Notes:
- A CSF/PLAT/FWDEV are the firmware team's internal ticket trackers and are all the same.
- Normally the SEV FW included in this .zip file will be placed in /lib/firmware/amd and the Linux SEV driver will update the FW at boot time.
- It may be policy to bump the SEV FW Version as part of a PSP bootloader release even if no SEV changes are present.
- This log is relative to Turin AGESA PI 1.0.0.0, since that was the Turin launch BIOS.

Requirements to hot-patch an image:
- The MinBLVersion is the minimum PSP Bootloader version that is required to run an SEV firmware image. This version is rarely bumped, if ever, since that would require a BIOS update to update the PSP Bootloader.
- The MinUpgradeFrom feature (see SNP spec), which when bumped, requires the SNP Platform state to be UNINIT (and all SEV/SNP guests to be shutdown) to hot-patch that new firmware.

SPL Updates:
- On every SEV firmware release where a security mitigation has been added, the SNP SPL gets increased by 1. This is to let users know that it is important to update to this version. 
- Some security mitigations only require an SEV firmware update. Some mitigations require other components such as an updated microcode (can be hot patched), ABL, or SMU/PMFW.
- The goal is to allow hot-patching of the SEV firmware, but in some cases, multiple steps must be taken to ensure the system is secure. In some cases, that has been done with SPL clamping but moving forward this will be done with the SNPVerifyMitigation command.

Turin Bootloader SPL Clamping:
SPL 0x1 is clamped to having a minimum BIOS of Turin PI 1005 and is associated with CVE-2024-36347


---- Release Notes
Update SEV FW Version to 1.58.03 (hex 1.3A.03, SPL=5) (released with PSP Bootloader 00.3D.00.7F)
FWDEV-157495:[SEV]Adding additional checks in SNPPreInit
FWDEV-159358:[SEV]Allow calling SNPShutdown/SNPShutdownEX while SNP already in the UNINIT state
FWDEV-157496:[SEV]SNPPreinit fails if SNPInit has not yet been called on bootup
FWDEV-159308:[SEV]Bugfix: RMPUPDATE failed during TDI BIND on socket-1 VF
FWDEV-140985:[SEV]Bugfix: TDI_INFO fails in CONFIG_LOCKED state while it should not
FWDEV-158844:[SEV]Bugfix: MMIO RMP update fails for certain memory range
FWDEV-158842:[SEV]Bugfix: DevConnect fails after IDE_KM_QUERY
FWDEV-154580:[SEV]CVE-2025-61971, CVE-2025-54510, CVE-2025-61972

Update SEV FW Version to 1.58.02 (hex 1.3A.02, SPL=5) (released with PSP Bootloader 00.3D.00.7D)(Bootloader SPL bumped to 2)(TEE SPL bumped to 2)
FWDEV-135648:[SEV]Correcting TIO fresh measurement logic
FWDEV-153738:[SEV]Bugfix: Dev create command failing with INVALID_PAGE_STATE error
FWDEV-128261:[SEV]CVE-2025-54507
FWDEV-149777:[SEV]Fix TIO Root port ID lookup
FWDEV-146223:[SEV]Enhanced error handling in TIO mcmd's
FWDEV-129132:[SEV]Cleanup on specific SNPInit failures, so system can disable SNP
    - If the RMP is not enabled (ex. first boot or after a SNPShutdownEX with x86=1 and iommu=1)
      and SNPInitEX fails, firmware will clear the SNP_EN MSR so the platform is not stuck in 
      an undesirable state (so SEV or non-SEV guests can still be run).
FWDEV-153813:[SEV]Bugfix: SNPPlatformStatus Guest count was not being incremented during GuestRequestImport
FWDEV-136003:[SEV]Bugfix around Segmented RMP Rst Overlap checks
FWDEV-151971:[SEV]Allow nested SMN mapping

