Skip to content

Commit

Permalink
SVSM: require SNP restricted injection
Browse files Browse the repository at this point in the history 
To maintain security of the SVSM, require that Restricted Injection is
present in the SEV features in order to boot.

Signed-off-by: Jon Lange <[email protected]>
  • Loading branch information
@msft-jlange
msft-jlange committed Oct 24, 2024
1 parent b2dc667 commit e869c83
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions kernel/src/sev/status.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,10 +163,12 @@ pub fn sev_restricted_injection() -> bool {
}

pub fn sev_status_verify() {
let required = SEVStatusFlags::SEV | SEVStatusFlags::SEV_ES | SEVStatusFlags::SEV_SNP;
let required = SEVStatusFlags::SEV
| SEVStatusFlags::SEV_ES
| SEVStatusFlags::SEV_SNP
| SEVStatusFlags::REST_INJ;
let supported = SEVStatusFlags::DBGSWP
| SEVStatusFlags::VTOM
| SEVStatusFlags::REST_INJ
| SEVStatusFlags::PREV_HOST_IBS
| SEVStatusFlags::BTB_ISOLATION
| SEVStatusFlags::SMT_PROT;
Expand Down

0 comments on commit e869c83

Please sign in to comment.