Skip to content

AMD SNP attestation test enhancement #4351

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

AMD SNP attestation test enhancement #4351

wants to merge 3 commits into from

Conversation

bssrikanth
Copy link

This patch introduces improvements to the SEV-SNP attestation workflow.
The changes include a new script for installing the snpguest tool from source,
updates to the attestation workflow to align with upstream changes, and
enhancements to the testcase and configuration files.
Specifically, the series:

  1. Adds snpguest_install.sh to install the snpguest tool from source.
  2. Updates the existing SEV-SNP attestation workflow to align with upstream snpguest tool changes.
  3. Enhances the SEV-SNP testcase by supporting snpguest source installation, improving CPU model detection, updating SNP policy values, adding a debug policy variant, improving error handling.

Signed-off-by: Srikanth Aithal [email protected]

@bssrikanth bssrikanth force-pushed the snpattestation_enhance branch 3 times, most recently from 565c550 to 8519b16 Compare July 30, 2025 13:02
@bssrikanth
Copy link
Author

@zixi-chen @JinLiul request your review comments.

@bssrikanth
Copy link
Author

Hello I will be happy to address any review comments with respect to this PR. Thank you in advance :)

@bssrikanth bssrikanth force-pushed the snpattestation_enhance branch 3 times, most recently from d988a61 to 014f9f0 Compare August 22, 2025 13:15
@zixi-chen
Copy link
Contributor

Hello @bssrikanth, I just came back from holidays this week.
Since you want to install snpguest with the upstream repo, this conflicts with our tests with the snpguest package in a RHEL compose. Can you add a new cfg e.g., snp_attestation.cfg, instead of making changes in the original cfg? In this way, different test parameters won't cause any conflict. Please also don't change the main test script name, you could add type = snp_basic_config in your own cfg, and I am happy with your proposed change with snp_basic_config.py.

@bssrikanth
Update SNP attestation workflow
c8763b3 
1. Update snpguest fetch commands to align with
recent upstream snpguest tool changes.
2. Improve error handling.

Signed-off-by: Srikanth Aithal <[email protected]>
@bssrikanth
Add script to install snpguest from source
3fb4171 
Add script to install snpguest tool from source.
It supports customizable repository, branch, or tag,
validates inputs, installs dependencies for Ubuntu/Debian
or RHEL-based OS, and builds and installs snpguest.

Signed-off-by: Srikanth Aithal <[email protected]>
@bssrikanth bssrikanth force-pushed the snpattestation_enhance branch from 014f9f0 to d7a5174 Compare September 19, 2025 08:56
@bssrikanth
Copy link
Author

@zixi-chen Thank you for the review comments.

  1. I have renamed snp_attestation.py back to snp_basic_config.py and created a separate configuration file as you suggested.
  2. The snpguest_sourcebuild parameter will be evaluated before deciding whether to build snpguest from source. It will only build from source when explicitly set; otherwise, it will follow the default path to avoid disrupting your existing workflow. Please let me know if this is acceptable.

@bssrikanth
Update SNP guest attestation
5754589 
1. Update SEV-SNP testcase and config to support
snpguest tool installation from source.
2. Enhance CPU model detection for broader platform support.
3. Update SNP policy values, add a debug policy variant
4. Improve error handling in the testcase script.
5. Add snp_attestation.cfg to include newly introduced parameters.

Signed-off-by: Srikanth Aithal <[email protected]>
@bssrikanth bssrikanth force-pushed the snpattestation_enhance branch from d7a5174 to 5754589 Compare September 19, 2025 09:14
@JinLiul
Copy link
Contributor

JinLiul commented Sep 24, 2025

The current dict_cpu implementation is incompatible with Turin systems and causes failures. The updated version in this patch resolves this issue and the test case pass in Turin.

@bssrikanth
Copy link
Author

@zixi-chen please let me know any comments on the revised version. Happy to address them :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bssrikanth @zixi-chen @JinLiul