Re: [EXT] Re: AMD SEV firmware for psp(4)

[Hans-Jörg Höxer]

On Mon, Oct 28, 2024 at 10:41:03AM -0600, Theo de Raadt wrote:
> Hans-Jörg Höxer <hshoe...@genua.de> wrote:
> 
> > On Mon, Oct 28, 2024 at 09:00:25AM -0600, Theo de Raadt wrote:
> > > Hans-Jörg Höxer <hshoe...@genua.de> wrote:
> > > 
> > > > With GENERIC.MP the pattern below seems to work (but of course no tgz
> > > > available yet on firmware.openbsd.org). psp(4) is not in RAMDISK.
> > > 
> > > Since it is not in RAMDISK, you want to find a pattern so that it is
> > > during RAMDISK.  Otherwise, it will never be automatically installed.
> > 
> > the SEV firmware is needed, when starting vmd(8) (when launching a
> > SEV guest).  Until then psp(4) is not used at all.
> > 
> > I'd say the AMD SEV firmware is similar to the SeaBIOS which is
> > needs to be installed before launching vmd(8).  It is installed as
> > /etc/firmware/vmm-bios which happens on first boot after successful
> > installation.  So I think, the same approach as for vmm(4) should be ok
> > for psp(4), no?
> 
> yes, but also no.  The earlier we get firmwares.  I prefer if we add
> any possible reason for a firmware fetch to the patterns.  If there is
> a cpu feature which indicates this, then we can added it to the patterns also.


I see.  The diff below has two patterns for RAMDISK.  There neither psp(4)
nor ccp(4) are configured.  So we can match on the unconfigured devices.
Theses two patterns match for my hardware.

RAMDISK_CD has ccp(4) configured, but not psp(4).  Thus we either add
"ccp" to the patterns or we also add psp(4) to RAMDISK_CD?

---------------------------------------------------------------------
commit b7ab0eee5240563a6abf393ae9bff4afb16a687d
Author: Hans-Joerg Hoexer <hshoe...@genua.de>
Date:   Mon Oct 28 13:07:50 2024 +0100

    fw_update: add pattern for AMD SEV firmware used with psp(4)

diff --git a/usr.sbin/fw_update/patterns.c b/usr.sbin/fw_update/patterns.c
index 868a2308b15..4a295c58daf 100644
--- a/usr.sbin/fw_update/patterns.c
+++ b/usr.sbin/fw_update/patterns.c
@@ -94,6 +94,10 @@ main(void)
        print_devices("amdgpu", amdgpu_devices, nitems(amdgpu_devices));
        printf("%s\n", "amdgpu ^vga*vendor \"ATI\", unknown product"); 
        printf("%s\n", "amdgpu ^vendor \"ATI\", unknown product*class display");
+       printf("%s\n", "amdsev ^\"AMD*Crypto\"");
+       printf("%s\n", "amdsev ^\"AMD*PSP\"");
+       printf("%s\n", "amdsev ccp");
+       printf("%s\n", "amdsev psp");
        printf("%s\n", "apple-boot ^cpu0*Apple");
        printf("%s\n", "arm64-qcom-dtb ^qcgpio0");
        printf("%s\n", "athn");

smime.p7s
Description: S/MIME cryptographic signature