Update SEV FW Version to 1.58.00 (hex 1.3A.00, SPL=4) (released with PSP Bootloader 00.3D.00.7A)
FWDEV-146492:[SEV]Updating SEV firmware version to match SNP ABI version (v1.58). (Should always be in sync)
FWDEV-86922:[SEV]Fixing success check in SNP_INIT_EX when enabling TIO in the IOMMU
FWDEV-104053:[SEV]Add TIO related flags in SNP_PLATFORM_STATUS

Update SEV FW Version to 1.55.67 (hex 1.37.43, SPL=4) (released with PSP Bootloader 00.3D.00.79)
FWDEV-141056:[SEV]SNP Preinit - Add checking for VMSAVE_PA addresses for protected state in INIT_CONTINUE
FWDEV-117156:[SEV]2P System support in SEV-TIO

Update SEV FW Version to 1.55.66 (hex 1.37.42, SPL=4) (released with PSP Bootloader 00.3D.00.78)
FWDEV-137575:[SEV]Add SNP Preinit support
CSF-2288:[SEV]Refactor struct around init_ranges
CSF-2286:[SEV]Updating VerifyMitigation error codes around CVE-2025-0027
FWDEV-137251:[SEV]Fix TIO Measurement Type value

Update SEV FW Version to 1.55.65 (hex 1.37.41, SPL=4) (released with PSP Bootloader 00.3D.00.77)
FWDEV-125263:[SEV]CVE-2025-0027
FWDEV-134558:[SEV]Moving mitigation vector to persistent location
FWDEV-119816:[SEV]CVE-2025-0033
FWDEV-122497:[SEV]CVE-2025-48517. Disallow SEV-ES guests when SNP is enabled
FWDEV-132921:[SEV]GuestRequest Commands should support all versions of messages
FWDEV-132893:[SEV]Update SNP_PLATFORM_STATUS buffer to match SNP 1.58 ABI
FWDEV-131097:[SEV]Bugfix around unmapping memory
Initial TIO release

Update SEV FW Version to 1.55.63 (hex 1.37.3F, SPL=4) (released with PSP Bootloader 00.3D.00.75)
FWDEV-125991:[SEV]CVE-2025-29946
FWDEV-119816:[SEV]Simplify VerifyMitigation error handling
FWDEV-128533:[SEV]Enhancing implementation of RMP.Q2 writes

Update SEV FW Version to 1.55.62 (hex 1.37.3E, SPL=3) (released with PSP Bootloader 00.3D.00.74)
FWDEV-130089:[SEV]Remove VM Check Subcommand in SNP_VERIFY_MITIGATION
FWDEV-123315:[SEV]CVE-2025-29948
FWDEV-126573:[SEV]CVE-2025-29952
CSF-2268:[SEV]Merge TIO development branch into turin mainline branch

Update SEV FW Version to 1.55.61 (hex 1.37.3D, SPL=2) (released with PSP Bootloader 00.3D.00.73)(Bootloader SPL bumped to 1)
FWDEV-127183:[SEV]FMC, BL, and TOS SPLs Not Getting Set in SEV Firmware
FWDEV-126784:[SEV]Swap ASP version bytes
FWDEV-126784:[SEV]CVE-2024-36347

Update SEV FW Version to 1.55.60 (hex 1.37.3C, SPL=2) (released with PSP Bootloader 00.3D.00.72)
FWDEV-124716:[SEV]Check committed SPL in VERIFY_MITIGATION
FWDEV-120724:[SEV]Remove Hack to call SEV Shutdown on an SFS Reload

Update SEV FW Version to 1.55.59 (hex 1.37.3B, SPL=1) (released with PSP Bootloader 00.3D.00.71)
FWDEV-122805,PLAT-171256:[SEV]CVE-2025-0029
FWDEV-114172:[SEV]CVE-2025-0031
FWDEV-117840:[SEV]Remove logic to clear INV_TIMEOUT during SNP_INIT

