tools: fix handling of CPU family/model/stepping in SEV validation

The SEV-ES boot measurement includes the initial CPU register state (VMSA) and one of the fields includes the CPU identification. When building a VMSA blob we get the CPU family/model/stepping from the host capabilities, however, the VMSA must reflect the guest CPU not host CPU. Thus using host capabilities is only when whe the guest has the 'host-passthrough' CPU mode active. With 'host-model' it is cannot be assumed host and guest match, because QEMU may not (yet) have a named CPU model for a given host CPU. Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-12-22 05:35:25 +00:00 · 2023-08-25 09:32:25 +01:00 · 2023-08-25 09:32:25 +01:00 · 6b95437c17
commit 6b95437c17
parent d40c6cad64
1 changed files with 5 additions and 0 deletions
--- a/tools/virt-qemu-sev-validate
+++ b/tools/virt-qemu-sev-validate
@ -1054,6 +1054,11 @@ class LibvirtConfidentialVM(ConfidentialVM):
                raise InsecureUsageException(
                    "Using CPU SKU from capabilities is not secure")

+            mode = doc.xpath("/domain/cpu/@mode")
+            if mode != "host-passthrough":
+                raise UnsupportedUsageException(
+                    "Using CPU family/model/stepping from host not possible unless 'host-passthrough' is used")
+
            sig = capsdoc.xpath("/capabilities/host/cpu/signature")
            if len(sig) != 1:
                raise UnsupportedUsageException(