Implement SNP DOWNLOAD_FIRMWARE_EX support

[RFC v1 0/6] Implement SNP DOWNLOAD_FIRMWARE_EX support

Tycho Andersen posted 6 patches 1 month, 2 weeks ago

Download series mbox

drivers/crypto/ccp/sev-dev.c | 416 +++++++++++++++++++++++++++++++----
drivers/crypto/ccp/sev-dev.h |   3 +
include/linux/psp-sev.h      |  20 ++
3 files changed, 393 insertions(+), 46 deletions(-)

Expand all Fold all

[RFC v1 0/6] Implement SNP DOWNLOAD_FIRMWARE_EX support

Posted by Tycho Andersen 1 month, 2 weeks ago

From: "Tycho Andersen (AMD)" <tycho@kernel.org>

Here is an implementation of the SEV-SNP firmware's DOWNLOAD_FIRMWARE_EX
command. The core difference between this and the previous implementation
https://lore.kernel.org/lkml/20241112232253.3379178-7-dionnaglaze@google.com/
is that it relies on the SEV firmware's state (WORKING) to indicate that there
are legacy VMs running instead of tracking things explicitly via ASID.

There is a race condition in slide 18 of
https://pretalx.com/media/kvm-forum-2025/submissions/TAMRR8/resources/SEV_FW_Hotl_zfT5e9Y.pdf
which this series does not address, I am still trying to understand what the
best way to fix that is.

Also note that patch 1 is a duplicate of
https://lore.kernel.org/all/20260416232329.3408497-2-seanjc@google.com/
so it can be dropped when that is applied.

Thanks,

Tycho

Tycho Andersen (AMD) (6):
  crypto/ccp: Hoist kernel part of SNP_PLATFORM_STATUS
  crypto/ccp: Allow snp_get_platform_data() after SNP init
  crypto/ccp: Add DOWNLOAD_FIRMWARE_EX message struct
  crypto/ccp: Reclaim command buffer when the PSP dies
  crypto/ccp: Register with fw_uploader and always fail
  crypto/ccp: Implement SNP firmware live update

 drivers/crypto/ccp/sev-dev.c | 416 +++++++++++++++++++++++++++++++----
 drivers/crypto/ccp/sev-dev.h |   3 +
 include/linux/psp-sev.h      |  20 ++
 3 files changed, 393 insertions(+), 46 deletions(-)


base-commit: 254f49634ee16a731174d2ae34bc50bd5f45e731
-- 
2.54.0