Update SEV FW Version to 1.55.58 (hex 1.37.3A, SPL=1) (released with PSP Bootloader 00.3D.00.70)(Bumped 'ATTESTATION_REPORT Structure' version to 5)
FWDEV-119816:[SEV]Revert "FWDEV-80983:[SEV]SNP Preinit (RMPCreate + RMPInstall)"
FWDEV-118942:[SEV]Implement PAGE_SWAP_DISABLE bit
FWDEV-114209:[SEV]Add SNP_VERIFY_MITIGATION Command

Update SEV FW Version to 1.55.57 (hex 1.37.39, SPL=1) (released with PSP Bootloader 00.3D.01.6F)(Bumped 'ATTESTATION_REPORT Structure' version to 4)
FWDEV-109645:[SEV]Allow Fn8000001F_EBX Bit 31 to be 1
FWDEV-108834:[SEV]CVE-2023-20585

Update SEV FW Version to 1.55.56 (hex 1.37.38, SPL=0) (released with PSP Bootloader 00.3D.00.6E)
FWDEV-107867:[SEV]Conditionally check SEVSNPIO_SUP IOMMU bit
FWDEV-108344:[SEV]Guest Request Key Request Should not Exceed LaunchTCB

Update SEV FW Version to 1.55.55 (hex 1.37.37, SPL=0) (released with PSP Bootloader 00.3D.00.6D)
FWDEV-105226:[SEV]SegmentedRMP struct was not getting initialized after DLFW_EX
FWDEV-105116:[SEV]Security enhancement around keypair generation
FWDEV-104319:[SEV]IOMMU Initialization Code Should Not Be Setting RMP.Lock Bit for HV_FIXED

Update SEV FW Version to 1.55.54 (hex 1.37.36, SPL=0) (released with PSP Bootloader 00.3D.00.6C)
(No changes)

Update SEV FW Version to 1.55.53 (hex 1.37.35, SPL=0) (released with PSP Bootloader 00.3D.00.6B)(Bumped 'ATTESTATION_REPORT Structure' version to 3)
FWDEV-99556:[SEV]CVE-2024-21944
FWDEV-101904:[SEV]Add Additional CPUID Logic to Support Older VMs on Turin (Part 2)
FWDEV-92124:[SEV]Add CPUID (F/M/S) information to SEV/SNP attestation report

Update SEV FW Version to 1.55.52 (hex 1.37.34, SPL=0) (released with PSP Bootloader 00.3D.00.6A)
FWDEV-102154:[SEV]Implement TSC_INFO and HV_REPORT_REQ Commands 
FWDEV-102111:[SEV]Implement RequestReport platform_info.ECC_EN

Update SEV FW Version to 1.55.51 (hex 1.37.33, SPL=0) (released with PSP Bootloader 00.3D.00.69)
FWDEV-101904:[SEV]Add Additional CPUID Logic to Support Older VMs on Turin (Part 1)

Update SEV FW Version to 1.55.50 (hex 1.37.32, SPL=0) (released with PSP Bootloader 00.3D.00.68)
FWDEV-101227:[SEV]SegRMP fix during SNP INIT to support more configurations
FWDEV-100361:[SEV]Remove SNP INIT check for CXLIOEn and PageMigration_EN in IOMMU
FWDEV-99458:[SEV]Fail SNP_INIT_EX if CiphertextHiding set and CXL devices present on system

Update SEV FW Version to 1.55.47 (hex 1.37.2F, SPL=0) (released with PSP Bootloader 00.3D.00.65)
FWDEV-98574:[SEV]Remove SNP INIT check for GAPPI_EN = 1 in IOMMU
FWDEV-94485:[SEV]Update TIO page states to not conflict with TMPM

Update SEV FW Version to 1.55.46 (hex 1.37.2E, SPL=0) (released with PSP Bootloader 00.3D.00.64)
FWDEV-97053:[SEV]RMPInstall does not check IOMMU buffers properly
FWDEV-93879:[SEV]Fixing CPUID Check for Turin-Dense B0

