Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE

Next message: Tomer Maimon: "[PATCH v6 0/4] arm64: dts: nuvoton: add NPCM845 SoC and EVB support"
Previous message: Abhijit Gangurde: "[for-next v3 1/3] net: ionic: Fetch RCQ sign bit from firmware"
In reply to: Sean Christopherson: "Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE"
Next in thread: Sean Christopherson: "Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jörg Rödel

Date: Wed Jun 17 2026 - 09:31:36 EST

On Wed, Jun 17, 2026 at 06:00:39AM -0700, Sean Christopherson wrote:
> On Wed, Jun 17, 2026, Jörg Rödel wrote:
> > With the current code KVM will create its own VMSA for each created VCPU and
> > measure it into the guests initial image. This makes predicting the initial
> > launch measurement difficult (as it depends on KVM internals) and fragile because
> > KVM-internal changes always carry a risk to change the launch measurement
>
> The same holds true for userspace.

Right, but if user-space breaks the launch measurement it must be a problem in
the IGVM loader, as the IGVM-file contains all necessary state from which the
launch measurement can be derived, including the initial VMSA for the BSP.

> > (which has happened a couple of times already).
>
> Examples? The SEV features thing jumps to mind, but I don't recall any others
> off the top of my head.

I was referring to KVM-induced changes to SEV features, but thought this
happened more than once?

-Joerg