From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=ID2a=PJ=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7F273C433FE
	for <linux-mm@archiver.kernel.org>; Thu, 21 Oct 2021 14:51:06 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 41E8861251
	for <linux-mm@archiver.kernel.org>; Thu, 21 Oct 2021 14:51:06 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 41E8861251
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=alien8.de
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id C76306B006C; Thu, 21 Oct 2021 10:51:05 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id C25DE900002; Thu, 21 Oct 2021 10:51:05 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id AED666B0073; Thu, 21 Oct 2021 10:51:05 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0192.hostedemail.com [216.40.44.192])
	by kanga.kvack.org (Postfix) with ESMTP id 9A0116B006C
	for <linux-mm@kvack.org>; Thu, 21 Oct 2021 10:51:05 -0400 (EDT)
Received: from smtpin14.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 4852F25711
	for <linux-mm@kvack.org>; Thu, 21 Oct 2021 14:51:05 +0000 (UTC)
X-FDA: 78720732090.14.9EFDB72
Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197])
	by imf28.hostedemail.com (Postfix) with ESMTP id AD58990000B6
	for <linux-mm@kvack.org>; Thu, 21 Oct 2021 14:51:04 +0000 (UTC)
Received: from zn.tnic (p200300ec2f1912003b8abe7004197216.dip0.t-ipconnect.de [IPv6:2003:ec:2f19:1200:3b8a:be70:419:7216])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 7B24D1EC0445;
	Thu, 21 Oct 2021 16:51:03 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim;
	t=1634827863;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:in-reply-to:in-reply-to:  references:references;
	bh=mKv+mW+eWPilpLli84rOJtENzeDW72xonp+g0aJny1g=;
	b=EKa2uK43z8y8RLS1v6/4QDWWFpx+8GluX9zI+Lg880TYbNrjZym5GPV5qbh3949HE1GpNN
	ty/fQ5oOEQe56ViPLe7zFfZ+h4nLKlbpo2orS3Ze2tkOHmU6vLmR9KeGplW8T9xeJYMCDs
	7vdI1K0/Jr0WOUGX9rsaiCwk8vY7Qj8=
Date: Thu, 21 Oct 2021 16:51:06 +0200
From: Borislav Petkov <bp@alien8.de>
To: Michael Roth <michael.roth@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>, x86@kernel.org,
	linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
	linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org,
	linux-coco@lists.linux.dev, linux-mm@kvack.org,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	"H. Peter Anvin" <hpa@zytor.com>, Ard Biesheuvel <ardb@kernel.org>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Sean Christopherson <seanjc@google.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Jim Mattson <jmattson@google.com>,
	Andy Lutomirski <luto@kernel.org>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>,
	David Rientjes <rientjes@google.com>,
	Dov Murik <dovmurik@linux.ibm.com>,
	Tobin Feldman-Fitzthum <tobin@ibm.com>,
	Vlastimil Babka <vbabka@suse.cz>,
	"Kirill A . Shutemov" <kirill@shutemov.name>,
	Andi Kleen <ak@linux.intel.com>,
	"Dr . David Alan Gilbert" <dgilbert@redhat.com>,
	tony.luck@intel.com, marcorr@google.com,
	sathyanarayanan.kuppuswamy@linux.intel.com
Subject: Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features
 within #VC handler
Message-ID: <YXF+WjMHW/dd0Wb6@zn.tnic>
References: <20211008180453.462291-1-brijesh.singh@amd.com>
 <20211008180453.462291-9-brijesh.singh@amd.com>
 <YW2EsxcqBucuyoal@zn.tnic>
 <20211018184003.3ob2uxcpd2rpee3s@amd.com>
 <YW3IdfMs61191qnU@zn.tnic>
 <20211020161023.hzbj53ehmzjrt4xd@amd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20211020161023.hzbj53ehmzjrt4xd@amd.com>
X-Rspamd-Server: rspam02
X-Rspamd-Queue-Id: AD58990000B6
X-Stat-Signature: pwi4e5yk3ej19c6xwok8kxkryofp3ecs
Authentication-Results: imf28.hostedemail.com;
	dkim=pass header.d=alien8.de header.s=dkim header.b=EKa2uK43;
	dmarc=pass (policy=none) header.from=alien8.de;
	spf=pass (imf28.hostedemail.com: domain of bp@alien8.de designates 5.9.137.197 as permitted sender) smtp.mailfrom=bp@alien8.de
X-HE-Tag: 1634827864-981503
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Wed, Oct 20, 2021 at 11:10:23AM -0500, Michael Roth wrote:
> The CPUID calls in snp_cpuid_init() weren't added specifically to induce
> the #VC-based SEV MSR read, they were added only because I thought the
> gist of your earlier suggestions were to do more validation against the
> CPUID table advertised by EFI

Well, if EFI is providing us with the CPUID table, who verified it? The
attestation process? Is it signed with the AMD platform key?

Because if we can verify the firmware is ok, then we can trust the CPUID
page, right?

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette