From c13db8df3203391cea5f1087fcf50cc999b89f55 Mon Sep 17 00:00:00 2001 From: cjen1-msft Date: Tue, 17 Mar 2026 10:36:40 +0000 Subject: [PATCH 1/6] Fix turin cpuid --- include/ccf/pal/sev_snp_cpuid.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/ccf/pal/sev_snp_cpuid.h b/include/ccf/pal/sev_snp_cpuid.h index 198e6b858626..932be9b1c482 100644 --- a/include/ccf/pal/sev_snp_cpuid.h +++ b/include/ccf/pal/sev_snp_cpuid.h @@ -154,7 +154,7 @@ namespace ccf::pal::snp case ProductName::Genoa: return "00a10f11"; case ProductName::Turin: - return "00b00f11"; + return "00b00f21"; default: throw std::logic_error(fmt::format( "SEV-SNP: Unsupported product for CPUID: {}", to_string(product))); From ad0e62311f39a35ff5f84c39e34cbd1cd0fc8f77 Mon Sep 17 00:00:00 2001 From: cjen1-msft Date: Wed, 18 Mar 2026 10:24:00 +0000 Subject: [PATCH 2/6] Add test for cpuid --- src/pal/test/snp_attestation_validation.cpp | 57 +++++++++++++++++---- 1 file changed, 46 insertions(+), 11 deletions(-) diff --git a/src/pal/test/snp_attestation_validation.cpp b/src/pal/test/snp_attestation_validation.cpp index 844e33e35bd8..37daca34aff7 100644 --- a/src/pal/test/snp_attestation_validation.cpp +++ b/src/pal/test/snp_attestation_validation.cpp @@ -94,18 +94,12 @@ TEST_CASE("Mismatched attestation and endorsements fail") pal::PlatformAttestationMeasurement measurement; pal::PlatformAttestationReportData report_data; - try - { + CHECK_THROWS_WITH( pal::verify_snp_attestation_report( - mismatched_quote, measurement, report_data); - } - catch (const std::logic_error& e) - { - const std::string what = e.what(); - CHECK( - what.find("SEV-SNP: The root of trust public key for this attestation " - "was not the expected one") != std::string::npos); - } + mismatched_quote, measurement, report_data), + doctest::Contains( + "SEV-SNP: The root of trust public key for this attestation " + "was not the expected one")); } TEST_CASE("Parsing of Tcb versions from strings") @@ -159,6 +153,47 @@ TEST_CASE("Parsing tcb versions from attestaion") CHECK_EQ(milan_tcb.boot_loader, 0x04); } +TEST_CASE("CPUID product mapping roundtrip") +{ + const std::vector products = { + ccf::pal::snp::ProductName::Milan, + ccf::pal::snp::ProductName::Genoa, + ccf::pal::snp::ProductName::Turin, + }; + + for (const auto product : products) + { + const auto cpuid_hex = ccf::pal::snp::get_cpuid_of_snp_sev_product(product); + const auto cpuid = ccf::pal::snp::cpuid_from_hex(cpuid_hex); + + CHECK_EQ(cpuid.hex_str(), cpuid_hex); + CHECK_EQ(ccf::pal::snp::get_sev_snp_product(cpuid), product); + CHECK_EQ( + ccf::pal::snp::get_sev_snp_product( + cpuid.get_family_id(), cpuid.get_model_id()), + product); + + switch (product) + { + case ccf::pal::snp::ProductName::Milan: + CHECK_EQ(cpuid.get_family_id(), 0x19); + CHECK_EQ(cpuid.get_model_id(), 0x01); + break; + case ccf::pal::snp::ProductName::Genoa: + CHECK_EQ(cpuid.get_family_id(), 0x19); + CHECK_EQ(cpuid.get_model_id(), 0x11); + break; + case ccf::pal::snp::ProductName::Turin: + CHECK_EQ(cpuid.get_family_id(), 0x1A); + CHECK_EQ(cpuid.get_model_id(), 0x02); + break; + default: + FAIL("Unexpected SNP product"); + break; + } + } +} + struct QuoteEndorsementsTestCase { std::vector attestation; From 9b409c93fead6fdec49d44125d18e4e11c4904d0 Mon Sep 17 00:00:00 2001 From: cjen1-msft Date: Wed, 18 Mar 2026 11:28:35 +0000 Subject: [PATCH 3/6] Add links out to revision guides --- include/ccf/pal/sev_snp_cpuid.