Re: [PATCH v6 02/29] OvmfPkg: reserve CPUID page for SEV-SNP

Brijesh Singh

Hi Gerd,

On 9/2/21 3:04 AM, Gerd Hoffmann wrote:
On Wed, Sep 01, 2021 at 11:16:19AM -0500, Brijesh Singh wrote:

Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can potentially lead to a security issue. The SEV-SNP
firmware provides a feature to filter the CPUID results through the PSP.
The filtered CPUID values are saved on a special page for the guest to
consume. Reserve a page in MEMFD that will contain the results of
filtered CPUID values.
Is the format of the page documented somewhere?
Yes, it is documented in the SEV-SNP spec [1] section 7.1 and the checks
performed by the SEV-SNP firmware are documented in the PPR [2] section I will document these link in the commit message.



Is this snp-specific? Or could this also be used without snp?
This is SNP specific format and cannot be used without SNP.



Join to automatically receive all group messages.