Received: by 2002:ab3:5012:0:b0:1d7:b7fe:f8b7 with SMTP id y18csp3084788ltb; Tue, 9 Aug 2022 12:12:58 -0700 (PDT) X-Google-Smtp-Source: AA6agR6JKyskqljgN55rwGAvMqZUwXaboDAPBwVJbvi7Fw8dhFBST9h4wFRkgk/eibHLmNS46DnK X-Received: by 2002:a65:6944:0:b0:41b:4483:35cc with SMTP id w4-20020a656944000000b0041b448335ccmr21049332pgq.296.1660072378004; Tue, 09 Aug 2022 12:12:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660072377; cv=none; d=google.com; s=arc-20160816; b=AskE0nuHAvz91cUAJ3sg+CHC/EiejFggDdqmyMau6I2eKpm7Oeos9zMLMUdaM9eIq3 VOS1u2Xx1PNWKP8kk4Rr+ZI33mJnX5A0bF2woo5Nf0D3Sc50/c9d5D3DH3yEScStqVzF L++vkagAXU6Xw/jfO7vycrK7Ko+HbY1yMgRlD2QCLRPbDEsiwuQ7+R80+HNzfO6oA5ft Od5fLQ/20gGf1e1S6ayDPzm0iRbQZR3oxHr+2xkBp9JC3pb+PTz4yTstwjosuPF6gAlc bR6Yfz99Ion2pPky0TNVR58o2nUO/bw/9s4TLA+vmQ0JiB2D67WpFFXzBh3UF6dHrlIx XkxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=n6jC86dEp2aJ89O3DRQVDL1kqz45uedTTSvh3ZPziAE=; b=HS0wkh0q22IUceY71e/RcE14vcQUkxOyPT66cvzhjYM0EKutJnsJmRTBFI00Aj7jiM GFp83EU6ELGA4tfQscQ3dUhaiZ1R8mGrqoRiib8caqw7nLTXr2g2hXWsbQUZzHM/8g2e oCfi9yi4bomV+2pIusx2hEd3a96K4ksVOnVJMyol8tRnSVA72yOu9IstccPV7GtyVKEG jlvwmQJB3uJWQohJo+P8T2Cw3hdBonIJvNXjqEf58kyKYQSOdaRVdZhmzm38RknChg64 KimldYX4ffWTLAv+1abb+pYac8cRnCbGmzBls5RKldTwvniGnbUvReRPnYHNvyNhfHq5 tQMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YZDdgijP; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k9-20020a170902ce0900b0016f951d899dsi1687730plg.359.2022.08.09.12.12.38; Tue, 09 Aug 2022 12:12:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YZDdgijP; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345539AbiHITMe (ORCPT + 99 others); Tue, 9 Aug 2022 15:12:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43698 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346397AbiHITLI (ORCPT ); Tue, 9 Aug 2022 15:11:08 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B4BD22186; Tue, 9 Aug 2022 11:58:58 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 2BC65B81662; Tue, 9 Aug 2022 18:58:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 329C6C433D6; Tue, 9 Aug 2022 18:58:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1660071535; bh=XTBFh7yoTFr2i4RUTPJqLED6xHogeLuIDMQ2VyzUQr0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=YZDdgijPBsZ6QGE/PLz0GiaQ/epIcNz9hIhJZ4mkHKcJdpDggaCBPsnAcxUz5RKxy gvYvOj7irKjorlSTcQNQw40Ljb8UZWx2kJmHL2WUv/aFjeiJvomtXAJCkW696KM9Ly HrAcX3W6FcmBYOcavCbd+yAXCYA5SKNGAXm0SyyL9b8FuWmIkfGHKeyoxwCsiqedBu 3tQysPMu6ByYQDI+xJolWoUQn7N3ahSgzYhmPyJTikbbyj1oKELQ1aSvxe6p6vFiT+ iCmOws85RRmGML/SPAdXA6tPD9S/PzpjzmNganj95M3xQqeG5HBpqtb8uyRcfxZScJ SOKapxedDSqKw== Date: Tue, 9 Aug 2022 21:58:51 +0300 From: Jarkko Sakkinen To: Tom Lendacky Cc: Paolo Bonzini , Jarkko Sakkinen , Harald Hoyer , Brijesh Singh , John Allen , Herbert Xu , "David S. Miller" , "open list:AMD CRYPTOGRAPHIC COPROCESSOR (CCP) DRIVER - SE..." , open list Subject: Re: [PATCH] crypto: ccp: Add a quirk to firmware update Message-ID: References: <20220808001537.6479-1-jarkko@kernel.org> <0a3a790d-989f-2f76-f636-62fbd925a776@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0a3a790d-989f-2f76-f636-62fbd925a776@amd.com> X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, Aug 09, 2022 at 10:57:16AM -0500, Tom Lendacky wrote: > On 8/7/22 19:15, Jarkko Sakkinen wrote: > > From: Jarkko Sakkinen > > Looks good, just some minor commit message and comment changes requested. > > > > > A quirk for fixing the committed TCB version, when upgrading from earlier > > firmware version than 1.33.01. This is a known issue, and the documented > > ", when upgrading from earlier firmware version than 1.33.01" => "when > upgrading from a firmware version earlier than 1.50" > > > workaround is to load the firmware twice. > > > > The issue realizes in a machine where the upgrade is done from firmware > > reporting having SEV API version 1.49, and requires the following > > workaround: > > Replace the above paragraph with just: "Currently, this issue requires the > following workaround:" > > > > > sudo modprobe -r kvm_amd > > sudo modprobe -r ccp > > sudo modprobe ccp > > sudo modprobe kvm_amd > > > > Implement this workaround inside kernel by checking whether the API > > version is less than 1.50, and if so, download the firmware twice. > > This addresses the TCB version issue. > > > > Link: https://lore.kernel.org/all/de02389f-249d-f565-1136-4af3655fab2a@profian.com/ > > Reported-by: Harald Hoyer > > Signed-off-by: Jarkko Sakkinen > > --- > > drivers/crypto/ccp/sev-dev.c | 16 ++++++++++++++-- > > 1 file changed, 14 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c > > index 799b476fc3e8..8ae26c5c64f6 100644 > > --- a/drivers/crypto/ccp/sev-dev.c > > +++ b/drivers/crypto/ccp/sev-dev.c > > @@ -742,6 +742,11 @@ static int sev_update_firmware(struct device *dev) > > struct page *p; > > u64 data_size; > > + if (!sev_version_greater_or_equal(0, 15)) { > > + dev_dbg(dev, "DOWNLOAD_FIRMWARE not supported\n"); > > + return -1; > > + } > > + > > if (sev_get_firmware(dev, &firmware) == -ENOENT) { > > dev_dbg(dev, "No SEV firmware file present\n"); > > return -1; > > @@ -774,6 +779,14 @@ static int sev_update_firmware(struct device *dev) > > data->len = firmware->size; > > ret = sev_do_cmd(SEV_CMD_DOWNLOAD_FIRMWARE, data, &error); > > + > > + /* > > + * A quirk for fixing the committed TCB version, when upgrading from > > + * earlier firmware version than 1.33.01. > > s/1.33.01/1.50/ > > Thanks, > Tom Thanks Tom, I'll address the issues and send a new version. BR, Jarkko