Hi Nikunj, On 1/9/25 11:21 PM, Nikunj A. Dadhania wrote: > > > On 11/15/2024 5:10 AM, Pratik R. Sampat wrote: >> On incompatible firmware versions, SEV-SNP support is pulled and the >> setup is not performed. However, the platform and subsequently the KVM >> capability may continue to advertize support for it. Disable support for >> SEV-SNP if the FW version validation fails. > > Additionally, can we ensure that if sev_platform_init() fails, we do not > indicate SNP support? That sounds good to me. Although if the platform initialization fails, I think we should not be advertising SEV, SEV-ES as well. If that makes sense, we could do something similar to before by exporting another function from ccp that returns whether the platform is initialized. Then, within kvm's sev_hardware_setup(), we can check this to ensure that none of the capabilities are set if the platform initialization has failed? Thanks! Pratik
