This patch series extends the sev_init2 and the sev_smoke test to exercise the SEV-SNP VM launch workflow.
Primarily, it introduces the architectural defines, its support in the SEV library and extends the tests to interact with the SEV-SNP ioctl() wrappers.
Patch 1 - Do not advertize SNP on incompatible firmware Patch 2 - Remove SEV support on platform init failure Patch 3 - SNP test for KVM_SEV_INIT2 Patch 4 - Add VMGEXIT helper Patch 5 - Introduce SEV+ VM type check Patch 6 - SNP iotcl() plumbing for the SEV library Patch 7 - Force set GUEST_MEMFD for SNP Patch 8 - Cleanups of smoke test - Decouple policy from type Patch 9 - SNP smoke test
The series is based on git.kernel.org/pub/scm/virt/kvm/kvm.git next
v4..v5: * Introduced a check to disable advertising support for SEV, SEV-ES and SNP when platform initialization fails (Nikunj) * Remove the redundant SNP check within is_sev_vm() (Nikunj) * Cleanup of the encrypt_region flow for better readability (Nikunj) * Refactor paths to use the canonical $(ARCH) to rebase for kvm/next
v3..v4: https://lore.kernel.org/kvm/20241114234104.128532-1-pratikrajesh.sampat@amd.... * Remove SNP FW API version check in the test and ensure the KVM capability advertizes the presence of the feature. Retain the minimum version definitions to exercise these API versions in the smoke test * Retained only the SNP smoke test and SNP_INIT2 test * The SNP architectural defined merged with SNP_INIT2 test patch * SNP shutdown merged with SNP smoke test patch * Add SEV VM type check to abstract comparisons and reduce clutter * Define a SNP default policy which sets bits based on the presence of SMT * Decouple privatization and encryption for it to be SNP agnostic * Assert for only positive tests using vm_ioctl() * Dropped tested-by tags
In summary - based on comments from Sean, I have primarily reduced the scope of this patch series to focus on breaking down the SNP smoke test patch (v3 - patch2) to first introduce SEV-SNP support and use this interface to extend the sev_init2 and the sev_smoke test.
The rest of the v3 patchset that introduces ioctl, pre fault, fallocate and negative tests, will be re-worked and re-introduced subsequently in future patch series post addressing the issues discussed.
v2..v3: https://lore.kernel.org/kvm/20240905124107.6954-1-pratikrajesh.sampat@amd.co... * Remove the assignments for the prefault and fallocate test type enums. * Fix error message for sev launch measure and finish. * Collect tested-by tags [Peter, Srikanth]
Pratik R. Sampat (9): KVM: SEV: Disable SEV-SNP on FW validation failure KVM: SEV: Disable SEV on platform init failure KVM: selftests: SEV-SNP test for KVM_SEV_INIT2 KVM: selftests: Add VMGEXIT helper KVM: selftests: Introduce SEV VM type check KVM: selftests: Add library support for interacting with SNP KVM: selftests: Force GUEST_MEMFD flag for SNP VM type KVM: selftests: Abstractions for SEV to decouple policy from type KVM: selftests: Add a basic SEV-SNP smoke test
arch/x86/kvm/svm/sev.c | 6 +- drivers/crypto/ccp/sev-dev.c | 16 +++ include/linux/psp-sev.h | 6 ++ .../selftests/kvm/include/x86/processor.h | 1 + tools/testing/selftests/kvm/include/x86/sev.h | 55 ++++++++++- tools/testing/selftests/kvm/lib/kvm_util.c | 7 +- .../testing/selftests/kvm/lib/x86/processor.c | 4 +- tools/testing/selftests/kvm/lib/x86/sev.c | 99 ++++++++++++++++++- .../selftests/kvm/x86/sev_init2_tests.c | 13 +++ .../selftests/kvm/x86/sev_smoke_test.c | 96 ++++++++++++++---- 10 files changed, 272 insertions(+), 31 deletions(-)