| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240805164536.7eg74vpmeofnft2q@amd.com> Date: Mon, 5 Aug 2024 11:45:36 -0500 From: Michael Roth <michael.roth@....com> To: Paolo Bonzini <pbonzini@...hat.com> CC: <linux-kernel@...r.kernel.org>, <kvm@...r.kernel.org> Subject: Re: [PATCH] KVM: SEV: allow KVM_SEV_GET_ATTESTATION_REPORT for SNP guests On Mon, Aug 05, 2024 at 06:15:51PM +0200, Paolo Bonzini wrote: > On Mon, Aug 5, 2024 at 5:39 PM Michael Roth <michael.roth@....com> wrote: > > > (And is there any user of query-sev-attestation-report for > > > non-SNP?) > > > > No, this would have always returned error, either via KVM, or via > > firmware failure. > > I mean for *non-SNP*. If no one ever used it, we can deprecate the command. This would have been the main architectured way to fetch an attestation report from firmware for non-SNP cases, so I think it's likely being used to some degree. Libvirt itself does not seem to use it directly, however (opting for the less verbose query-sev-launch-measure), but it seems likely there would be SEV deployments that do. libvirt might find other bits like policy/major/minor/etc. to be redundant since it also controls the guest config, but maybe 3rd party tools prefer to known those values as provided by firmware so they can ensure they match expected values. -Mike > > Paolo >
Powered by blists - more mailing lists