| Message ID | cover.1733785468.git.ashish.kalra@amd.com |
|---|---|
| Headers | show |
| Series | Move initializing SEV/SNP functionality to KVM | expand |
> > static int _sev_platform_init_locked(struct sev_platform_init_args *args) > @@ -1329,8 +1342,7 @@ static int _sev_platform_init_locked(struct sev_platform_init_args *args) > * Don't abort the probe if SNP INIT failed, > * continue to initialize the legacy SEV firmware. > */ > - dev_err(sev->dev, "SEV-SNP: failed to INIT rc %d, error %#x\n", > - rc, args->error); > + dev_info(sev->dev, "SEV-SNP: failed, continue to INIT SEV firmware\n"); You don't necessarily continue to INIT SEV if args->probe && !psp_init_on_probe, so this may be misleading. > } > > /* Defer legacy SEV/SEV-ES support if allowed by caller/module. */ > -- > 2.34.1 >
On 12/9/24 17:25, Ashish Kalra wrote: > From: Ashish Kalra <ashish.kalra@amd.com> > > When SEV-SNP is enabled the TMR needs to be 2MB aligned and 2MB sized, > ensure that TMR size is reset back to default when SNP is shutdown. I think a bit more info here about why this is (now) needed would be good. Thanks, Tom > > Signed-off-by: Ashish Kalra <ashish.kalra@amd.com> > --- > drivers/crypto/ccp/sev-dev.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c > index d8673d8836f1..bc121ad9ec26 100644 > --- a/drivers/crypto/ccp/sev-dev.c > +++ b/drivers/crypto/ccp/sev-dev.c > @@ -1750,6 +1750,9 @@ static int __sev_snp_shutdown_locked(int *error, bool panic) > sev->snp_initialized = false; > dev_dbg(sev->dev, "SEV-SNP firmware shutdown\n"); > > + /* Reset TMR size back to default */ > + sev_es_tmr_size = SEV_TMR_SIZE; > + > return ret; > } >
From: Ashish Kalra <ashish.kalra@amd.com> Remove initializing SEV/SNP functionality from PSP driver and instead add support to KVM to explicitly initialize the PSP if KVM wants to use SEV/SNP functionality. This removes SEV/SNP initialization at PSP module probe time and does on-demand SEV/SNP initialization when KVM really wants to use SEV/SNP functionality. This will allow running legacy non-confidential VMs without initializating SEV functionality. This will assist in adding SNP CipherTextHiding support and SEV firmware hotloading support in KVM without sharing SEV ASID management and SNP guest context support between PSP driver and KVM and keeping all that support only in KVM. Ashish Kalra (7): crypto: ccp: Move dev_info/err messages for SEV/SNP initialization crypto: ccp: Fix implicit SEV/SNP init and shutdown in ioctls crypto: ccp: Reset TMR size at SNP Shutdown crypto: ccp: Register SNP panic notifier only if SNP is enabled crypto: ccp: Add new SEV/SNP platform shutdown API KVM: SVM: Add support to initialize SEV/SNP functionality in KVM crypto: ccp: Move SEV/SNP Platform initialization to KVM arch/x86/kvm/svm/sev.c | 11 ++ drivers/crypto/ccp/sev-dev.c | 227 ++++++++++++++++++++++++++--------- include/linux/psp-sev.h | 3 + 3 files changed, 187 insertions(+), 54 deletions(-)