On 10/9/24 02:28, Nikunj A Dadhania wrote: > Secure TSC allows guests to securely use RDTSC/RDTSCP instructions as the > parameters being used cannot be changed by hypervisor once the guest is > launched. More details in the AMD64 APM Vol 2, Section "Secure TSC". > > In order to enable secure TSC, SEV-SNP guests need to send a TSC_INFO guest > message before the APs are booted. Superficially, this seems kinda silly. If you ask someone, do you want more security or less, they usually say "more". Why do guests need to turn this on instead of just always having a secure TSC? There must be _some_ compromise, either backward compatibility or performance or...
