Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE

Next message: Lee Jones: "[GIT PULL] LEDs for v7.2"
Previous message: Malte Wechter: "Re: [PATCH v3] rust: add procedural macro for declaring configfs attributes"
In reply to: James Bottomley: "Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE"
Next in thread: James Bottomley: "Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jörg Rödel

Date: Wed Jun 17 2026 - 09:29:35 EST

Hi James,

On Wed, Jun 17, 2026 at 09:18:14AM -0400, James Bottomley wrote:
> That's true for the launch measure, but you do have a vTPM inside the
> SVSM which you could use to measure an updated GHCB if we could decide
> on a PCR to use (and a logging specification).

I guess you mean an updated VMSA? The guest-created VMSAs are trusted because
they are created by trusted code from within the TEE. There is no need to
runtime-measure their content, no?

-Joerg