> On Apr 23, 2025, at 9:54 AM, Adrian-Ken Rueegsegger <ken@xxxxxxxxxxx> wrote: > > !-------------------------------------------------------------------| > CAUTION: External Email > > |-------------------------------------------------------------------! > > Hi, > > On 3/13/25 21:36, Jon Kohler wrote: > > [snip] > >> The semantics for EPT violation qualifications also change when MBEC >> is enabled, with bit 5 reflecting supervisor/kernel mode execute >> permissions and bit 6 reflecting user mode execute permissions. >> This ultimately serves to expose this feature to the L1 hypervisor, >> which consumes MBEC and informs the L2 partitions not to use the >> software MBEC by removing bit 14 in 0x40000004 EAX [4]. > > Should this say bit 13 of 0x40000004.EAX? According to the referenced docs [4]: > > Bit 13: "Recommend using INT for MBEC system calls." > > Bit 14: "Recommend a nested hypervisor using the enlightened VMCS interface. Also indicates that additional nested enlightenments may be available (see leaf 0x4000000A)." > > Regards, > Adrian Yes, you are correct, I’ll fix on the next go-around, thanks for pointing that out
