On Fri, Aug 25, 2023 at 13:52:57 +0100, Daniel P. Berrangé wrote:
The SEV-ES boot measurement includes the initial CPU register state (VMSA) and one of the fields includes the CPU identification. When building a VMSA blob we get the CPU family/model/stepping from the host capabilities, however, the VMSA must reflect the guest CPU not host CPU. Thus using host capabilities is only when whe the guest has the 'host-passthrough' CPU mode active. With 'host-model' it is cannot be assumed host and guest match, because QEMU may not (yet) have a named CPU model for a given host CPU.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- tools/virt-qemu-sev-validate | 5 +++++ 1 file changed, 5 insertions(+)
Reviewed-by: Peter Krempa <pkrempa@redhat.com>