Not working on Standard DCads v5

[madhavajay]

I am getting errors running sevctl on an Azure Size: Standard DCads v5.

$ ./sevctl ok
[ PASS ] - AMD CPU
[ FAIL ]   - Microcode support
[ FAIL ]   - Secure Memory Encryption (SME)
[ FAIL ]   - Secure Encrypted Virtualization (SEV)
[ SKIP ]     - Encrypted State (SEV-ES)
[ SKIP ]     - Secure Nested Paging (SEV-SNP)
[ SKIP ]       - VM Permission Levels
[ SKIP ]         - Number of VMPLs
[ SKIP ]     - Physical address bit reduction
[ SKIP ]     - C-bit location
[ SKIP ]     - Number of encrypted guests supported simultaneously
[ SKIP ]     - Minimum ASID value for SEV-enabled, SEV-ES disabled guest
[ SKIP ]     - SEV enabled in KVM
[ SKIP ]     - SEV-ES enabled in KVM
[ SKIP ]     - /dev/sev readable
[ SKIP ]     - /dev/sev writable
[ PASS ]   - Page flush MSR: DISABLED
[ FAIL ] - KVM supported: Error reading /dev/kvm: (No such file or directory (os error 2))
[ PASS ] - Memlock resource limit: Soft: 4076920832 | Hard: 4076920832
Error: One or more tests in sevctl-ok reported a failure

$ sudo dmesg | grep -i amd
[    0.000000] Linux version 6.2.0-1019-azure (buildd@lcy02-amd64-088) (x86_64-linux-gnu-gcc-11 (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #19~22.04.1-Ubuntu SMP Wed Jan 10 22:57:03 UTC 2024 (Ubuntu 6.2.0-1019.19~22.04.1-azure 6.2.16)
[    0.000000]   AMD AuthenticAMD
[    0.029897] RAMDISK: [mem 0xb7266000-0xb91e6fff]
[    0.544371] Memory Encryption Features active: AMD SEV
[    0.544371] smpboot: CPU0: AMD 19/01 (family: 0x19, model: 0x1, stepping: 0x1)

$ sudo rdmsr -a 0xc0010131
> 103df

$ uname -a
Linux amd-sev-snp 6.2.0-1019-azure #19~22.04.1-Ubuntu SMP Wed Jan 10 22:57:03 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Do I need a different tool to interact with the SEV API for this chip?

[larrydewey]

If you are looking to check an SEV-SNP status, I would recommend using snpguest, as it is tailored more toward SEV-SNP. Usually sevctl is used for validating the status from the perspective of a platform owner.