Hello Sean,
On 2/11/25 7:54 PM, Sean Christopherson wrote:
> On Mon, Feb 03, 2025, Pratik R. Sampat wrote:
>> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
>> index 0f04f365885c..b709c2f0945c 100644
>> --- a/arch/x86/kvm/svm/sev.c
>> +++ b/arch/x86/kvm/svm/sev.c
>> @@ -3040,7 +3040,9 @@ void __init sev_hardware_setup(void)
>> sev_es_asid_count = min_sev_asid - 1;
>> WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count));
>> sev_es_supported = true;
>> - sev_snp_supported = sev_snp_enabled && cc_platform_has(CC_ATTR_HOST_SEV_SNP);
>> + sev_snp_supported = (sev_snp_enabled &&
>> + cc_platform_has(CC_ATTR_HOST_SEV_SNP) &&
>> + snp_fw_valid());
>>
>> out:
>> if (boot_cpu_has(X86_FEATURE_SEV))
>> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
>> index af018afd9cd7..b45cd60c19b0 100644
>> --- a/drivers/crypto/ccp/sev-dev.c
>> +++ b/drivers/crypto/ccp/sev-dev.c
>> @@ -122,6 +122,12 @@ static inline bool sev_version_greater_or_equal(u8 maj, u8 min)
>> return false;
>> }
>>
>> +bool snp_fw_valid(void)
>> +{
>> + return sev_version_greater_or_equal(SNP_MIN_API_MAJOR, SNP_MIN_API_MINOR);
>
> This lacks any sense of abstraction. KVM doesn't care if the firmware is valid,
> KVM only cares if SNP is support. KVM _must_ run after ASP initialization[*],
> so I'm pretty sure KVM just needs a way to query sev->snp_initialized.
>
> [*] https://lore.kernel.org/all/f78ddb64087df27e7bcb1ae0ab53f55aa0804fab.1739226950.git.ashish.kalra@xxxxxxx
Thank you for your reviews!
Sure, I can instead just export this function (with a better name) to
return sev->snp_initialized within sev_hardware_setup().
