Notes:
- A CSF/PLAT/FWDEV are the firmware team's internal ticket trackers and are all the same.
- Normally the SEV FW included in this .zip file will be placed in /lib/firmware/amd and the Linux SEV driver will update the FW at boot time.
- It may be policy to bump the SEV FW Version as part of a PSP bootloader release even if no SEV changes are present.
- This log is relative to Genoa AGESA PI 1.0.0.8, since this is the first release of a field-updatable binary.

Requirements to hot-patch an image:
- The MinBLVersion is the minimum PSP Bootloader version that is required to run an SEV firmware image. This version is rarely bumped, if ever, since that would require a BIOS update to update the PSP Bootloader.
    * The current SEV binary's MinBLVersion requires a PSP BootLoader version of 00.29.00.61 or greater. Genoa AGESA PI 1.0.0.2 included a sufficient PSP Boot Loader.
- The MinUpgradeFrom feature (see SNP spec), which when bumped, requires the SNP Platform state to be UNINIT (and all SEV/SNP guests to be shutdown) to hot-patch that new firmware.

SPL Updates:
- On every SEV firmware release where a security mitigation has been added, the SNP SPL gets increased by 1. This is to let users know that it is important to update to this version. 
- Some security mitigations only require an SEV firmware update. Some mitigations require other components such as an updated microcode (can be hot patched), ABL, or SMU/PMFW.
- The goal is to allow hot-patching of the SEV firmware, but in some cases, multiple steps must be taken to ensure the system is secure. In some cases, that has been done with SPL clamping but moving forward this will be done with the SNPVerifyMitigation command.

Genoa Bootloader SPL Clamping:
SPL 0x8 is clamped to having a minimum BIOS of Genoa PI 100A and is associated with CSF-1938.
SPL 0x9 is clamped to having a minimum BIOS of Genoa PI 100C and is associated with CVE-2023-31351.
SPL 0xA is clamped to having a minimum BIOS of Genoa PI 100E and is associated with CVE-2024-36347.


---- Release Notes
Update SEV FW Version to 1.58.01 (hex 1.3A.01, SPL=0x1C) (released with PSP Bootloader 00.29.00.A4)
FWDEV-157495:[SEV]Adding additional checks in SNPPreInit
FWDEV-157495:[SEV]SNPPreinit fails if SNPInit has not yet been called on bootup
FWDEV-159283:[SEV]Allow calling SNPShutdown/SNPShutdownEX while SNP already in the UNINIT state
FWDEV-154579:CVE-2025-61971, CVE-2025-54510, CVE-2025-61972
FWDEV-153809:[SEV]Cleanup on specific SNPInit failures so can disable SNP
    - If the RMP is not enabled (ex. first boot or after a SNPShutdownEX with x86=1 and iommu=1)
      and SNPInitEX fails, firmware will clear the SNP_EN MSR so the platform is not stuck in 
      an undesirable state (so SEV or non-SEV guests can still be run).
PLAT-180022:[SEV]CVE-2024-21954
FWDEV-153814:[SEV]Bugfix: Guest count was not being incremented during GuestRequestImport
FWDEV-132901:[SEV]Security enhancements to SNPGuestRequest

Update SEV FW Version to 1.58.00 (hex 1.3A.00, SPL=0x1B)
FWDEV-146492:[SEV]Updating SEV firmware version to match SNP ABI version (v1.58). (Should always be in sync)
CSF-2282:[SEV]Adding SNP Preinit support
CSF-2284:[SEV]Updating VerifyMitigation error codes around CVE-2025-0027

Update SEV FW Version to 1.55.49 (hex 1.37.31, SPL=0x1B) (released with PSP Bootloader 00.29.00.A2)
FWDEV-125262:[SEV]CVE-2025-0027

Update SEV FW Version to 1.55.48 (hex 1.37.30, SPL=0x1B) (released with PSP Bootloader 00.29.00.A1)
FWDEV-119819:[SEV]CVE-2025-0033
FWDEV-134789:[SEV]Moving mitigation vector to persistent location
FWDEV-122496:[SEV]CVE-2025-48514. Disallow SEV-ES guests when SNP is enabled

Update SEV FW Version to 1.55.45 (hex 1.37.2D, SPL=0x1A) (released with PSP Bootloader 00.29.00.9F)
FWDEV-132900:[SEV]GuestRequest Commands should support all versions of messages
FWDEV-131116:[SEV]Bugfix around unmapping memory
FWDEV-132891:[SEV]Update SNP_PLATFORM_STATUS buffer to match SNP 1.58 ABI
FWDEV-130099:[SEV]Remove VM Check Subcommand in SNP_VERIFY_MITIGATION
FWDEV-126574:[SEV]CVE-2025-29952

