From: Ashish Kalra Date: Mon, 24 Mar 2025 21:13:57 +0000 (+0000) Subject: crypto: ccp - Abort doing SEV INIT if SNP INIT fails X-Git-Tag: v6.16-rc1~206^2~372 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6131e119f5799bec55535530fa2fc44f5c7be1f1;p=thirdparty%2Fkernel%2Flinux.git crypto: ccp - Abort doing SEV INIT if SNP INIT fails If SNP host support (SYSCFG.SNPEn) is set, then the RMP table must be initialized before calling SEV INIT. In other words, if SNP_INIT(_EX) is not issued or fails then SEV INIT will fail if SNP host support (SYSCFG.SNPEn) is enabled. Signed-off-by: Ashish Kalra Signed-off-by: Herbert Xu --- diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 2e87ca0e292a1..a0e3de94704e1 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1112,7 +1112,7 @@ static int __sev_snp_init_locked(int *error) if (!sev_version_greater_or_equal(SNP_MIN_API_MAJOR, SNP_MIN_API_MINOR)) { dev_dbg(sev->dev, "SEV-SNP support requires firmware version >= %d:%d\n", SNP_MIN_API_MAJOR, SNP_MIN_API_MINOR); - return 0; + return -EOPNOTSUPP; } /* SNP_INIT requires MSR_VM_HSAVE_PA to be cleared on all CPUs. */ @@ -1325,12 +1325,9 @@ static int _sev_platform_init_locked(struct sev_platform_init_args *args) */ rc = __sev_snp_init_locked(&args->error); if (rc && rc != -ENODEV) { - /* - * Don't abort the probe if SNP INIT failed, - * continue to initialize the legacy SEV firmware. - */ dev_err(sev->dev, "SEV-SNP: failed to INIT rc %d, error %#x\n", rc, args->error); + return rc; } /* Defer legacy SEV/SEV-ES support if allowed by caller/module. */