From e0fe92841860a7b769f73ffdb7126c0d6915d8fa Mon Sep 17 00:00:00 2001
From: cjen1-msft <chrisjensen@microsoft.com>
Date: Wed, 18 Mar 2026 13:16:09 +0000
Subject: [PATCH 1/4] Doc and changelog

---
 CHANGELOG.md                     |  8 ++++++++
 doc/operations/platforms/snp.rst | 21 +++++++++++++++++++--
 python/pyproject.toml            |  2 +-
 3 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 043790de0325..524e9338cbe4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [7.0.0-dev13]
+
+[7.0.0-dev13]: https://github.com/microsoft/CCF/releases/tag/ccf-7.0.0-dev13
+
+### Fixed
+
+- Fixed the Turin SEV-SNP CPUID mapping used for product detection.
+
 ## [7.0.0-dev12]
 
 [7.0.0-dev12]: https://github.com/microsoft/CCF/releases/tag/ccf-7.0.0-dev12
diff --git a/doc/operations/platforms/snp.rst b/doc/operations/platforms/snp.rst
index baa9edbee41a..992ef8ab4458 100644
--- a/doc/operations/platforms/snp.rst
+++ b/doc/operations/platforms/snp.rst
@@ -187,7 +187,7 @@ To set the minimum TCB version for a specific CPU model, you can use the followi
           "name": "set_snp_minimum_tcb_version_hex",
           "args": {
             "cpuid": "00a00f11",
-            "tcb_version": "d315000000000004"
+            "tcb_version": "db18000000000004"
           }
         }
       ]
@@ -195,6 +195,22 @@ To set the minimum TCB version for a specific CPU model, you can use the followi
 
 The parsed TCB version mapped to that cpuid in the :ref:`audit/builtin_maps:``nodes.snp.tcb_versions``` table, which is used to validate the TCB version of joining nodes.
 
+.. note:: 
+  `Milan <https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dcasv5-series>`__
+  and `Genoa <https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dcasv6-series>`__
+  are currently deployed in Azure Container Instances.
+  As of March 2026, reasonable minimum values are:
+
+  +-------+----------+---------------------+
+  | Model | CPUID    | Minimum TCB Version |
+  +=======+==========+=====================+
+  | Milan | 00a00f11 | db18000000000004    |
+  +-------+----------+---------------------+
+  | Genoa | 00a10f11 | 541700000000000a    |
+  +-------+----------+---------------------+
+  | Turin | 00b00f21 | 5100000004010101    |
+  +-------+----------+---------------------+
+
 .. note::
     The CPUID and TCB version must be input as lower-case hex-strings. The values in the above example are for Milan CPUs, and can be expanded as follows:
 
@@ -220,7 +236,7 @@ The parsed TCB version mapped to that cpuid in the :ref:`audit/builtin_maps:``no
 
     SNP attestation structures contain the combined Family (``Extended Family + Base Family``) and Model (``Extended Model : Base Model``) values, so 25 (0x19) and 1 (0x01) respectively for the above Milan example.
 
-    The above TCB version ``d315000000000004`` is for a Milan CPU. 
+    The TCB version ``d315000000000004`` is for a Milan CPU. 
     It, and also TCB versions for Genoa CPUs, can be expanded as follows:
 
     +-------------------+------------------+
@@ -259,6 +275,7 @@ The parsed TCB version mapped to that cpuid in the :ref:`audit/builtin_maps:``no
     | FMC               | 85  |       0x55 |
     +-------------------+-----+------------+
 
+
 Testing CCF's attestation validation
 -----------------------------------------------------
 
diff --git a/python/pyproject.toml b/python/pyproject.toml
index f67cd71e5fc5..3d600a70d594 100644
--- a/python/pyproject.toml
+++ b/python/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "ccf"
-version = "7.0.0.dev12"
+version = "7.0.0.dev13"
 authors = [
   { name="CCF Team", email="CCF-Sec@microsoft.com" },
 ]

From 3496871a8bf3a2ccf5c0b544472472481e31c4cf Mon Sep 17 00:00:00 2001
From: cjen1-msft <chrisjensen@microsoft.com>
Date: Wed, 18 Mar 2026 13:20:35 +0000
Subject: [PATCH 2/4] Add pr version

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 524e9338cbe4..dbe0efc97491 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ### Fixed
 
-- Fixed the Turin SEV-SNP CPUID mapping used for product detection.
+- Fixed the Turin SEV-SNP CPUID mapping used for product detection. (#7748)
 
 ## [7.0.0-dev12]
 

From 15a8af8e06edb17f48dd2c56a9cee9ce06e1d395 Mon Sep 17 00:00:00 2001
From: cjen1-msft <chrisjensen@microsoft.com>
Date: Wed, 18 Mar 2026 13:51:01 +0000
Subject: [PATCH 3/4] propagate changes

---
 doc/operations/platforms/snp.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/operations/platforms/snp.rst b/doc/operations/platforms/snp.rst
index 992ef8ab4458..d171434069cf 100644
--- a/doc/operations/platforms/snp.rst
+++ b/doc/operations/platforms/snp.rst
@@ -236,7 +236,7 @@ The parsed TCB version mapped to that cpuid in the :ref:`audit/builtin_maps:``no
 
     SNP attestation structures contain the combined Family (``Extended Family + Base Family``) and Model (``Extended Model : Base Model``) values, so 25 (0x19) and 1 (0x01) respectively for the above Milan example.
 
-    The TCB version ``d315000000000004`` is for a Milan CPU. 
+    The TCB version ``db18000000000004`` is for a Milan CPU. 
     It, and also TCB versions for Genoa CPUs, can be expanded as follows:
 
     +-------------------+------------------+
@@ -244,9 +244,9 @@ The parsed TCB version mapped to that cpuid in the :ref:`audit/builtin_maps:``no
     | TCB Version Field +-----+------------+
     |                   | dec |        hex |
     +===================+=====+============+
-    | Microcode         | 211 |       0xd3 |
+    | Microcode         | 219 |       0xdb |
     +-------------------+-----+------------+
-    | SNP               | 21  |       0x15 |
+    | SNP               | 24  |       0x18 |
     +-------------------+-----+------------+
     | Reserved          | 0   | 0x00000000 |
     +-------------------+-----+------------+

From 61bf73d5ac62e2ec88088a73271bb8272f20015e Mon Sep 17 00:00:00 2001
From: cjen1-msft <chrisjensen@microsoft.com>
Date: Wed, 18 Mar 2026 13:51:49 +0000
Subject: [PATCH 4/4] remove whitespace

---
 doc/operations/platforms/snp.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/operations/platforms/snp.rst b/doc/operations/platforms/snp.rst
index d171434069cf..3dde476274f2 100644
--- a/doc/operations/platforms/snp.rst
+++ b/doc/operations/platforms/snp.rst
@@ -195,7 +195,7 @@ To set the minimum TCB version for a specific CPU model, you can use the followi
 
 The parsed TCB version mapped to that cpuid in the :ref:`audit/builtin_maps:``nodes.snp.tcb_versions``` table, which is used to validate the TCB version of joining nodes.
 
-.. note:: 
+.. note::
   `Milan <https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dcasv5-series>`__
   and `Genoa <https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dcasv6-series>`__
   are currently deployed in Azure Container Instances.