From: Jarkko Sakkinen <jarkko@kernel.org>
To: Harald Hoyer <harald@profian.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Jarkko Sakkinen <jarkko@profian.com>,
Brijesh Singh <brijesh.singh@amd.com>,
John Allen <john.allen@amd.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
"open list:AMD CRYPTOGRAPHIC COPROCESSOR (CCP) DRIVER - SE..."
<linux-crypto@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] crypto: ccp: Load the firmware twice when SEV API version < 1.43
Date: Sat, 6 Aug 2022 21:15:16 +0300 [thread overview]
Message-ID: <Yu6vtDLOkwMOjb+v@kernel.org> (raw)
In-Reply-To: <de02389f-249d-f565-1136-4af3655fab2a@profian.com>
On Thu, Aug 04, 2022 at 03:37:20PM +0200, Harald Hoyer wrote:
> Am 04.08.22 um 15:13 schrieb Tom Lendacky:
> > On 8/3/22 20:02, Jarkko Sakkinen wrote:
> > > From: Jarkko Sakkinen <jarkko@profian.com>
> > >
> > > SEV-SNP does not initialize to a legit state, unless the firmware is
> > > loaded twice, when SEP API version < 1.43, and the firmware is updated
> > > to a later version. Because of this user space needs to work around
> > > this with "rmmod && modprobe" combo. Fix this by implementing the
> > > workaround to the driver.
> >
> > The SNP hypervisor patches are placing a minimum supported version
> > requirement for the SEV firmware that exceeds the specified version
> > above [1] (for the reason above, as well as some others), so this patch
> > is not needed, NAK.
>
> As described in the "Milan Release Notes.txt" of the AMD firmware update package amd_sev_fam19h_model0xh_1.33.03.zip.
>
> "If upgrading to 1.33.01 or later from something older (picking up
> CSF-1201), it is required that two Download Firmware commands be run to fix
> the "Committed Version" across the firmware. CSF-1201 fixed a bug where the
> committed version in the attestation report was incorrect. Performing a
> single Download Firmware will upgrade the firmware, but performing a second
> one will correct the committed version. This is a one-time upgrade issue.
> "
Reference should be part of the commit message. I'll
update for the next iteration. Thanks for the remark.
BR, Jarkko
next prev parent reply other threads:[~2022-08-06 18:15 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-04 1:02 [PATCH] crypto: ccp: Load the firmware twice when SEV API version < 1.43 Jarkko Sakkinen
2022-08-04 13:13 ` Tom Lendacky
2022-08-04 13:37 ` Harald Hoyer
2022-08-04 13:51 ` Tom Lendacky
2022-08-06 18:16 ` Jarkko Sakkinen
2022-08-06 18:15 ` Jarkko Sakkinen [this message]
2022-08-04 13:39 ` Jeremi Piotrowski
2022-08-04 14:59 ` Tom Lendacky
2022-08-06 18:17 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yu6vtDLOkwMOjb+v@kernel.org \
--to=jarkko@kernel.org \
--cc=brijesh.singh@amd.com \
--cc=davem@davemloft.net \
--cc=harald@profian.com \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@profian.com \
--cc=john.allen@amd.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.