From c519e3924d23a45d34c89e661f0da5420c70cfc0 Mon Sep 17 00:00:00 2001
From: Jon Lange <jlange@microsoft.com>
Date: Tue, 2 Jan 2024 04:50:23 -0800
Subject: [PATCH] Enable restricted injection when running from IGVM

Signed-off-by: Jon Lange <jlange@microsoft.com>
---
 igvmbld/igvmbld.c | 2 +-
 igvmbld/sev-snp.h | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/igvmbld/igvmbld.c b/igvmbld/igvmbld.c
index a96de1e09..990d5e7bd 100644
--- a/igvmbld/igvmbld.c
+++ b/igvmbld/igvmbld.c
@@ -357,7 +357,7 @@ void generate_initial_vmsa(SEV_VMSA *vmsa)
     vmsa->rip = 0x10000;
     vmsa->rsp = vmsa->rip - sizeof(Stage2Stack);
 
-    vmsa->sev_features = SevFeature_Snp;
+    vmsa->sev_features = SevFeature_Snp | SevFeature_RestrictInj;
 }
 
 void setup_igvm_platform_header(void)
diff --git a/igvmbld/sev-snp.h b/igvmbld/sev-snp.h
index 639cd5a1f..604f9a1ce 100644
--- a/igvmbld/sev-snp.h
+++ b/igvmbld/sev-snp.h
@@ -77,3 +77,4 @@ enum {
 };
 
 #define SevFeature_Snp          0x0001
+#define SevFeature_RestrictInj	0x0008