On 5/30/2024 7:16 PM, Pankaj Gupta wrote:
From: Michael Roth <michael.roth@xxxxxxx>
SEV-SNP firmware allows a special guest page to be populated with a
table of guest CPUID values so that they can be validated through
firmware before being loaded into encrypted guest memory where they can
be used in place of hypervisor-provided values[1].
As part of SEV-SNP guest initialization, use this interface to validate
the CPUID entries reported by KVM_GET_CPUID2 prior to initial guest
start and populate the CPUID page reserved by OVMF with the resulting
encrypted data.
How is KVM CPUIDs (leaf 0x40000001) validated?
I suppose not all KVM_FEATURE_XXX are supported for SNP guest. And SNP
firmware doesn't validate such CPUID range. So how does them get validated?
[1] SEV SNP Firmware ABI Specification, Rev. 0.8, 8.13.2.6
