On Thu, Jul 22, 2021 at 10:31:27AM -0700, Marc Orr wrote: > IMHO, we need to be completely certain that guest data cannot be > compromised if we're going to remove the requirement that guest memory > only be validated once in a certain state (e.g., from within a crash > kernel). Perhaps it is the case that we're certain that guest data > cannot be compromised from within a crash kernel -- but it's not what > I read in the email exchange. Right, at least SNP has a strict requirement that no memory could be validated or invalidated twice without giving up security guarantees for that memory. Regards, Jörg
