Re: [PATCH v6 02/29] OvmfPkg: reserve CPUID page for SEV-SNP

Brijesh Singh

On 9/2/21 7:28 AM, Brijesh Singh wrote:
Hi Gerd,

On 9/2/21 3:04 AM, Gerd Hoffmann wrote:
On Wed, Sep 01, 2021 at 11:16:19AM -0500, Brijesh Singh wrote:

Platform features and capabilities are traditionally discovered via the
CPUID instruction. Hypervisors typically trap and emulate the CPUID
instruction for a variety of reasons. There are some cases where incorrect
CPUID information can potentially lead to a security issue. The SEV-SNP
firmware provides a feature to filter the CPUID results through the PSP.
The filtered CPUID values are saved on a special page for the guest to
consume. Reserve a page in MEMFD that will contain the results of
filtered CPUID values.
Is the format of the page documented somewhere?
Yes, it is documented in the SEV-SNP spec [1] section 7.1 and the checks
performed by the SEV-SNP firmware are documented in the PPR [2] section I will document these link in the commit message.



Is this snp-specific? Or could this also be used without snp?
This is SNP specific format and cannot be used without SNP.

I should clarify the statement, the format itself does not contain
anything  SNP specific. However, the CPUID page format is documented in
the SNP specific spec. Are you thinking about using it for non SEV guest
to avoid the VM exit ? If so, it should be very much possible. For that
we should define the format outside of SNP specific spec and make it a
generic so that guest and HV's can implement it consume it in the
non-SNP guest. 


Join to automatically receive all group messages.