On Fri, 2026-05-15 at 12:19 -0700, Sean Christopherson wrote: > When registering a TSC frequency calibration routine, sanity check that > the incoming routine is as robust as the outgoing routine, and reject the > incoming routine if the sanity check fails. > > Because native calibration routines only mark the TSC frequency as known > and reliable when they actually run, the effective progression of > capabilities is: None (native) => Known and maybe Reliable (PV) => > Known and Reliable (CoCo). Violating that progression for a PV override > is relatively benign, but messing up the progression when CoCo is > involved is more problematic, as it likely means a trusted source of > information (hardware/firmware) is being discarded in favor of a less > trusted source (hypervisor). > > Signed-off-by: Sean Christopherson <[email protected]>
Reviewed-by: David Woodhouse <[email protected]>
smime.p7s
Description: S/MIME cryptographic signature
