Re: [PATCH v5] crypto/ccp: Introduce SNP_VERIFY_MITIGATION command

From: Herbert Xu

Date: Sun Jul 05 2026 - 04:33:22 EST


On Mon, Jun 15, 2026 at 03:23:15PM +0000, Pratik R. Sampat wrote:
> The SEV-SNP firmware provides the SNP_VERIFY_MITIGATION command, which
> can be used to query the status of currently supported vulnerability
> mitigations and to initiate mitigations within the firmware.
>
> This command is an explicit mechanism to ascertain if a firmware
> mitigation is applied without needing a full RMP re-build, which is most
> useful in a live firmware update scenario.
>
> The firmware supports two subcommands: STATUS and VERIFY. The STATUS
> subcommand is used to query the supported and verified mitigation bits.
> The VERIFY subcommand initiates the mitigation process within the FW for
> the specified vulnerability. Expose a userspace interface under:
> /sys/firmware/sev/vulnerabilities/
> - supported_mitigations (read-only): supported mitigation vector mask
> - verified_mitigations (read/write): current verified mask; write a
> vector to request VERIFY for that bit
>
> The behavior of SNP_VERIFY_MITIGATION and the pre-requisites for using
> it are bug-specific. Information about supported mitigations and its
> corresponding vector is to be published as part of the AMD Security
> Bulletin.
>
> See SEV-SNP Firmware ABI specifications 1.58, SNP_VERIFY_MITIGATION for
> more details.
>
> Reviewed-by: Tycho Andersen (AMD) <tycho@xxxxxxxxxx>
> Reviewed-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
> Signed-off-by: Pratik R. Sampat <prsampat@xxxxxxx>
> ---
> v5:
> * Collect Reviewed-by Tags
> * Check for multiple bits set in the mitigation vector - Tom
> * Add CONFG_SYSFS option to #else and #endif - Tom
> * Minor whitespace and grammer fixes - Tom
> * Return -EINVAL instead of -EIO for mitigation failure bit set
> reporting - Tycho
>
> v4: https://lore.kernel.org/linux-crypto/4957b07dbb4029a4c59bb3cf35f068c36284aa48.1780693665.git.prsampat@xxxxxxx/
> * Split interface definitions in documentation - Kernel Test Bot
> * Wrap snp_verify_mitigation() under #ifdef CONFIG_SYSFS - Tom
> * Remove check for snp initialized and feature info active for
> registering mitigigation interface - Tom
> * Since init vs init races should not be possible anymore[1], remove the
> sysfs mutex guard as sysfs' own synchornization suffices - Tom, Tycho
> * Dropping the reviewed-by since the patch has changed in a meaningful
> way
>
> v3: https://lore.kernel.org/linux-crypto/a043a82c-f3dd-4f29-86fb-60638eaddc9b@xxxxxxx/
> * Remove failed_status interface and report failure via dev_err - Tycho
> * Make vulnerability interfaces root only accessible - Sashiko
> * Move /sys/firmware/vulnerabilities/ to
> /sys/firmware/sev/vulnerabilities/ to be platform specific - Sashiko
> * Guard sysfs creation under a new mutex to avoid racing during
> creation and using the sev_cmd_mutex which would race with
> vulnerability operations - Sashiko
>
> [1]: https://lore.kernel.org/all/20260504165147.1615643-5-tycho@xxxxxxxxxx/
>
> Patch based on cryptodev-2.6
> ---
> .../sysfs-firmware-sev-vulnerabilities | 19 ++
> drivers/crypto/ccp/sev-dev.c | 177 ++++++++++++++++++
> drivers/crypto/ccp/sev-dev.h | 3 +
> include/linux/psp-sev.h | 51 +++++
> 4 files changed, 250 insertions(+)
> create mode 100644 Documentation/ABI/testing/sysfs-firmware-sev-vulnerabilities

Patch applied. Thanks.
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt