Update SNP guest attestation

1. Update SEV-SNP testcase and config to support
snpguest tool installation from source.
2. Enhance CPU model detection for broader platform support.
3. Update SNP policy values, add a debug policy variant
4. Improve error handling in the testcase script.
5. Add snp_attestation.cfg to include newly introduced parameters.

Signed-off-by: Srikanth Aithal <[email protected]>

Author: bssrikanth

qemu/tests/cfg/snp_attestation.cfg

@@ -0,0 +1,43 @@
+- snp_attestation:
+    type = snp_basic_config
+    only Linux
+    kill_vm = yes
+    login_timeout = 240
+    start_vm = no
+    image_snapshot = yes
+    mem = 8192
+    smp = 8
+    required_qemu = [9.1.0, )
+    vm_secure_guest_type = snp
+    vm_sev_reduced_phys_bits = 1
+    vm_sev_cbitpos = 51
+    virtio_dev_disable_legacy = on
+    vm_mem_backend = memory-backend-memfd
+    bios_path =  /usr/share/edk2/ovmf/OVMF.amdsev.fd
+    snp_module_path = "/sys/module/kvm_amd/parameters/sev_snp"
+    module_status = Y y 1
+    snp_guest_check = "journalctl|grep -i -w snp"
+    guest_tool_install = "dnf install -y snpguest"
+    snpguest_sourcebuild = 1
+    attestation_script = regular_attestation_workflow.sh
+    snpguest_install_script = snpguest_install.sh
+    guest_dir = /home
+    guest_cmd = ${guest_dir}/${attestation_script}
+    host_script = sev-snp/${attestation_script}
+    snpguest_buildcmd = "${guest_dir}/${snpguest_install_script} --repo https://github.com/virtee/snpguest.git --tag v0.9.1"
+    snpguest_build_location = sev-snp/${snpguest_install_script}
+    variants:
+        - policy_default:
+            snp_policy = 196608
+            vm_secure_guest_object_options = "policy=${snp_policy}"
+        - policy_debug:
+            snp_policy = 720896
+            vm_secure_guest_object_options = "policy=${snp_policy}"
+        - policy_singlesocket:
+            socket_count_cmd = 'lscpu |grep Socket|head -1 | cut -d ":" -f 2 | tr -d " "'
+            snp_policy = 1245184
+            vm_secure_guest_object_options = "policy=${snp_policy}"
+        - policy_singlesocket_debug:
+            socket_count_cmd = 'lscpu |grep Socket|head -1 | cut -d ":" -f 2 | tr -d " "'
+            snp_policy = 1769472
+            vm_secure_guest_object_options = "policy=${snp_policy}"

qemu/tests/snp_basic_config.py

@@ -36,18 +36,36 @@ def run(test, params, env):
         if int(process.getoutput(socket_count_cmd, shell=True)) != 1:
             test.cancel("Host cpu has more than 1 socket, skip the case.")
 
-    family_id = cpu.get_family()
-    model_id = cpu.get_model()
-    dict_cpu = {"251": "milan", "2517": "genoa", "2617": "turin"}
-    key = str(family_id) + str(model_id)
-    host_cpu_model = dict_cpu.get(key, "unknown")
-
+    family_id = int(cpu.get_family())
+    model_id = int(cpu.get_model())
+    dict_cpu = {
+        "milan": [25, 0, 15],
+        "genoa": [25, 16, 31],
+        "bergamo": [25, 160, 175],
+        "turin": [26, 0, 31],
+    }
+    host_cpu_model = None
+    for platform, values in dict_cpu.items():
+        if values[0] == family_id:
+            if model_id >= values[1] and model_id <= values[2]:
+                host_cpu_model = platform
+    if not host_cpu_model:
+        test.cancel("Unsupported paltform. Requires milan or above.")
+    test.log.info("Detected platform: %s", host_cpu_model)
     vm_name = params["main_vm"]
     vm = env.get_vm(vm_name)
     vm.create()
     vm.verify_alive()
     session = vm.wait_for_login(timeout=timeout)
     verify_dmesg()
+    # Check for /dev/sev-guest inside the guest
+    test.log.info("Checking for SNP attestation support in guest")
+    rc_code = session.cmd_status("ls /dev/sev-guest")
+    if rc_code:
+        test.cancel(
+            "Error: Unable to open /dev/sev-guest. Guest kernel support for "
+            "SNP attestation is missing."
+        )
     vm_policy = vm.params.get_numeric("snp_policy")
     guest_check_cmd = params["snp_guest_check"]
     sev_guest_info = vm.monitor.query_sev()
@@ -67,14 +85,20 @@ def run(test, params, env):
         host_file = os.path.join(deps_dir, host_script)
         try:
             vm.copy_files_to(host_file, guest_dir)
-            session.cmd_output(params["guest_tool_install"], timeout=240)
+            if params.get("snpguest_sourcebuild", "0") == "1":
+                snpguest_build_location = params["snpguest_build_location"]
+                install_snpguest = os.path.join(deps_dir, snpguest_build_location)
+                vm.copy_files_to(install_snpguest, guest_dir)
+                session.cmd_output(params["snpguest_buildcmd"], timeout=360)
+            else:
+                session.cmd_output(params["guest_tool_install"], timeout=240)
             session.cmd_output("chmod 755 %s" % guest_cmd)
         except Exception as e:
             test.fail("Guest test preperation fail: %s" % str(e))
         guest_cmd = guest_cmd + " " + host_cpu_model
         s = session.cmd_status(guest_cmd, timeout=360)
         if s:
-            test.fail("Guest script error")
+            test.fail("Guest script error, check the session logs for further details")
     finally:
         session.close()
         vm.destroy()