From: Tycho Andersen <tycho@kernel.org>
To: "Pratik R. Sampat" <prsampat@amd.com>
Cc: ashish.kalra@amd.com, thomas.lendacky@amd.com,
john.allen@amd.com, herbert@gondor.apana.org.au,
davem@davemloft.net, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, aik@amd.com, nikunj@amd.com,
michael.roth@amd.com
Subject: Re: [RFC v2] crypto/ccp: Introduce SNP_VERIFY_MITIGATION command
Date: Mon, 11 May 2026 08:25:50 -0600 [thread overview]
Message-ID: <agHl3ow90IdKTS72@tycho.pizza> (raw)
In-Reply-To: <673592c4-8eca-4b84-9f60-7020327d1afd@amd.com>
On Fri, May 08, 2026 at 05:10:52PM -0400, Pratik R. Sampat wrote:
> Hi Tycho,
>
> Missed this one in my mailbox. Thanks for the review!
>
> On 5/4/26 10:32 AM, Tycho Andersen wrote:
> > On Fri, May 01, 2026 at 11:20:51AM -0400, Pratik R. Sampat wrote:
> >> - failed_status (read-only): firmware-reported failure status from the
> >> last operation, as returned alongside the status vectors
> >
> > "from the last operation" is not quite right here, it looks like it
> > re-runs the STATUS command and reports that error?
>
> That is correct. It runs the STATUS command and reports the status of the
> verification operation. Probably better to phrase it as the "last verification
> operation" instead?
Hmm, I'm not sure what you mean here. The FW spec 1.58 table 132 says:
Command to request the firmware to return information regarding the
currently supported (available) mitigations, and then the verified
(processed and completed) mitigations. If DST_PADDR_EN is set,
DST_PADDR will be populated with the SNP_VERIFY_MITIGATION_DST_PADDR
structure.
so I don't think it has anything to do with the last VERIFY operation?
The spec is a bit messy here, though. Table 131 mentions a
MIT_REQ_CHECK operation, which I assume should really be _STATUS. It
describes what the output VECTOR should be for VERIFY in table 131,
but not what it is for STATUS. Table 132 suggests the output VECTOR is
the list of supported mitigations, which matches what I was seeing
when I played with this.
Tycho
next prev parent reply other threads:[~2026-05-11 14:25 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260501152051.17469-1-prsampat@amd.com>
2026-05-04 14:32 ` [RFC v2] crypto/ccp: Introduce SNP_VERIFY_MITIGATION command Tycho Andersen
2026-05-08 21:10 ` Pratik R. Sampat
2026-05-11 14:25 ` Tycho Andersen [this message]
2026-05-11 16:21 ` Pratik R. Sampat
2026-05-11 16:52 ` Tycho Andersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=agHl3ow90IdKTS72@tycho.pizza \
--to=tycho@kernel.org \
--cc=aik@amd.com \
--cc=ashish.kalra@amd.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=john.allen@amd.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=nikunj@amd.com \
--cc=prsampat@amd.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox