[SRU][N:linux-gcp/P:linux-gcp][PATCH 0/2] Add SVSM vTPM support for AMD SEV-SNP confidential VMs

Ian Whitfield ian.whitfield at canonical.com
Mon Jun 16 23:04:45 UTC 2025 

BugLink: https://bugs.launchpad.net/bugs/2111956

[Impact]
Google has made a request for SVSM vTPM support in linux-gcp kernels 6.8 and
later.

[Fix]
Patches requested in the support case:
980a573621ea ("tpm: Make chip->{status,cancel,req_canceled} opt")
770de678bc28 ("x86/sev: Add SVSM vTPM probe/send_command functions")
b2849b072366 ("svsm: Add header with SVSM_VTPM_CMD helpers")
93b7c6b3ce91 ("tpm: Add SNP SVSM vTPM driver")
e396dd85172c ("x86/sev: Register tpm-svsm platform device")

The config for all kernels must have CONFIG_TCG_SVSM=y

Noble also requires the changes from this pull request:
https://lore.kernel.org/lkml/20240716095557.GAZpZDrdC3HA0Zilxr@fat_crate.local/
and CONFIG_SEV_GUEST=m/y and CONFIG_TSM_REPORTS=y

Besides context adjustments, Noble required some additional changes to its patchset.
Three commits were added to enable 878e70dbd26e ("x86/sev: Check for the
presence of an SVSM in the SNP secrets page") to apply more smoothly:
  88ed43d32beb ("x86/sev: Rename snp_init() in boot/compressed/sev.c")
  e2f4c8c319ab ("x86/sev: Make the VMPL0 checking more straight forward")
  1e52550729da ("x86/sev: Shorten struct name snp_secrets_page_layout to snp_secrets_page")
One commit was dropped from the patchset because it was applied via stable updates:
  3991b04d4870 ("virt: sev-guest: Mark driver struct with __refdata to prevent section mismatch")
One commit was dropped because it fixes a bug not present in noble:linux-gcp:
  0440feb09079 ("x86/sev: Do RMP memory coverage check after max_pfn has been set")

[Test Plan]
Compile and boot tested. Google has reviewed the patchset.

[Where problems could occur]
These changes are in core kernel security modules, so care should be taken
to ensure that patches are applied correctly to avoid creating new security
vulnerabilities. An issue with this patchset could result in critical kernel
failures in confidential compute VMs.

[Other]
SF #00409503

Borislav Petkov (AMD) (2):
  x86/sev: Move SEV compilation units
  Documentation/ABI/configfs-tsm: Fix an unexpected indentation silly

Ian Whitfield (1):
  UBUNTU: [Config] gcp: Make tpm_svsm built-in

Jarkko Sakkinen (1):
  tpm: Make chip->{status,cancel,req_canceled} opt

Stefano Garzarella (4):
  x86/sev: Add SVSM vTPM probe/send_command functions
  svsm: Add header with SVSM_VTPM_CMD helpers
  tpm: Add SNP SVSM vTPM driver
  x86/sev: Register tpm-svsm platform device

Tom Lendacky (15):
  x86/irqflags: Provide native versions of the
    local_irq_save()/restore()
  x86/sev: Rename snp_init() in boot/compressed/sev.c
  x86/sev: Make the VMPL0 checking more straight forward
  x86/sev: Check for the presence of an SVSM in the SNP secrets page
  x86/sev: Use kernel provided SVSM Calling Areas
  x86/sev: Perform PVALIDATE using the SVSM when not at VMPL0
  x86/sev: Use the SVSM to create a vCPU when not in VMPL0
  x86/sev: Provide SVSM discovery support
  x86/sev: Provide guest VMPL level to userspace
  virt: sev-guest: Choose the VMPCK key based on executing VMPL
  sev-guest: configfs-tsm: Allow the privlevel_floor attribute to be
    updated
  fs/configfs: Add a callback to determine attribute visibility
  x86/sev: Take advantage of configfs visibility support in TSM
  x86/sev: Extend the config-fs attestation support for an SVSM
  x86/sev: Allow non-VMPL0 execution when an SVSM is present

 Documentation/ABI/testing/configfs-tsm        |  63 +++
 .../ABI/testing/sysfs-devices-system-cpu      |  12 +
 .../arch/x86/amd-memory-encryption.rst        |  29 +-
 Documentation/virt/coco/sev-guest.rst         |  11 +
 arch/x86/boot/compressed/sev.c                | 263 +++++----
 arch/x86/coco/Makefile                        |   1 +
 arch/x86/coco/sev/Makefile                    |  15 +
 arch/x86/{kernel/sev.c => coco/sev/core.c}    | 518 +++++++++++++++---
 .../sev-shared.c => coco/sev/shared.c}        | 460 +++++++++++++++-
 arch/x86/include/asm/cpufeatures.h            |   1 +
 arch/x86/include/asm/irqflags.h               |  20 +
 arch/x86/include/asm/msr-index.h              |   2 +
 arch/x86/include/asm/sev-common.h             |  18 +
 arch/x86/include/asm/sev.h                    | 142 ++++-
 arch/x86/include/uapi/asm/svm.h               |   1 +
 arch/x86/kernel/Makefile                      |   5 -
 arch/x86/mm/mem_encrypt_amd.c                 |   8 +-
 debian.gcp/config/annotations                 |   3 +
 drivers/char/tpm/Kconfig                      |  10 +
 drivers/char/tpm/Makefile                     |   1 +
 drivers/char/tpm/tpm-interface.c              |  30 +-
 drivers/char/tpm/tpm_ftpm_tee.c               |  20 -
 drivers/char/tpm/tpm_svsm.c                   | 125 +++++
 drivers/virt/coco/sev-guest/sev-guest.c       | 204 ++++++-
 drivers/virt/coco/tdx-guest/tdx-guest.c       |  26 +-
 drivers/virt/coco/tsm.c                       | 177 ++++--
 fs/configfs/dir.c                             |  10 +
 include/linux/configfs.h                      |   3 +
 include/linux/tpm_svsm.h                      | 149 +++++
 include/linux/tsm.h                           |  59 +-
 30 files changed, 2105 insertions(+), 281 deletions(-)
 create mode 100644 arch/x86/coco/sev/Makefile
 rename arch/x86/{kernel/sev.c => coco/sev/core.c} (83%)
 rename arch/x86/{kernel/sev-shared.c => coco/sev/shared.c} (72%)
 create mode 100644 drivers/char/tpm/tpm_svsm.c
 create mode 100644 include/linux/tpm_svsm.h

-- 
2.43.0

More information about the kernel-team mailing list