[RFC v1 0/6] Implement SNP DOWNLOAD_FIRMWARE_EX support

Next message: Hans Zhang: "[PATCH 08/16] PCI/CARDBUS: Use FIELD_MODIFY()"
Previous message: Hans Zhang: "[PATCH 09/16] PCI: al: Use FIELD_MODIFY()"
Next in thread: Tycho Andersen: "[RFC v1 2/6] crypto/ccp: Allow snp_get_platform_data() after SNP init"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tycho Andersen

Date: Thu Apr 30 2026 - 12:15:27 EST

From: "Tycho Andersen (AMD)" <tycho@xxxxxxxxxx>

Here is an implementation of the SEV-SNP firmware's DOWNLOAD_FIRMWARE_EX
command. The core difference between this and the previous implementation
https://lore.kernel.org/lkml/20241112232253.3379178-7-dionnaglaze@xxxxxxxxxx/
is that it relies on the SEV firmware's state (WORKING) to indicate that there
are legacy VMs running instead of tracking things explicitly via ASID.

There is a race condition in slide 18 of
https://pretalx.com/media/kvm-forum-2025/submissions/TAMRR8/resources/SEV_FW_Hotl_zfT5e9Y.pdf
which this series does not address, I am still trying to understand what the
best way to fix that is.

Also note that patch 1 is a duplicate of
https://lore.kernel.org/all/20260416232329.3408497-2-seanjc@xxxxxxxxxx/
so it can be dropped when that is applied.

Thanks,

Tycho

Tycho Andersen (AMD) (6):
crypto/ccp: Hoist kernel part of SNP_PLATFORM_STATUS
crypto/ccp: Allow snp_get_platform_data() after SNP init
crypto/ccp: Add DOWNLOAD_FIRMWARE_EX message struct
crypto/ccp: Reclaim command buffer when the PSP dies
crypto/ccp: Register with fw_uploader and always fail
crypto/ccp: Implement SNP firmware live update

drivers/crypto/ccp/sev-dev.c | 416 +++++++++++++++++++++++++++++++----
drivers/crypto/ccp/sev-dev.h | 3 +
include/linux/psp-sev.h | 20 ++
3 files changed, 393 insertions(+), 46 deletions(-)

base-commit: 254f49634ee16a731174d2ae34bc50bd5f45e731
--
2.54.0