This bug was fixed in the package linux-gcp - 6.17.0-1003.3
---------------
linux-gcp (6.17.0-1003.3) questing; urgency=medium
* questing/linux-gcp: 6.17.0-1003.3 -proposed tracker (LP: #2126042)
* Packaging resync (LP: #1786013)
- [Packaging] update Ubuntu.md
* linux-gcp: NVIDIA Grace platform support (LP: #2111859)
- [Packaging] gcp: enable CONFIG_CPUFREQ_ARCH_CUR_FREQ
- [Packaging] gcp: enable CONFIG_ARM64_CONTPTE
* Add SVSM vTPM support for AMD SEV-SNP confidential VMs (LP: #2111956)
- [Config] gcp: Make tpm_svsm built-in
* Miscellaneous Ubuntu changes
- [Packaging] gcp: remove DESC and =HUMAN= substitution
[ Ubuntu: 6.17.0-6.6 ]
* questing/linux: 6.17.0-6.6 -proposed tracker (LP: #2126040)
* Questing update: v6.17.1 upstream stable release (LP: #2126948)
- blk-mq: fix blk_mq_tags double free while nr_requests grown
- gcc-plugins: Remove TODO_verify_il for GCC >= 16
- scsi: target: target_core_configfs: Add length check to avoid buffer
overflow
- ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free
- wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()
- media: b2c2: Fix use-after-free causing by irq_check_work in
flexcop_pci_remove
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in
probe
- media: tuner: xc5000: Fix use-after-free in xc5000_release
- media: rc: fix races with imon_disconnect()
- media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID
- mm: swap: check for stable address space before operating on the VMA
- wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()
- media: iris: Fix memory leak by freeing untracked persist buffer
- media: stm32-csi: Fix dereference before NULL check
- ASoC: qcom: audioreach: fix potential null pointer dereference
- Linux 6.17.1
* RISC-V kernel config is out of sync with other archs (LP: #1981437)
- [Config] riscv64: Update EFI_SBAT_FILE
- [Config] riscv64: Enable EFI_ZBOOT
- [Config] riscv64: Disable support for non-RVA23 SoCs
- [Config] riscv64: Disable RISCV_ISA_FALLBACK
- [Config] riscv64: Sync config with other architectures
* Miscellaneous Ubuntu changes
- [Config] updateconfigs after rebase to 6.17
-- Timo Aaltonen <[email protected]> Thu, 09 Oct 2025
16:11:04 +0300
** Changed in: linux-gcp (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-gke in Ubuntu.
https://bugs.launchpad.net/bugs/2111956
Title:
Add SVSM vTPM support for AMD SEV-SNP confidential VMs
Status in linux-gcp package in Ubuntu:
Fix Released
Status in linux-gke package in Ubuntu:
New
Status in linux-gcp source package in Noble:
Fix Released
Status in linux-gke source package in Noble:
Fix Released
Status in linux-gcp source package in Plucky:
Fix Released
Bug description:
SRU Justification
[Impact]
Google has made a request for SVSM vTPM support in linux-gcp kernels 6.8 and
later.
[Fix]
Patches requested in the support case:
980a573621ea ("tpm: Make chip->{status,cancel,req_canceled} opt")
770de678bc28 ("x86/sev: Add SVSM vTPM probe/send_command functions")
b2849b072366 ("svsm: Add header with SVSM_VTPM_CMD helpers")
93b7c6b3ce91 ("tpm: Add SNP SVSM vTPM driver")
e396dd85172c ("x86/sev: Register tpm-svsm platform device")
The config for all kernels must have CONFIG_TCG_SVSM=y
6.8 also requires the changes from this pull request:
https://lore.kernel.org/lkml/20240716095557.GAZpZDrdC3HA0Zilxr@fat_crate.local/
and CONFIG_SEV_GUEST=m/y and CONFIG_TSM_REPORTS=y
[Test Plan]
Testing will be performed by Google.
[Regression Potential]
These changes are in core kernel security modules, so care should be taken to
ensure that patches are applied correctly to avoid creating new security
vulnerabilities.
[Other]
SF #00409503
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-gcp/+bug/2111956/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
