This series aims to allow more flexibility in specifying SEV-SNP policy
bits by improving discoverability of supported policy bits from userspace
and enabling support for newer policy bits.

- The first patch consolidates the policy definitions into a single header
  file.

- The second patch adds a CCP driver API to return the supported policy
  bits. Policy bit support is dependent on the version of SEV firmware.

- The third patch adds a new KVM_X86_GRP_SEV attribute group,
  KVM_X86_SNP_POLICY_BITS, that can be used to return the supported
  SEV-SNP policy bits. The initial support for this attribute will use
  the new CCP driver API to return the firmware supported policy bits
  ANDed with the KVM supported policy bits.

- The fourth patch expands the number of policy bits that KVM supports.

The series is based off of:
  git://git.kernel.org/pub/scm/virt/kvm/kvm.git master

---

Changes for v4:
  - Swizzle the patch order in order to preserve ABI.
  - Use the new CCP API from the start for the KVM_X86_SNP_POLICY_BITS
    attribute.

Changes for v3:
  - Remove RFC tag.

Changes for v2:
  - Marked the KVM supported policy bits as read-only after init.

Tom Lendacky (4):
  KVM: SEV: Consolidate the SEV policy bits in a single header file
  crypto: ccp - Add an API to return the supported SEV-SNP policy bits
  KVM: SEV: Publish supported SEV-SNP policy bits
  KVM: SEV: Add known supported SEV-SNP policy bits

 arch/x86/include/uapi/asm/kvm.h |  1 +
 arch/x86/kvm/svm/sev.c          | 45 ++++++++++++++++++++-------------
 arch/x86/kvm/svm/svm.h          |  3 ---
 drivers/crypto/ccp/sev-dev.c    | 37 +++++++++++++++++++++++++++
 include/linux/psp-sev.h         | 39 ++++++++++++++++++++++++++++
 5 files changed, 105 insertions(+), 20 deletions(-)


base-commit: 4361f5aa8bfcecbab3fc8db987482b9e08115a6a
-- 
2.51.1

On Mon, 27 Oct 2025 14:33:48 -0500, Tom Lendacky wrote:
> This series aims to allow more flexibility in specifying SEV-SNP policy
> bits by improving discoverability of supported policy bits from userspace
> and enabling support for newer policy bits.
> 
> - The first patch consolidates the policy definitions into a single header
>   file.
> 
> [...]

Applied to kvm-x86 svm, thanks!

[1/4] KVM: SEV: Consolidate the SEV policy bits in a single header file
      https://github.com/kvm-x86/linux/commit/ce62118a2e48
[2/4] crypto: ccp - Add an API to return the supported SEV-SNP policy bits
      https://github.com/kvm-x86/linux/commit/c9434e64e8b4
[3/4] KVM: SEV: Publish supported SEV-SNP policy bits
      https://github.com/kvm-x86/linux/commit/7a61d61396b9
[4/4] KVM: SEV: Add known supported SEV-SNP policy bits
      https://github.com/kvm-x86/linux/commit/275d6d1189e6

--
https://github.com/kvm-x86/linux/tree/next

On Mon, Oct 27, 2025, Tom Lendacky wrote:
> This series aims to allow more flexibility in specifying SEV-SNP policy
> bits by improving discoverability of supported policy bits from userspace
> and enabling support for newer policy bits.

...

> Tom Lendacky (4):
>   KVM: SEV: Consolidate the SEV policy bits in a single header file
>   crypto: ccp - Add an API to return the supported SEV-SNP policy bits
>   KVM: SEV: Publish supported SEV-SNP policy bits
>   KVM: SEV: Add known supported SEV-SNP policy bits
> 
>  arch/x86/include/uapi/asm/kvm.h |  1 +
>  arch/x86/kvm/svm/sev.c          | 45 ++++++++++++++++++++-------------
>  arch/x86/kvm/svm/svm.h          |  3 ---
>  drivers/crypto/ccp/sev-dev.c    | 37 +++++++++++++++++++++++++++
>  include/linux/psp-sev.h         | 39 ++++++++++++++++++++++++++++
>  5 files changed, 105 insertions(+), 20 deletions(-)

Looks good overall, just the one minor nit.  Given that this adds new KVM uAPI,
and the CCP changes are fairly minor in the grand scheme, my preference would be
to take the entire series through kvm-x86 (with Acks as appropriate).