Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE

Next message: Alexandru Elisei: "Re: [RFC PATCH] KVM: Ignore MMU notifiers for guest_memfd-only memslots"
Previous message: Guenter Roeck: "Re: [PATCH 3/7] hwmon: adm1275: Support ROHM BD12780"
In reply to: J&#xF6;rg R&#xF6;del: "Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE"
Next in thread: J&#xF6;rg R&#xF6;del: "Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: James Bottomley

Date: Wed Jun 17 2026 - 09:50:29 EST

On Wed, 2026-06-17 at 15:28 +0200, Jörg Rödel wrote:
> Hi James,
>
> On Wed, Jun 17, 2026 at 09:18:14AM -0400, James Bottomley wrote:
> > That's true for the launch measure, but you do have a vTPM inside
> > the SVSM which you could use to measure an updated GHCB if we could
> > decide on a PCR to use (and a logging specification).
>
> I guess you mean an updated VMSA? The guest-created VMSAs are trusted
> because they are created by trusted code from within the TEE. There
> is no need to runtime-measure their content, no?

Well if the guest policy is I don't care how many CPUs you give me then
certainly, yes. However, if the guest does care, they may want an
attestable record of it somewhere. Since clouds do charge somewhat
per-vCPU I can see this mattering to some tenants.

Regards,

James