On Mon, Feb 03, 2025, Pratik R. Sampat wrote:
If the platform initialization sev_platform_init() fails, SEV cannot be set up and a secure VM cannot be spawned. Therefore, in this case, ensure that KVM does not set up, nor advertise support for SEV, SEV-ES, and SEV-SNP.
Suggested-by: Nikunj A Dadhania nikunj@amd.com Tested-by: Srikanth Aithal sraithal@amd.com Signed-off-by: Pratik R. Sampat prsampat@amd.com
v5..v6:
- Rename is_sev_platform_init to sev_fw_initialized (Nikunj)
- Collected tags from Srikanth.
arch/x86/kvm/svm/sev.c | 2 +- drivers/crypto/ccp/sev-dev.c | 10 ++++++++++ include/linux/psp-sev.h | 3 +++ 3 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index b709c2f0945c..42d1309f8a54 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2957,7 +2957,7 @@ void __init sev_hardware_setup(void) bool sev_es_supported = false; bool sev_supported = false;
- if (!sev_enabled || !npt_enabled || !nrips)
- if (!sev_fw_initialized() || !sev_enabled || !npt_enabled || !nrips) goto out;
Me thinks this wasn't tested with KVM_AMD built-in[1]. I'm pretty sure Ashish's fix[2] solves all of this?
[1] https://lore.kernel.org/all/d6d08c6b-9602-4f3d-92c2-8db6d50a1b92@amd.com [2] https://lore.kernel.org/all/f78ddb64087df27e7bcb1ae0ab53f55aa0804fab.1739226...