lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 4 Nov 2021 08:44:09 -0500
From:   Tom Lendacky <thomas.lendacky@....com>
To:     Mingwei Zhang <mizhang@...gle.com>,
        Michael Roth <Michael.Roth@....com>
Cc:     Marc Orr <marcorr@...gle.com>, linux-kselftest@...r.kernel.org,
        kvm list <kvm@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>, x86 <x86@...nel.org>,
        Nathan Tempelman <natet@...gle.com>,
        Steve Rutherford <srutherford@...gle.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Brijesh Singh <brijesh.singh@....com>,
        Varad Gautam <varad.gautam@...e.com>,
        Shuah Khan <shuah@...nel.org>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        David Woodhouse <dwmw@...zon.co.uk>,
        Ricardo Koller <ricarkol@...gle.com>,
        Jim Mattson <jmattson@...gle.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Joerg Roedel <joro@...tes.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        "H . Peter Anvin" <hpa@...or.com>
Subject: Re: [RFC 06/16] KVM: selftests: add library for creating/interacting
 with SEV guests

On 11/4/21 12:25 AM, Mingwei Zhang wrote:
>>
>>>
>>>> +#define SEV_FW_REQ_VER_MAJOR   1
>>>> +#define SEV_FW_REQ_VER_MINOR   30
>>>
>>> Where does the requirement for this minimum version come from? Maybe
>>> add a comment?
>>>
>>> Edit: Is this for patches later on in the series that exercise SNP? If
>>> so, I think it would be better to add a check like this in the test
>>> itself, rather than globally. I happened to test this on a machine
>>> with a very old PSP FW, 0.22, and the SEV test added in patch #7 seems
>>> to work fine with this ancient PSP FW.
>>
>> Ah, yes, this was mostly for SNP support. I'll implement a separate minimum
>> version for SEV/SEV-ES.
>>
> 
> I want to ask the same thing, I tried to run the sev selftest today
> and I was blocked by this minimum version number... BTW: I suspect if
> I want to update the SEV firmware I have to update the BIOS myself?

The SEV firmware is updatable at module load time through the
DOWNLOAD_FIRMWARE command.

> So, it would be good to know what is the actual minimum for SEV.
> 
> In addition, maybe that's side effect, I see a warning when building the kernel:
> 
> "module ccp.ko requires firmware amd/amd_sev_fam19h_model0xh.sbin"

The firmware images reside (typically) in /lib/firmware/amd/. There is a
new version for fam19h that you can copy into that directory at:

https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd

or

https://developer.amd.com/sev/ under the Links & Downloads section (Note,
if retrieved from here you will/may need to rename the .sbin file to match
the name mentioned above).

> 
> Maybe I need some hints from you? Or maybe it is just harmless. I did
> double checked and it looks like I was using either
> amd_sev_fam17h_model3xh.sbin or amd_sev_fam17h_model0xh.sbin

If you're on a fam19h machine, the fam17h builds won't be used.

Thanks,
Tom

> 
> Thanks.
> -Mingwei
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