Re: [PATCH v1 15/40] i386/tdx: Add property sept-ve-disable for tdx-gues

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v1 15/40] i386/tdx: Add property sept-ve-disable for tdx-gues

From:	Gerd Hoffmann
Subject:	Re: [PATCH v1 15/40] i386/tdx: Add property sept-ve-disable for tdx-guest object
Date:	Fri, 2 Sep 2022 18:52:51 +0200

On Fri, Sep 02, 2022 at 03:26:35PM +0000, Sean Christopherson wrote:
> On Fri, Sep 02, 2022, Gerd Hoffmann wrote:
> > 
> > Hmm, ok, but shouldn't the SEPT_VE bit *really* controlled by the guest 
> > then?
> > 
> > Having a hypervisor-controlled config bit to protect against a malicious
> > hypervisor looks pointless to me ...
> 
> IIRC, all (most?) of the attributes are included in the attestation report, 
> so a
> guest/customer can refuse to provision secrets to the guest if the hypervisor 
> is
> misbehaving.

Good.  I think we sorted all issues then.

Acked-by: Gerd Hoffmann <kraxel@redhat.com>

take care,
  Gerd

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v1 15/40] i386/tdx: Add property sept-ve-disable for tdx-guest object, Xiaoyao Li, 2022/09/01
- Re: [PATCH v1 15/40] i386/tdx: Add property sept-ve-disable for tdx-guest object, Sean Christopherson, 2022/09/01
  - Re: [PATCH v1 15/40] i386/tdx: Add property sept-ve-disable for tdx-guest object, Gerd Hoffmann, 2022/09/02
    - Re: [PATCH v1 15/40] i386/tdx: Add property sept-ve-disable for tdx-guest object, Sean Christopherson, 2022/09/02
    - Re: [PATCH v1 15/40] i386/tdx: Add property sept-ve-disable for tdx-guest object, Gerd Hoffmann <=

Prev by Date: [PATCH 8/8] meson-build: test-crypto-secret depends on CONFIG_SECRET_KEYRING
Next by Date: Re: [PATCH 0/8] tests: Make expliction defaults for tests
Previous by thread: Re: [PATCH v1 15/40] i386/tdx: Add property sept-ve-disable for tdx-guest object
Next by thread: [PATCH] RISC-V: Add support for Ztso
Index(es):
- Date
- Thread