AMDESE / AMDSEV

AMD Secure Encrypted Virtualization
304 stars 88 forks source link

update firmware failed #81

Open MelodyHuibo opened 2 years ago

MelodyHuibo commented 2 years ago

Hi, update firmware as the instruction, however, the dmesg shows still SEV-SNP support requires firmware version >= 1:51, SEV API:0.31 build:43. Could I know how to enable sev-snp here? dmesg | grep -i -e rmp -e sev [ 0.000000] Linux version 5.14.0-rc2-snp-host-20d8ab8889d7 (xlab@xlab-SEV-SNP-01) (gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #1 SMP Wed Feb 16 19:00:08 PST 2022 [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-5.14.0-rc2-snp-host-20d8ab8889d7 root=UUID=3c911ff3-b647-4c05-9654-579e8eedacb7 ro transparent_hugepage=never quiet splash mem=200G kvm_amd.sev-snp=1 vt.handoff=7 [ 0.243974] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.14.0-rc2-snp-host-20d8ab8889d7 root=UUID=3c911ff3-b647-4c05-9654-579e8eedacb7 ro transparent_hugepage=never quiet splash mem=200G kvm_amd.sev-snp=1 vt.handoff=7 [ 2.292032] SEV-SNP: RMP table physical address 0x0000000035c00000 - 0x0000000075cfffff [ 6.773490] systemd[1]: Set hostname to . [ 8.356061] ccp 0000:23:00.1: sev enabled [ 8.381888] ccp 0000:23:00.1: SEV-SNP support requires firmware version >= 1:51 [ 8.392561] ccp 0000:23:00.1: SEV: failed to INIT error 0x1 [ 8.392743] ccp 0000:23:00.1: SEV API:0.31 build:43 [ 9.589742] SEV supported: 154 ASIDs [ 9.589744] SEV-ES and SEV-SNP supported: 99 ASIDs

tlendacky commented 2 years ago

You can obtain the latest firmware at https://developer.amd.com/sev. Specifically:

Unzip this file and copy the amd_sev_fam19h_model0xh_1.33.03.sbin to /lib/firmware/amd/amd_sev_fam19h_model0xh.sbin and the firmware will be updated when the ccp/psp driver loads.

MelodyHuibo commented 2 years ago

You can obtain the latest firmware at https://developer.amd.com/sev. Specifically:

Unzip this file and copy the amd_sev_fam19h_model0xh_1.33.03.sbin to /lib/firmware/amd/amd_sev_fam19h_model0xh.sbin and the firmware will be updated when the ccp/psp driver loads.

I already did it twice , it does not work.

codomania commented 2 years ago

Your base firmware is too old and I am not sure if it even supports the download FW so upgrade to newer. You should consider moving to the newer BIOS that comes with SEV FW version 1.0.0 so that it can be used to upgrade to 1.50.x.

MelodyHuibo commented 2 years ago

Thanks Brijesh, got it. I will download the newest bios version, could I know where I can download it?

On Fri, Feb 18, 2022 at 11:29 AM Brijesh Singh @.***> wrote:

Your base firmware is too old and I am not sure if it even supports the download FW so upgrade to newer. You should consider moving to the newer BIOS that comes with SEV FW version 1.0.0 so that it can be used to upgrade to 1.50.x.

— Reply to this email directly, view it on GitHub https://github.com/AMDESE/AMDSEV/issues/81#issuecomment-1045062507, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG5BGITLFIOF5CTKBN6WDQTU32MYHANCNFSM5OYVN56A . You are receiving this because you authored the thread.Message ID: @.***>

KiranPadwal commented 2 years ago

I am facing the same issue,

BIOS Information Vendor: American Megatrends International, LLC. Version: L3.06 Release Date: 03/16/2022

