qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v3 26/49] i386/sev: Skip machine-init-done notifiers for SNP

From: Michael Roth
Subject: [PATCH v3 26/49] i386/sev: Skip machine-init-done notifiers for SNP
Date: Wed, 20 Mar 2024 03:39:22 -0500 
The machine done notify event is used for SEV guests to get the
measurement of the encrypted images. When SEV-SNP is enabled, the
measurement is part of the guest attestation process where it can be
collected without any reliance on the VMM. So skip registering the
notifier for SNP in favor of using guest attestation instead.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 target/i386/sev.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 774262d834..e4deb7b41e 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -989,9 +989,17 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, 
Error **errp)
          * own internal mechanisms for registering/pinning private memory.
          */
         ram_block_notifier_add(&sev_ram_notifier);
+
+        /*
+         * The machine done notify event is used for SEV guests to get the
+         * measurement of the encrypted images. When SEV-SNP is enabled, the
+         * measurement is part of the guest attestation process where it can
+         * be collected without any reliance on the VMM. So skip registering
+         * the notifier for SNP in favor of using guest attestation instead.
+         */
+        qemu_add_machine_init_done_notifier(&sev_machine_done_notify);
     }
 
-    qemu_add_machine_init_done_notifier(&sev_machine_done_notify);
     qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common);
 
     cgs->ready = true;
-- 
2.25.1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]