> On Fri, Sep 5, 2025 at 12:37 PM Dave Hansen <dave.hansen@intel.com> wrote: > > > > On 8/18/25 00:11, Elena Reshetova wrote: > > > Testing > > > ------- > > > > > > Tested on EMR machine using kernel 6.17.0_rc1 & sgx selftests. > > > Also tested on a Kaby Lake machine without EUPDATESVN support. > > > If Google folks in CC can test on their side, it would be greatly > > > appreciated. > > > > Yeah, lots of @google.com addresses on Cc, but there's a dearth of tags > > from those addresses. > > Apologies for the delay on this one, Elena. We will get back on this > early next week. Hi Vishal, Do you have an update on this? Best Regards, Elena.
Tested-by: Nataliia Bondarevska <bondarn@google.com> On Mon, Sep 29, 2025 at 12:18 AM Reshetova, Elena <elena.reshetova@intel.com> wrote: > > > > On Fri, Sep 5, 2025 at 12:37 PM Dave Hansen <dave.hansen@intel.com> wrote: > > > > > > On 8/18/25 00:11, Elena Reshetova wrote: > > > > Testing > > > > ------- > > > > > > > > Tested on EMR machine using kernel 6.17.0_rc1 & sgx selftests. > > > > Also tested on a Kaby Lake machine without EUPDATESVN support. > > > > If Google folks in CC can test on their side, it would be greatly > > > > appreciated. > > > > > > Yeah, lots of @google.com addresses on Cc, but there's a dearth of tags > > > from those addresses. > > > > Apologies for the delay on this one, Elena. We will get back on this > > early next week. > > Hi Vishal, > > Do you have an update on this? > > Best Regards, > Elena.
On 9/29/25 10:12, Nataliia Bondarevska wrote: > Tested-by: Nataliia Bondarevska <bondarn@google.com> First, thanks for testing this. But I'd really, really appreciate if these tags (top posted and without any context trimmed no less) came with at _least_ a few words about what was tested. All I've got now is tag from an email address I've never seen before which is (apparently) only used for sending Tested-by: tags for this feature and nothing else. Also, by "a dearth of tags", I really did mean *all* the tags: Tested-by, Reviewed-by, Acked-by. Could someone please spend a few minutes to explain what this tag means?
On Mon, Sep 29, 2025 at 10:35 AM Dave Hansen <dave.hansen@intel.com> wrote: > > On 9/29/25 10:12, Nataliia Bondarevska wrote: > > Tested-by: Nataliia Bondarevska <bondarn@google.com> > > First, thanks for testing this. > > But I'd really, really appreciate if these tags (top posted and without > any context trimmed no less) came with at _least_ a few words about what > was tested. All I've got now is tag from an email address I've never > seen before which is (apparently) only used for sending Tested-by: tags > for this feature and nothing else. > > Also, by "a dearth of tags", I really did mean *all* the tags: > Tested-by, Reviewed-by, Acked-by. > > Could someone please spend a few minutes to explain what this tag means? My apologies; I've clarified the details of the testing below. The verification was performed on a SPR machine. The objective was to confirm the successful, runtime update of the CPUSVN using a targeted microcode package. Steps Taken: - identified a microcode package version, designed to update CPUSVN number on the machine; - initiated a dynamic load of the package during OS runtime; - confirmed the CPUSVN was upgraded post-load.
On 9/29/25 13:33, Nataliia Bondarevska wrote: >> Could someone please spend a few minutes to explain what this tag means? > My apologies; I've clarified the details of the testing below. > > The verification was performed on a SPR machine. The objective was to > confirm the successful, runtime update of the CPUSVN using a targeted > microcode package. > Steps Taken: > - identified a microcode package version, designed to update CPUSVN > number on the machine; > - initiated a dynamic load of the package during OS runtime; > - confirmed the CPUSVN was upgraded post-load. OK, so you're basically saying it managed to update the SVN on real hardware. You also had to go run an enclave or at least open /dev/sgx, right? Also, does this tag mean, "I tested this in my company's environment and this ABI is sufficient for us until the end of time?" Because there was also some feedback on earlier work that this series as-is was going to be insufficient.
On Mon, Sep 29, 2025 at 1:50 PM Dave Hansen <dave.hansen@intel.com> wrote: > > On 9/29/25 13:33, Nataliia Bondarevska wrote: > >> Could someone please spend a few minutes to explain what this tag means? > > My apologies; I've clarified the details of the testing below. > > > > The verification was performed on a SPR machine. The objective was to > > confirm the successful, runtime update of the CPUSVN using a targeted > > microcode package. > > Steps Taken: > > - identified a microcode package version, designed to update CPUSVN > > number on the machine; > > - initiated a dynamic load of the package during OS runtime; > > - confirmed the CPUSVN was upgraded post-load. > > OK, so you're basically saying it managed to update the SVN on real > hardware. You also had to go run an enclave or at least open /dev/sgx, > right? > To confirm the CPUSVN update, I did run an enclave to retrieve the attestation report and compare cpusvn values generated before and after microcode load + the custom logs I incorporated into the sgx_update_svn execution helped me to confirm the expected logic. > Also, does this tag mean, "I tested this in my company's environment and > this ABI is sufficient for us until the end of time?" Because there was > also some feedback on earlier work that this series as-is was going to > be insufficient. The test was performed on a SPR machine using the kernel version deployed across Google's TDX production fleet. Yes, this ABI is sufficient enough for us.
© 2016 - 2025 Red Hat, Inc.