APPLIED: [SRU][N:linux-gcp/P:linux-gcp][PATCH v2 0/2] Add SVSM vTPM support for AMD SEV-SNP confidential VMs
Ian Whitfield
ian.whitfield at canonical.com
Tue Jun 24 15:50:19 UTC 2025
On Mon, Jun 23, 2025 at 01:48:05PM -0700, Ian Whitfield wrote:
> BugLink: https://bugs.launchpad.net/bugs/2111956
>
> [Impact]
> Google has made a request for SVSM vTPM support in linux-gcp kernels 6.8 and
> later.
>
> [Fix]
> Patches requested in the support case:
> 980a573621ea ("tpm: Make chip->{status,cancel,req_canceled} opt")
> 770de678bc28 ("x86/sev: Add SVSM vTPM probe/send_command functions")
> b2849b072366 ("svsm: Add header with SVSM_VTPM_CMD helpers")
> 93b7c6b3ce91 ("tpm: Add SNP SVSM vTPM driver")
> e396dd85172c ("x86/sev: Register tpm-svsm platform device")
>
> The config for all kernels must have CONFIG_TCG_SVSM=y
>
> Noble also requires the changes from this pull request:
> https://lore.kernel.org/lkml/20240716095557.GAZpZDrdC3HA0Zilxr@fat_crate.local/
> and CONFIG_SEV_GUEST=m/y and CONFIG_TSM_REPORTS=y
>
> Besides context adjustments, Noble required some additional changes to its patchset.
> Three commits were added to enable 878e70dbd26e ("x86/sev: Check for the
> presence of an SVSM in the SNP secrets page") to apply more smoothly:
> 88ed43d32beb ("x86/sev: Rename snp_init() in boot/compressed/sev.c")
> e2f4c8c319ab ("x86/sev: Make the VMPL0 checking more straight forward")
> 1e52550729da ("x86/sev: Shorten struct name snp_secrets_page_layout to snp_secrets_page")
> One commit was dropped from the patchset because it was applied via stable updates:
> 3991b04d4870 ("virt: sev-guest: Mark driver struct with __refdata to prevent section mismatch")
> One commit was dropped because it fixes a bug not present in noble:linux-gcp:
> 0440feb09079 ("x86/sev: Do RMP memory coverage check after max_pfn has been set")
>
> [Test Plan]
> Compile and boot tested. Google has reviewed the patchset.
>
> [Where problems could occur]
> These changes are in core kernel security modules, so care should be taken
> to ensure that patches are applied correctly to avoid creating new security
> vulnerabilities. An issue with this patchset could result in critical kernel
> failures in confidential compute VMs.
>
> [Other]
> SF #00409503
>
> v2: Updated context in b547fc2c9927 ("x86/irqflags: Provide native versions of
> the local_irq_save()/restore()") for current N:linux-gcp tree so the patch
> applies cleanly. Also correctly added 1e52550729da ("x86/sev: Shorten struct
> name snp_secrets_page_layout to snp_secrets_page") which accidentally was
> absent in v1.
>
> Borislav Petkov (AMD) (2):
> x86/sev: Move SEV compilation units
> Documentation/ABI/configfs-tsm: Fix an unexpected indentation silly
>
> Ian Whitfield (1):
> UBUNTU: [Config] gcp: Make tpm_svsm built-in
>
> Jarkko Sakkinen (1):
> tpm: Make chip->{status,cancel,req_canceled} opt
>
> Stefano Garzarella (4):
> x86/sev: Add SVSM vTPM probe/send_command functions
> svsm: Add header with SVSM_VTPM_CMD helpers
> tpm: Add SNP SVSM vTPM driver
> x86/sev: Register tpm-svsm platform device
>
> Tom Lendacky (15):
> x86/irqflags: Provide native versions of the
> local_irq_save()/restore()
> x86/sev: Rename snp_init() in boot/compressed/sev.c
> x86/sev: Make the VMPL0 checking more straight forward
> x86/sev: Check for the presence of an SVSM in the SNP secrets page
> x86/sev: Use kernel provided SVSM Calling Areas
> x86/sev: Perform PVALIDATE using the SVSM when not at VMPL0
> x86/sev: Use the SVSM to create a vCPU when not in VMPL0
> x86/sev: Provide SVSM discovery support
> x86/sev: Provide guest VMPL level to userspace
> virt: sev-guest: Choose the VMPCK key based on executing VMPL
> sev-guest: configfs-tsm: Allow the privlevel_floor attribute to be
> updated
> fs/configfs: Add a callback to determine attribute visibility
> x86/sev: Take advantage of configfs visibility support in TSM
> x86/sev: Extend the config-fs attestation support for an SVSM
> x86/sev: Allow non-VMPL0 execution when an SVSM is present
>
> Documentation/ABI/testing/configfs-tsm | 63 +++
> .../ABI/testing/sysfs-devices-system-cpu | 12 +
> .../arch/x86/amd-memory-encryption.rst | 29 +-
> Documentation/virt/coco/sev-guest.rst | 11 +
> arch/x86/boot/compressed/sev.c | 263 +++++----
> arch/x86/coco/Makefile | 1 +
> arch/x86/coco/sev/Makefile | 15 +
> arch/x86/{kernel/sev.c => coco/sev/core.c} | 518 +++++++++++++++---
> .../sev-shared.c => coco/sev/shared.c} | 460 +++++++++++++++-
> arch/x86/include/asm/cpufeatures.h | 1 +
> arch/x86/include/asm/irqflags.h | 20 +
> arch/x86/include/asm/msr-index.h | 2 +
> arch/x86/include/asm/sev-common.h | 18 +
> arch/x86/include/asm/sev.h | 142 ++++-
> arch/x86/include/uapi/asm/svm.h | 1 +
> arch/x86/kernel/Makefile | 5 -
> arch/x86/mm/mem_encrypt_amd.c | 8 +-
> debian.gcp/config/annotations | 3 +
> drivers/char/tpm/Kconfig | 10 +
> drivers/char/tpm/Makefile | 1 +
> drivers/char/tpm/tpm-interface.c | 30 +-
> drivers/char/tpm/tpm_ftpm_tee.c | 20 -
> drivers/char/tpm/tpm_svsm.c | 125 +++++
> drivers/virt/coco/sev-guest/sev-guest.c | 204 ++++++-
> drivers/virt/coco/tdx-guest/tdx-guest.c | 26 +-
> drivers/virt/coco/tsm.c | 177 ++++--
> fs/configfs/dir.c | 10 +
> include/linux/configfs.h | 3 +
> include/linux/tpm_svsm.h | 149 +++++
> include/linux/tsm.h | 59 +-
> 30 files changed, 2105 insertions(+), 281 deletions(-)
> create mode 100644 arch/x86/coco/sev/Makefile
> rename arch/x86/{kernel/sev.c => coco/sev/core.c} (83%)
> rename arch/x86/{kernel/sev-shared.c => coco/sev/shared.c} (72%)
> create mode 100644 drivers/char/tpm/tpm_svsm.c
> create mode 100644 include/linux/tpm_svsm.h
>
> --
> 2.43.0
>
Applied to noble:linux-gcp and plucky:linux-gcp master-next branches.
More information about the kernel-team
mailing list