Re: [PATCH v8 35/40] x86/sev: use firmware-validated CPUID for SEV-SNP guests
From: Borislav Petkov
Date: Wed Jan 26 2022 - 13:35:18 EST
On Fri, Dec 10, 2021 at 09:43:27AM -0600, Brijesh Singh wrote:
> From: Michael Roth <michael.roth@xxxxxxx>
>
> SEV-SNP guests will be provided the location of special 'secrets' and
> 'CPUID' pages via the Confidential Computing blob. This blob is
> provided to the run-time kernel either through bootparams field that
^
a
> was initialized by the boot/compressed kernel, or via a setup_data
> structure as defined by the Linux Boot Protocol.
>
> Locate the Confidential Computing from these sources and, if found,
^
blob
> use the provided CPUID page/table address to create a copy that the
> run-time kernel will use when servicing cpuid instructions via a #VC
^^^^^
Please capitalize all instruction mnemonics in text.
> +/*
> + * It is useful from an auditing/testing perspective to provide an easy way
> + * for the guest owner to know that the CPUID table has been initialized as
> + * expected, but that initialization happens too early in boot to print any
> + * sort of indicator, and there's not really any other good place to do it. So
> + * do it here, and while at it, go ahead and re-verify that nothing strange has
> + * happened between early boot and now.
> + */
> +static int __init snp_cpuid_check_status(void)
That function's redundant now, I believe, since we terminate the guest
if there's something wrong with the CPUID page.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette