On Wed, Feb 8, 2023 at 12:49 PM Dov Murik <dovmu...@linux.ibm.com> wrote: > Even if the DTB itself doesn't change and the Guest Owner could somehow add > it to the expected cmdline to calculate the hash, the current implementation > adds both the SetupData entry and the dtb itself to the cmdline. The > SetupData > entry contains pointers which may be harder to predict (even though currently > I assume that .next=0 and the rest are known, so it should be possible (but > ugly)).
No, setup_data isn't even hooked up under SEV. That part is skipped already.