On Tue, Jan 18, 2022 at 08:37:30AM -0600, Michael Roth wrote: > Actually, no, because doing that would provide hypervisor a means to > effectively disable CPUID page for an SNP guest by provided a table with > count == 0, which needs to be guarded against. Err, I'm confused. Isn't that "SEV-SNP guests will be provided the location of special 'secrets' 'CPUID' pages via the Confidential Computing blob..." and the HV has no say in there? Why does the HV provide the CPUID page? And when I read "secrets page" I think, encrypted/signed and given directly to the guest, past the HV which cannot even touch it. Hmmm. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette