[SRU][N:linux-gcp][PATCH 00/23] Add SVSM vTPM support for AMD SEV-SNP confidential VMs

Ian Whitfield ian.whitfield at canonical.com
Mon Jun 16 23:04:44 UTC 2025 

BugLink: https://bugs.launchpad.net/bugs/2111956

Borislav Petkov (AMD) (2):
  x86/sev: Move SEV compilation units
  Documentation/ABI/configfs-tsm: Fix an unexpected indentation silly

Ian Whitfield (1):
  UBUNTU: [Config] gcp: Make tpm_svsm built-in

Jarkko Sakkinen (1):
  tpm: Make chip->{status,cancel,req_canceled} opt

Stefano Garzarella (4):
  x86/sev: Add SVSM vTPM probe/send_command functions
  svsm: Add header with SVSM_VTPM_CMD helpers
  tpm: Add SNP SVSM vTPM driver
  x86/sev: Register tpm-svsm platform device

Tom Lendacky (15):
  x86/irqflags: Provide native versions of the
    local_irq_save()/restore()
  x86/sev: Rename snp_init() in boot/compressed/sev.c
  x86/sev: Make the VMPL0 checking more straight forward
  x86/sev: Check for the presence of an SVSM in the SNP secrets page
  x86/sev: Use kernel provided SVSM Calling Areas
  x86/sev: Perform PVALIDATE using the SVSM when not at VMPL0
  x86/sev: Use the SVSM to create a vCPU when not in VMPL0
  x86/sev: Provide SVSM discovery support
  x86/sev: Provide guest VMPL level to userspace
  virt: sev-guest: Choose the VMPCK key based on executing VMPL
  sev-guest: configfs-tsm: Allow the privlevel_floor attribute to be
    updated
  fs/configfs: Add a callback to determine attribute visibility
  x86/sev: Take advantage of configfs visibility support in TSM
  x86/sev: Extend the config-fs attestation support for an SVSM
  x86/sev: Allow non-VMPL0 execution when an SVSM is present

 Documentation/ABI/testing/configfs-tsm        |  63 +++
 .../ABI/testing/sysfs-devices-system-cpu      |  12 +
 .../arch/x86/amd-memory-encryption.rst        |  29 +-
 Documentation/virt/coco/sev-guest.rst         |  11 +
 arch/x86/boot/compressed/sev.c                | 263 +++++----
 arch/x86/coco/Makefile                        |   1 +
 arch/x86/coco/sev/Makefile                    |  15 +
 arch/x86/{kernel/sev.c => coco/sev/core.c}    | 518 +++++++++++++++---
 .../sev-shared.c => coco/sev/shared.c}        | 460 +++++++++++++++-
 arch/x86/include/asm/cpufeatures.h            |   1 +
 arch/x86/include/asm/irqflags.h               |  20 +
 arch/x86/include/asm/msr-index.h              |   2 +
 arch/x86/include/asm/sev-common.h             |  18 +
 arch/x86/include/asm/sev.h                    | 142 ++++-
 arch/x86/include/uapi/asm/svm.h               |   1 +
 arch/x86/kernel/Makefile                      |   5 -
 arch/x86/mm/mem_encrypt_amd.c                 |   8 +-
 debian.gcp/config/annotations                 |   3 +
 drivers/char/tpm/Kconfig                      |  10 +
 drivers/char/tpm/Makefile                     |   1 +
 drivers/char/tpm/tpm-interface.c              |  30 +-
 drivers/char/tpm/tpm_ftpm_tee.c               |  20 -
 drivers/char/tpm/tpm_svsm.c                   | 125 +++++
 drivers/virt/coco/sev-guest/sev-guest.c       | 204 ++++++-
 drivers/virt/coco/tdx-guest/tdx-guest.c       |  26 +-
 drivers/virt/coco/tsm.c                       | 177 ++++--
 fs/configfs/dir.c                             |  10 +
 include/linux/configfs.h                      |   3 +
 include/linux/tpm_svsm.h                      | 149 +++++
 include/linux/tsm.h                           |  59 +-
 30 files changed, 2105 insertions(+), 281 deletions(-)
 create mode 100644 arch/x86/coco/sev/Makefile
 rename arch/x86/{kernel/sev.c => coco/sev/core.c} (83%)
 rename arch/x86/{kernel/sev-shared.c => coco/sev/shared.c} (72%)
 create mode 100644 drivers/char/tpm/tpm_svsm.c
 create mode 100644 include/linux/tpm_svsm.h

-- 
2.43.0

More information about the kernel-team mailing list