Re: [PATCH v3 2/7] crypto/ccp: export firmware supported vm types

[Herbert Xu]

On Thu, Apr 16, 2026 at 04:23:24PM -0700, Sean Christopherson wrote:
> From: Tycho Andersen <tycho@xxxxxxxxxx>
> 
> In some configurations, the firmware does not support all VM types. The SEV
> firmware has an entry in the TCB_VERSION structure referred to as the
> Security Version Number in the SEV-SNP firmware specification and referred
> to as the "SPL" in SEV firmware release notes. The SEV firmware release
> notes say:
> 
>     On every SEV firmware release where a security mitigation has been
>     added, the SNP SPL gets increased by 1. This is to let users know that
>     it is important to update to this version.
> 
> The SEV firmware release that fixed CVE-2025-48514 by disabling SEV-ES
> support on vulnerable platforms has this SVN increased to reflect the fix.
> The SVN is platform-specific, as is the structure of TCB_VERSION.
> 
> Check CURRENT_TCB instead of REPORTED_TCB, since the firmware behaves with
> the CURRENT_TCB SVN level and will reject SEV-ES VMs accordingly.
> 
> Parse the SVN, and mask off the SEV_ES supported VM type from the list of
> supported types if it is above the per-platform threshold for the relevant
> platforms.
> 
> Signed-off-by: Tycho Andersen (AMD) <tycho@xxxxxxxxxx>
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
> ---
>  drivers/crypto/ccp/sev-dev.c | 70 ++++++++++++++++++++++++++++++++++++
>  include/linux/psp-sev.h      | 37 +++++++++++++++++++
>  2 files changed, 107 insertions(+)

Acked-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Thanks,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt