From 6b95437c175af9056413268502d20485f00c8cbe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Fri, 25 Aug 2023 09:32:25 +0100
Subject: [PATCH] tools: fix handling of CPU family/model/stepping in SEV
 validation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The SEV-ES boot measurement includes the initial CPU register state
(VMSA) and one of the fields includes the CPU identification. When
building a VMSA blob we get the CPU family/model/stepping from the
host capabilities, however, the VMSA must reflect the guest CPU not
host CPU. Thus using host capabilities is only when whe the guest
has the 'host-passthrough' CPU mode active. With 'host-model' it is
cannot be assumed host and guest match, because QEMU may not (yet)
have a named CPU model for a given host CPU.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 tools/virt-qemu-sev-validate | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate
index 209f19a4a8..c279741004 100755
--- a/tools/virt-qemu-sev-validate
+++ b/tools/virt-qemu-sev-validate
@@ -1054,6 +1054,11 @@ class LibvirtConfidentialVM(ConfidentialVM):
                 raise InsecureUsageException(
                     "Using CPU SKU from capabilities is not secure")
 
+            mode = doc.xpath("/domain/cpu/@mode")
+            if mode != "host-passthrough":
+                raise UnsupportedUsageException(
+                    "Using CPU family/model/stepping from host not possible unless 'host-passthrough' is used")
+
             sig = capsdoc.xpath("/capabilities/host/cpu/signature")
             if len(sig) != 1:
                 raise UnsupportedUsageException(