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/ccf/pal/sev_snp_cpuid.h b/include/ccf/pal/sev_snp_cpuid.h index 932be9b1c482..152af461863a 100644 --- a/include/ccf/pal/sev_snp_cpuid.h +++ b/include/ccf/pal/sev_snp_cpuid.h @@ -150,10 +150,16 @@ namespace ccf::pal::snp switch (product) { case ProductName::Milan: + // See Table 2 of "Revision Guide for 19h 00h-0Fh Processors" + // https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/revision-guides/56683.pdf return "00a00f11"; case ProductName::Genoa: + // See Table 2 of "Revision Guide for 19h 10h-1Fh Processors" + // https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/revision-guides/57095-PUB_1_01.pdf return "00a10f11"; case ProductName::Turin: + // See Table 2 of "Revision Guide for 1Ah 00h-0Fh Processors" + // https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/revision-guides/58251.pdf return "00b00f21"; default: throw std::logic_error(fmt::format( From f65851a4c67d716a30640effdf88406d8e25bbdb Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 18 Mar 2026 11:40:18 +0000 Subject: [PATCH 4/6] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- src/pal/test/snp_attestation_validation.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/pal/test/snp_attestation_validation.cpp b/src/pal/test/snp_attestation_validation.cpp index 37daca34aff7..6b91d17ac4ef 100644 --- a/src/pal/test/snp_attestation_validation.cpp +++ b/src/pal/test/snp_attestation_validation.cpp @@ -94,12 +94,13 @@ TEST_CASE("Mismatched attestation and endorsements fail") pal::PlatformAttestationMeasurement measurement; pal::PlatformAttestationReportData report_data; - CHECK_THROWS_WITH( + CHECK_THROWS_WITH_AS( pal::verify_snp_attestation_report( mismatched_quote, measurement, report_data), doctest::Contains( "SEV-SNP: The root of trust public key for this attestation " - "was not the expected one")); + "was not the expected one"), + std::logic_error); } TEST_CASE("Parsing of Tcb versions from strings") From 8ba9a2398c75d8dfbae7d24701a4636ed51b5f8a Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 18 Mar 2026 11:40:29 +0000 Subject: [PATCH 5/6] Update include/ccf/pal/sev_snp_cpuid.h --- include/ccf/pal/sev_snp_cpuid.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/ccf/pal/sev_snp_cpuid.h b/include/ccf/pal/sev_snp_cpuid.h index 152af461863a..47e040aaaa0f 100644 --- a/include/ccf/pal/sev_snp_cpuid.h +++ b/include/ccf/pal/sev_snp_cpuid.h @@ -160,6 +160,7 @@ namespace ccf::pal::snp case ProductName::Turin: // See Table 2 of "Revision Guide for 1Ah 00h-0Fh Processors" // https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/revision-guides/58251.pdf + # See Table 5 in https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/revision-guides/58251.pdf return "00b00f21"; default: throw std::logic_error(fmt::format( From ede0cb3000f857139b25b76d629e801c6b712fd2 Mon Sep 17 00:00:00 2001 From: Amaury Chamayou Date: Wed, 18 Mar 2026 11:40:53 +0000 Subject: [PATCH 6/6] Apply suggestion from @achamayou --- include/ccf/pal/sev_snp_cpuid.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/ccf/pal/sev_snp_cpuid.h b/include/ccf/pal/sev_snp_cpuid.h index 47e040aaaa0f..152af461863a 100644 --- a/include/ccf/pal/sev_snp_cpuid.h +++ b/include/ccf/pal/sev_snp_cpuid.h @@ -160,7 +160,6 @@ namespace ccf::pal::snp case ProductName::Turin: // See Table 2 of "Revision Guide for 1Ah 00h-0Fh Processors" // https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/revision-guides/58251.pdf - # See Table 5 in https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/revision-guides/58251.pdf return "00b00f21"; default: throw std::logic_error(fmt::format(