Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-133333

snphost ok fail on Turin

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Can't Do
    • Icon: Undefined Undefined
    • None
    • rhel-10.2
    • snphost
    • None
    • None
    • Important
    • rhel-virt-confidential-virt
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      What were you trying to do that didn't work?

      snphost ok

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      upstream snphost: https://github.com/virtee/snphost

      How reproducible is this bug?:

      100%

      Steps to reproduce

      1. snphost ok on Turin host
      2. On genoa or milan host, snphost pass with TCB version match 
        _basic_config.policy_default.q35]# /home/snphost/target/release/snphost ok
[ PASS ] - AMD CPU
[ PASS ]   - Microcode support
[ PASS ]   - Secure Memory Encryption (SME)
[ PASS ]     - SME: Enabled in MSR
[ PASS ]   - Secure Encrypted Virtualization (SEV)
[ PASS ]     - SEV firmware version: 1.55
[ PASS ]     - Encrypted State (SEV-ES)
[ PASS ]       - SEV-ES initialized
[ PASS ]     - SEV initialized: Initialized, no guests running
[ PASS ]     - Secure Nested Paging (SEV-SNP)
[ PASS ]       - VM Permission Levels
[ PASS ]         - Number of VMPLs: 4
[ PASS ]       - SNP: Enabled in MSR
[ PASS ]       - SNP initialized
[ PASS ]         - RMP table addresses: 0xbf8a900000 - 0xc04aefffff
[ PASS ]         - RMP table initialized
[ PASS ]         - Alias check: Completed since last system update, no aliasing addresses
[ PASS ]     - Physical address bit reduction: 6
[ PASS ]     - C-bit location: 51
[ PASS ]     - Number of encrypted guests supported simultaneously: 1006
[ PASS ]     - Minimum ASID value for SEV-enabled, SEV-ES disabled guest: 10
[ PASS ]     - /dev/sev readable
[ PASS ]     - /dev/sev writable
[ PASS ]   - Page flush MSR: ENABLED
[ PASS ] - KVM supported: API version: 12
[ PASS ]   - SEV enabled in KVM
[ PASS ]   - SEV-ES enabled in KVM
[ PASS ]   - SEV-SNP enabled in KVM
[ PASS ] - Memlock resource limit: Soft: 8388608 | Hard: 8388608
[ FAIL ] - Comparing TCB values: The TCB versions did NOT match 

 Platform TCB version: TCB Version:
  Microcode:   90
  SNP:         1
  TEE:         0
  Boot Loader: 0
  FMC:         0 
 Reported TCB version: TCB Version:
  Microcode:   0
  SNP:         1
  TEE:         0
  Boot Loader: 0
  FMC:         0
ERROR: One or more tests in snphost ok reported a failure
Error: One or more tests in snphost ok reported a failure

      3. ((kar-env) ) [root@lenovo-sr655v3-01 kar]# dmesg | grep microcode
[   15.738799] microcode: Current revision: 0x0b00215a
[   15.751545] microcode: Updated early from: 0x0b002147

      Expected results

      snphost ok pass

      Actual results

      fail with TCB verison match

              tfanelli@redhat.com Tyler Fanelli
              jinl@redhat.com Jin Liu
              Tyler Fanelli Tyler Fanelli
              Jin Liu Jin Liu
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: