diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate
index 209f19a4a8..c279741004 100755
--- a/tools/virt-qemu-sev-validate
+++ b/tools/virt-qemu-sev-validate
@@ -1054,6 +1054,11 @@ class LibvirtConfidentialVM(ConfidentialVM):
                 raise InsecureUsageException(
                     "Using CPU SKU from capabilities is not secure")
 
+            mode = doc.xpath("/domain/cpu/@mode")
+            if mode != "host-passthrough":
+                raise UnsupportedUsageException(
+                    "Using CPU family/model/stepping from host not possible unless 'host-passthrough' is used")
+
             sig = capsdoc.xpath("/capabilities/host/cpu/signature")
             if len(sig) != 1:
                 raise UnsupportedUsageException(