Update SEV FW Version to 1.55.43 (hex 1.37.2B, SPL=0x19)
CSF-1994:[SEV]Check that pages after IOMMU buffers are HV_FIXED
FWDEV-123184:[SEV]Check committed SPL in VERIFY_MITIGATION
FWDEV-114173:[SEV]CVE-2025-0031

Update SEV FW Version to 1.55.42 (hex 1.37.2A, SPL=0x18) (released with PSP Bootloader 00.29.00.9D)
FWDEV-121416:[SEV]Slightly increase SNP_INIT speed
FWDEV-117726:[SEV]Reverting "CSF-2219:[SEV]SNP Preinit (RMPCreate + RMPInstall) Feature"
FWDEV-118943,FWDEV-117746:[SEV]Implement PAGE_SWAP_DISABLE bit
FWDEV-91533:[SEV]CVE-2024-21953

Update SEV FW Version to 1.55.41 (hex 1.37.29, SPL=0x18) (released with PSP Bootloader 00.29.00.9C)
FWDEV-114211:[SEV]Add SNP_VERIFY_MITIGATION Command
CSF-2252:[SEV]CVE-2024-36331
CSF-1994:[SEV]CVE-2023-20585
FWDEV-108343:[SEV]Guest Request Key Request Should not Exceed LaunchTCB

Update SEV FW Version to 1.55.40 (hex 1.37.28, SPL=0x17) (released with PSP Bootloader 00.29.00.9B)
FWDEV-105672,FWDEV-105675:[SEV]CVE-2024-36357, CVE-2024-36350

Update SEV FW Version to 1.55.39 (hex 1.37.27, SPL=0x17) (released with PSP Bootloader 00.29.00.9A)
PLAT-168471:[SEV]CVE-2024-36347
FWDEV-105117:[SEV]Security enhancement around keypair generation
FWDEV-103245:[SEV]Fix SNP Platform Status Buffer's Reserved Bit Count
FWDEV-92125:[SEV]Add CPUID (F/M/S) information to SEV/SNP attestation report
FWDEV-102152:[SEV]Implement TSC_INFO and HV_REPORT_REQ Commands
FWDEV-101988:[SEV]Implement RequestReport platform_info.ECC_EN

Update SEV FW Version to 1.55.38 (hex 1.37.26, SPL=0x16) (Bumped 'ATTESTATION_REPORT Structure' version to 3)
CSF-2221:[SEV]CVE-2024-21944
CSF-2232:[SEV]RMPInstall does not check IOMMU buffers properly
FWDEV-92683:[SEV]Fixing buffer over-read

Update SEV FW Version to 1.55.37 (hex 1.37.25, SPL=0x15) (released with PSP Bootloader 00.29.00.98)
CSF-2219:[SEV]SNP Preinit (RMPCreate + RMPInstall) Feature
CSF-1560:[SEV]Adding policy bit to detect CXL guest policy
CSF-1561:[SEV]Adding policy bit to require AES 256 XTS memory encryption
CSF-2213:[SEV]DRAM Permanent Area Clearing
CSF-2196:[SEV]Coverity fixes

Update SEV FW Version to 1.55.36 (hex 1.37.24, SPL=0x15) (MinUpgradeFrom initialized to 1) (released with PSP Bootloader 00.29.00.97)
FWDEV-72025:[SEV]CVE-2024-21965
CSF-2116:[SEV]CVE-2023-31352
CSF-2174:[SEV]Implement MinUpgradeFrom Feature for DLFW_EX
PLAT-146138:[SEV]CVE-2023-31351
CSF-2162:[SEV]CVE-2023-20582

Update SEV FW Version to 1.55.35 (hex 1.37.23, SPL=0x14)
CSF-2180:[SEV]Clear VLEK on ReportedTCB change
CSF-2184:[SEV]Running Guests After a DLFW_EX is Broken on Genoa
CSF-2170:[SEV]Enhancement to BNStore
CSF-2099:[SEV]CVE-2023-31340 
CSF-2154:[SEV]CVE-2024-21978