Using the firmware: /lib/firmware/amd/amd_sev_fam19h_model0xh.sbin

dmesg | grep -i -e rmp -e sev

[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-5.14.0-rc2-snp-host-6d4469b86f90 root=UUID=98ee5cee-13b4-48ae-a7e2-a45987e83667 ro mem_encrypt=on kvm_amd.sev=1 [ 0.117580] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.14.0-rc2-snp-host-6d4469b86f90 root=UUID=98ee5cee-13b4-48ae-a7e2-a45987e83667 ro mem_encrypt=on kvm_amd.sev=1 [ 0.587056] SEV-SNP: RMP table physical address 0x0000000088900000 - 0x00000000a8efffff [ 4.991731] ccp 0000:45:00.1: sev enabled [ 5.003311] ccp 0000:45:00.1: SEV-SNP support requires firmware version >= 1:51 [ 5.015043] ccp 0000:45:00.1: SEV: failed to INIT error 0x1 [ 5.015442] ccp 0000:45:00.1: SEV API:1.19 build:19 [ 5.143073] SEV supported: 410 ASIDs [ 5.143074] SEV-ES and SEV-SNP supported: 99 ASIDs

tlendacky commented 2 years ago

If the DOWNLOAD_FIRMWARE command is not working, you will need to work with the OEM to obtain a more recent BIOS with a more up-to-date version of the SEV firmware (I don't remember the exact level where download firmware was fully supported by the SEV firmware).

RARelph commented 2 years ago

IIRC, for Milan, SEV FW versions >= 1.51 require a BIOS based on AMD's Milan PI 1.0.0.4 or later. And OEMs should have a PI much newer than that available to them now.

KiranPadwal commented 2 years ago

Thanks for the information, I will check on this.

lzadjsf commented 1 year ago

You can obtain the latest firmware at https://developer.amd.com/sev. Specifically:

Unzip this file and copy the amd_sev_fam19h_model0xh_1.33.03.sbin to /lib/firmware/amd/amd_sev_fam19h_model0xh.sbin and the firmware will be updated when the ccp/psp driver loads.

I already did it twice , it does not work.

Right link here: https://download.amd.com/developer/eula/sev/amd_sev_fam19h_model0xh_1.54.01.zip

The reference page here: https://www.amd.com/en/developer/sev.html

pegahnikbakht commented 1 year ago

@lzadjsf Does the firmware 1.54 work for u? I had previously firmware 1.51 and it works fine, but I updated the firmware to 1.54 and it gives me the following error:
`[ 5.299989] SEV-SNP: RMP table physical address 0x0000000098900000 - 0x00000000a8efffff

[ 15.306072] ccp 0000:47:00.1: SEV-SNP support requires firmware version >= 1:51

[ 15.325700] ccp 0000:47:00.1: SEV: failed to INIT error 0x1, rc -5

[ 15.334561] ccp 0000:47:00.1: SEV API:1.49 build:3

[ 15.515147] SEV supported: 410 ASIDs

[ 15.515148] SEV-ES and SEV-SNP supported: 99 ASIDs`

I'm using kernel version 5.19. any idea?

tlendacky commented 1 year ago

The 1.54 firmware requires a specific level of BIOS in order to be applied and the BIOS you have is not new enough to be able to support applying the 1.54 firmware level. You can either upgrade the BIOS to the latest available (which would hopefully be new enough to be able to apply 1.54) or go back to the 1.51 version you previously were using.

pegahnikbakht commented 1 year ago

@tlendacky Where I can download the firmware 1.51 again? the previous download link is not working!

tlendacky commented 1 year ago

https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd/amd_sev_fam19h_model0xh.sbin

silver-airship commented 1 year ago

https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd/amd_sev_fam19h_model0xh.sbin

I tried but this is 1.52. Maybe it's because automatic update?

tlendacky commented 1 year ago

https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd/amd_sev_fam19h_model0xh.sbin

I tried but this is 1.52. Maybe it's because automatic update?

Are you saying that link is for a 1.52 firmware or that you are already at 1.52 from your installed BIOS?

silver-airship commented 1 year ago

I changed the bios through BMC and using that link.

That link is 1.51!

So I think the system automatically selects the latest version from bios and .sbin file.

And do you know where can i get SEV-SNP API:1.49 build:3?