From: "Tycho Andersen (AMD)" <[email protected]> Recent SEV firmware [1] does not support SEV-ES VMs when SNP is enabled. Sean suggested [2] adding an API so that userspace can check for this condition, so do that. Also introduce and use SNP_VERIFY_MITIGATION to determine whether it is present or not.
[1]: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3023.html [2]: https://lore.kernel.org/all/[email protected]/ Tycho Andersen (AMD) (5): kvm/sev: don't expose unusable VM types crypto/ccp: introduce SNP_VERIFY_MITIGATION crypto/ccp: export firmware supported vm types kvm/sev: mask off firmware unsupported vm types selftests/kvm: teach sev_*_test about revoking VM types arch/x86/kvm/svm/sev.c | 16 +++- drivers/crypto/ccp/sev-dev.c | 84 +++++++++++++++++++ include/linux/psp-sev.h | 56 +++++++++++++ .../selftests/kvm/x86/sev_init2_tests.c | 14 ++-- .../selftests/kvm/x86/sev_migrate_tests.c | 2 +- .../selftests/kvm/x86/sev_smoke_test.c | 4 +- 6 files changed, 162 insertions(+), 14 deletions(-) base-commit: 11439c4635edd669ae435eec308f4ab8a0804808 -- 2.53.0
