On 1/11/2025 3:20 AM, Pratik Rajesh Sampat wrote: > Hi Nikunj, > > On 1/9/25 11:21 PM, Nikunj A. Dadhania wrote: >> >> >> On 11/15/2024 5:10 AM, Pratik R. Sampat wrote: >>> On incompatible firmware versions, SEV-SNP support is pulled and the >>> setup is not performed. However, the platform and subsequently the KVM >>> capability may continue to advertize support for it. Disable support for >>> SEV-SNP if the FW version validation fails. >> >> Additionally, can we ensure that if sev_platform_init() fails, we do not >> indicate SNP support? > > That sounds good to me. Although if the platform initialization fails, > I think we should not be advertising SEV, SEV-ES as well. Even better! > > If that makes sense, we could do something similar to before by > exporting another function from ccp that returns whether the platform > is initialized. Then, within kvm's sev_hardware_setup(), we can check > this to ensure that none of the capabilities are set if the platform > initialization has failed? Yes, that will ensure we do not advertise any of the SEV capabilities if the ccp driver has failed loading the firmware or initializing the platform. Regards Nikunj
