Re: [RFC 06/16] KVM: selftests: add library for creating/interacting with SEV guests

[Tom Lendacky]

On 11/4/21 12:25 AM, Mingwei Zhang wrote:
> > > > +#define SEV_FW_REQ_VER_MAJOR   1
> > > > +#define SEV_FW_REQ_VER_MINOR   30
> > >
> > > Where does the requirement for this minimum version come from? Maybe
> > > add a comment?
> > >
> > > Edit: Is this for patches later on in the series that exercise SNP? If
> > > so, I think it would be better to add a check like this in the test
> > > itself, rather than globally. I happened to test this on a machine
> > > with a very old PSP FW, 0.22, and the SEV test added in patch #7 seems
> > > to work fine with this ancient PSP FW.
> >
> > Ah, yes, this was mostly for SNP support. I'll implement a separate minimum
> > version for SEV/SEV-ES.
>
> I want to ask the same thing, I tried to run the sev selftest today
> and I was blocked by this minimum version number... BTW: I suspect if
> I want to update the SEV firmware I have to update the BIOS myself?

The SEV firmware is updatable at module load time through the
DOWNLOAD_FIRMWARE command.

> So, it would be good to know what is the actual minimum for SEV.
>
> In addition, maybe that's side effect, I see a warning when building the kernel:
>
> "module ccp.ko requires firmware amd/amd_sev_fam19h_model0xh.sbin"

The firmware images reside (typically) in /lib/firmware/amd/. There is a
new version for fam19h that you can copy into that directory at:

https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd

or

https://developer.amd.com/sev/ under the Links & Downloads section (Note,
if retrieved from here you will/may need to rename the .sbin file to match
the name mentioned above).

> Maybe I need some hints from you? Or maybe it is just harmless. I did
> double checked and it looks like I was using either
> amd_sev_fam17h_model3xh.sbin or amd_sev_fam17h_model0xh.sbin

If you're on a fam19h machine, the fam17h builds won't be used.

Thanks,
Tom

> Thanks.
> -Mingwei