On 8/21/25 5:58 AM, Kalra, Ashish wrote:
On 8/21/2025 5:30 AM, Kim Phillips wrote:
On 8/20/25 6:23 PM, Kalra, Ashish wrote:
On 8/20/2025 5:45 PM, Randy Dunlap wrote:
On 8/20/25 1:50 PM, Ashish Kalra wrote:
@@ -3064,10 +3070,32 @@ void __init sev_hardware_setup(void)
out:
if (sev_enabled) {
init_args.probe = true;
+
+ if (sev_is_snp_ciphertext_hiding_supported())
+ init_args.max_snp_asid = min(nr_ciphertext_hiding_asids,
+ min_sev_asid - 1);
+
if (sev_platform_init(&init_args))
sev_supported = sev_es_supported = sev_snp_supported = false;
else if (sev_snp_supported)
sev_snp_supported = is_sev_snp_initialized();
+
+ if (sev_snp_supported)
+ nr_ciphertext_hiding_asids = init_args.max_snp_asid;
+
+ /*
+ * If ciphertext hiding is enabled, the joint SEV-ES/SEV-SNP
+ * ASID range is partitioned into separate SEV-ES and SEV-SNP
+ * ASID ranges, with the SEV-SNP range being [1..max_snp_asid]
+ * and the SEV-ES range being [max_snp_asid..max_sev_es_asid].
[max_snp_asid + 1..max_sev_es_asid]
?
Yes.
So why wouldn't you have left Sean's original "(max_snp_asid..max_sev_es_asid]" as-is?
Kim
Because that i believe is a typo and the correct SEV-ES range is [max_snp_asid + 1..max_sev_es_asid].
It's not, though.
[max_snp_asid..max_sev_es_asid]
and
(max_snp_asid..max_sev_es_asid]
are two completely different things.
You also modified Sean's Documentation/ changes. A consistent "joint
SEV-ES+SEV-SNP" is preferred.
Thanks,
Kim