Update SEV FW Version to 1.55.34 (hex 1.37.22, SPL=0x14)
FWDEV-67408:[SEV]PAGE_UNSMASH fails if RMP address is just below 64MB boundary
CSF-2159:[SEV]CVE-2024-21980
CSF-2149:[SEV]access_df_reg_indirect can overread memory
CSF-2137:[SEV]CVE-2023-31355
FWDEV-67646:[SEV]Enhance support for PSP Bootloader SPL checks
FWDEV-67187:[SEV]Always read INITPKG7 before use
CSF-2141:[SEV]SNP_PAGE_MOVE uses incorrect chunk_size causing slow performance
CSF-2139:[SEV]SNP_INIT_EX HV-fixed range with page_count=0 is not ignored
CSF-2136:[SEV]Fix size calculation for scan_rmp
CSF-2120:[SEV]SNP_PAGE_MOVE error reporting can behave non-deterministically
CSF-2115:[SEV]Only mark asids as dirty after a DLFW or DLFW_EX with IOMMU_SNP_SHUTDOWN
CSF-2114:[SEV]Code cleanup and fixing invalid TCB comparison
CSF-2104:[SEV]SNP_PAGE_RECLAIM error reporting behaves non-deterministically with DEFAULT pages
CSF-2098:[SEV]Additional security checks around SNP_GUEST_REQUEST
CSF-2088:[SEV]Security enhancement around aes256gcm_authenticated_encrypt/decrypt
CSF-1991:[SEV]Additional return value checking

Update SEV FW Version to 1.55.33 (hex 1.37.21, SPL=0x13)
FWDEV-62785:[SEV]Add IOMMU Cache Soft Invalidate during SNP_SHUTDOWN Flow

Update SEV FW Version to 1.55.31 (hex 1.37.1F, SPL=0x13) (released with PSP Bootloader 00.29.00.95)
CSF-1938:[SEV]Ensure other FW versions correct for Bootloader SPL
PLAT-143551:[SEV]CVE-2023-31356
FWDEV-59609:[SEV]Additional security checks
CSF-1960:[SEV]DLFW after SNPEn=1 causes misreporting of committed version

Update SEV FW Version to 1.55.30 (hex 1.37.1E, SPL=0x12)
CSF-1957:[SEV]CVE-2023-31346
CSF-1955:[SEV]CVE-2023-31347
FWDEV-57852:[SEV]IOMMU Cache Disable during SNP_SHUTDOWN Flow
CSF-1939:[SEV]Improve FEATURE_INFO behavior

Update SEV FW Version to 1.55.29 (hex 1.37.1D, SPL=0x11)
CSF-1940:CVE-2023-31352

Update SEV FW Version to 1.55.28 (hex 1.37.1C, SPL=0x10) (released with PSP Bootloader 00.29.00.94)
CSF-1882:Implement SNP RAPL disabling support
CSF-1884:Bootloader support for fetching FW version info
CSF-1918:SNP INIT routine does not detect invalid encoding
CSF-1917:Fix error code for SEV output buffer not in FW state

Update SEV FW Version to 1.55.23 (hex 1.37.17, SPL=0xF) (released with PSP Bootloader 00.29.00.92)
CSF-1883:CVE-2023-20584

Update SEV FW Version to 1.55.21 (hex 1.37.15, SPL=0xE) (released with PSP Bootloader 00.29.00.91)
CSF-1872:Fix PAGE_SET_STATE subpage count issue
CSF-1859:New unmanaged bits in Fn8000_0021 EAX
CSF-1853:Add volatile to pointers to x86 memory
PLAT-133217:Enable SEV, SEV-SNP on 2x Narrow GMI configs

Update SEV FW Version to 1.55.20 (hex 1.37.14, SPL=0xE)
PLAT-134467:Fix CCX bit mask in asymmetric configurations

Update SEV FW Version to 1.55.18 (hex 1.37.12, SPL=0xE) (released with PSP Bootloader 00.29.00.90)
PLAT-103284:Port Extended Error work from Milan
PLAT-133880:Defer SEV SPI access until necessary

Update SEV FW Version to 1.55.17 (hex 1.37.11, SPL=0xE) (released with PSP Bootloader 00.29.00.8E)
CSF-1850:Fix walk_reserved_list()
PLAT-133436:Ensure the right core status is checked in APICID based accesses

Update SEV FW Version to 1.55.16 (hex 1.37.10, SPL=0xD) (released with PSP Bootloader 00.29.00.8D)
CSF-1845:Coverity clean up, no functional change
CSF-1815:Clear VCEK on stack in error conditions
CSF-1813:Incorrect compare for page boundary crossing
CSF-1822:Correct re-calc of map size in UNSMASH
CSF-1814:Incorrect cast of uint32 to int32 to int64

Update SEV FW Version to 1.55.09 (hex 1.37.09, SPL=0xD) (released with PSP Bootloader 00.29.00.8C)
CSF-1801:New SNP_SHUTDOWN flow
PLAT-132626:[SEV]Speed up SNP_INIT*
CSF-1812:[SEV]Address validation enhancement to snp_mcmd_init_common
CSF-1802:[SEV]Make FEATURE_INFO dependent on new SMU FW
PLAT-130145:[SEV]Allow RS B2 to mix with RS B1
