Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-73083

[RHEL10]Fail to init SEV-SNP on AMD Turin processors

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • rhel-10.0
    • qemu-kvm
    • No
    • Critical
    • rhel-sst-virtualization
    • ssg_virtualization
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Fail to enable SEV-SNP on AMD Turin processors

      Package:

      qemu-kvm-9.1.0-5.el9.src.rpm

      5.14.0-539.el9.x86_64

      edk2-ovmf-20241117-1.el9.src.rpm

      How reproducible is this bug?:

      100%

      Steps to reproduce

      1. enable SEV-SNP in BIOS

      upload the screenshot of BIOS settings

      2.check dmesg 

      [root@lenovo-sr675v3-01 ~]# dmesg | grep -i sev
[    0.000000] SEV-SNP: RMP table physical range [0x0000018214400000 - 0x0000018397efffff]
[    0.011434] SEV-SNP: Reserving start/end of RMP table on a 2MB boundary [0x0000018397e00000]
[   24.115039] ccp 0000:54:00.5: sev enabled
[   24.115988] ccp 0000:d1:00.5: sev enabled
[   29.904085] ccp 0000:54:00.5: SEV-SNP: failed to INIT rc -5, error 0x13
[   30.059205] ccp 0000:54:00.5: SEV: failed to INIT error 0x1, rc -5
[   30.059215] ccp 0000:54:00.5: SEV API:1.55 build:44
[   33.998828] kvm_amd: SEV enabled (ASIDs 10 - 1006)
[   33.998831] kvm_amd: SEV-ES enabled (ASIDs 1 - 9)
[   33.998832] kvm_amd: SEV-SNP enabled (ASIDs 1 - 9)

      Expected results

      sev-snp init successfullt

      Actual results

      sev-snp failed to init

       

      Additional info

      [root@lenovo-sr675v3-01 ~]# snphost ok
[ PASS ] - AMD CPU
[ PASS ]   - Microcode support
[ PASS ]   - Secure Memory Encryption (SME)
[ PASS ]     - SME: Enabled in MSR
[ PASS ]   - Secure Encrypted Virtualization (SEV)
[ PASS ]     - Encrypted State (SEV-ES)
[ FAIL ]       - SEV-ES INIT: Disabled
[ FAIL ]     - SEV INIT: SEV is UNINIT
[ PASS ]     - Secure Nested Paging (SEV-SNP)
[ PASS ]       - VM Permission Levels
[ PASS ]         - Number of VMPLs: 4
[ PASS ]       - SNP: Enabled in MSR
[ PASS ]       - SEV Firmware Version: Sev firmware version: 1.55
[ FAIL ]       - SNP INIT: Failed to get SNP Platform status unable to retrieve SNP platform status
[ PASS ]     - Physical address bit reduction: 6
[ PASS ]     - C-bit location: 51
[ PASS ]     - Number of encrypted guests supported simultaneously: 1006
[ PASS ]     - Minimum ASID value for SEV-enabled, SEV-ES disabled guest: 10
[ PASS ]     - Reading /dev/sev: /dev/sev readable
[ PASS ]     - Writing /dev/sev: /dev/sev writable
[ PASS ]   - Page flush MSR: DISABLED
[ PASS ] - KVM supported: API version: 12
[ PASS ]   - SEV enabled in KVM: enabled
[ PASS ]   - SEV-ES enabled in KVM: enabled
[ PASS ]   - SEV-SNP enabled in KVM: enabled
[ PASS ] - Memlock resource limit: Soft: 8388608 | Hard: 8388608
[ PASS ] - RMP table addresses: Addresses: 1658197114880 - 1664701431807
[ FAIL ] - RMP INIT: Failed to get SNP Platform status unable to retrieve SNP platform status
[ FAIL ] - Comparing TCB values: Failed to get SNP Platform status unable to retrieve SNP platform status

              bdas@redhat.com Bandan Das
              jinl@redhat.com Jin Liu
              virt-maint virt-maint
              Jin Liu Jin Liu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: