On Thu, May 01, 2025 at 01:06:34PM -0700, Dionna Amalie Glaze wrote:
On Thu, May 1, 2025 at 11:04 AM Greg KH gregkh@linuxfoundation.org wrote:
On Thu, May 01, 2025 at 09:48:59AM -0700, Dionna Amalie Glaze wrote:
980a573621ea ("tpm: Make chip->{status,cancel,req_canceled} opt")
This is a dependent commit for the series of patches to add the AMD SEV-SNP SVSM vTPM device driver. Kernel 6.11 added SVSM support, but not support for the critical component for boot integrity that follows the SEV-SNP threat model. That series https://lore.kernel.org/all/20250410135118.133240-1-sgarzare@redhat.com/ is applied at tip but is not yet in the mainline.
How does this fix a bug in these stable branches now?
I find that the inability to use the main purpose of SVSM support for trusted boot integrity is a security bug according to the SEV-SNP threat model.
That is a new feature, sorry. Just use new kernel versions if you wish to have this.
greg k-h