Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp700330pxb; Thu, 21 Oct 2021 07:53:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyxUBUnpGArx+YfzbWVwJ+Q16fi6YOw6renPrEVAS/s4IBzHa1G8urqCixAz/3C26Tv414H X-Received: by 2002:a05:6402:1914:: with SMTP id e20mr8311197edz.304.1634828038260; Thu, 21 Oct 2021 07:53:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634828038; cv=none; d=google.com; s=arc-20160816; b=GvP5Whak81QCAMA9BY33ObQR7yL00jZlMZvXi8S1Lnh4h39+0wxjh26ILdxI8AxlM0 hCvTnmSOhKp8k1SBOEsotuS3wp7S0KqeGEtREjzDD3OI2ZQVLxT4fK4OWpkM3l5uBTvQ qgIyiQfMyLU1v60MwMp0NcqMa5bSd9rXuqbQB6trkijNUEay/bqNSPTv/jNiJeJJ/pvl 3NWeEbDMfa0QoeaTIRZxF9vSPPAEaaqUrNMh3UGoYzdvOaDI1iJLkSD+rxJmj1j1lFkc Shs/qeP+F8NThDUXLPRIG9AJ1Qs8xr1s2HuwnZqdC8SDL4PR6My0BnQGbFtTTb2HJIYo E48w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=mKv+mW+eWPilpLli84rOJtENzeDW72xonp+g0aJny1g=; b=cu31HIlKGsAcFI2V44ncdeUjVILCXJg+hoAM4lVWmFnCz2mD02pMzma8/e/op8iN7a MIlZ1HKc/j7KqNBA1ctBqWnPzktftOsjpa0IhLdVewsX9BlRoItAOfF6gw7+thYZflGq D/f1HqoYjUvDx9XCssFoROcaPRX/dBiEu2UMMyZDrWvOwjdojqxeGJXe44ie4VtLZ93p o/X60vXxT3Rf/Qeo3zbvBau4Hddn/Rk/VTer7yARiRHc3YesUavEwKmX54QPqO0iZH3z Xt4kLgUI0EOUNvOUd6yP67tv7kZ8hrrtKN4w+WLUMgrDVqAarDmmJDJ+4dkks7TCAZc1 VimA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=EKa2uK43; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p4si8963084eju.288.2021.10.21.07.53.34; Thu, 21 Oct 2021 07:53:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=EKa2uK43; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231569AbhJUOxV (ORCPT + 99 others); Thu, 21 Oct 2021 10:53:21 -0400 Received: from mail.skyhub.de ([5.9.137.197]:58694 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230390AbhJUOxU (ORCPT ); Thu, 21 Oct 2021 10:53:20 -0400 Received: from zn.tnic (p200300ec2f1912003b8abe7004197216.dip0.t-ipconnect.de [IPv6:2003:ec:2f19:1200:3b8a:be70:419:7216]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 7B24D1EC0445; Thu, 21 Oct 2021 16:51:03 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1634827863; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=mKv+mW+eWPilpLli84rOJtENzeDW72xonp+g0aJny1g=; b=EKa2uK43z8y8RLS1v6/4QDWWFpx+8GluX9zI+Lg880TYbNrjZym5GPV5qbh3949HE1GpNN ty/fQ5oOEQe56ViPLe7zFfZ+h4nLKlbpo2orS3Ze2tkOHmU6vLmR9KeGplW8T9xeJYMCDs 7vdI1K0/Jr0WOUGX9rsaiCwk8vY7Qj8= Date: Thu, 21 Oct 2021 16:51:06 +0200 From: Borislav Petkov To: Michael Roth Cc: Brijesh Singh , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , "Dr . David Alan Gilbert" , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com Subject: Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler Message-ID: References: <20211008180453.462291-1-brijesh.singh@amd.com> <20211008180453.462291-9-brijesh.singh@amd.com> <20211018184003.3ob2uxcpd2rpee3s@amd.com> <20211020161023.hzbj53ehmzjrt4xd@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20211020161023.hzbj53ehmzjrt4xd@amd.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 20, 2021 at 11:10:23AM -0500, Michael Roth wrote: > The CPUID calls in snp_cpuid_init() weren't added specifically to induce > the #VC-based SEV MSR read, they were added only because I thought the > gist of your earlier suggestions were to do more validation against the > CPUID table advertised by EFI Well, if EFI is providing us with the CPUID table, who verified it? The attestation process? Is it signed with the AMD platform key? Because if we can verify the firmware is ok, then we can trust the CPUID page, right? -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette