Bug#959069: marked as done (linux-image-5.5.0-2-amd64 won't boot in a AMD SEV Virtual Machine)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 10 Aug 2021 07:00:09 +0000
with message-id <E1mDLk9-000Frn-Gk@fasolo.debian.org>
and subject line Bug#989040: fixed in linux 5.13.9-1~exp1
has caused the Debian Bug report #989040,
regarding linux-image-5.5.0-2-amd64 won't boot in a AMD SEV Virtual Machine
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
989040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989040
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: linux-image-5.5.0-2-amd64 won't boot in a AMD SEV Virtual Machine
• From: James Bottomley <James.Bottomley@HansenPartnership.com>
• Date: Tue, 28 Apr 2020 19:37:28 -0700
• Message-id: <1588127848.17043.5.camel@HansenPartnership.com>

Subject: linux-image-5.5.0-2-amd64 won't boot in a AMD SEV Virtual Machine
Package: src:linux
Version: 5.5.17-1
Severity: important

The boot failure is total: not even a console log can be seen, and
seems to be due to the necessary memory encryption option not being set
in the debian kernel: 

# CONFIG_AMD_MEM_ENCRYPT is not set

In spite of the fact that the rest of the SEV encryption variables are
set:

CONFIG_KVM_AMD_SEV=y
CONFIG_USB_SEVSEG=m

So I'm reporting this on the assumption that it is supposed to work out
of the box and not setting AMD_MEM_ENCRYPT was an oversight.  Not
setting this means that all the I/O devices are sending encrypted
memory pages through to QEMU which is what's causing the hang.  With
this set, the kernel would bounce all the encrypted pages into
unencrypted pages before sending them to devices.

James

--- End Message ---

--- Begin Message ---

• To: 989040-close@bugs.debian.org
• Subject: Bug#989040: fixed in linux 5.13.9-1~exp1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Tue, 10 Aug 2021 07:00:09 +0000
• Message-id: <E1mDLk9-000Frn-Gk@fasolo.debian.org>
• Reply-to: Bastian Blank <waldi@debian.org>

Source: linux
Source-Version: 5.13.9-1~exp1
Done: Bastian Blank <waldi@debian.org>

We believe that the bug you reported is fixed in the latest version of
linux, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 989040@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Blank <waldi@debian.org> (supplier of updated linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 09 Aug 2021 18:35:43 +0200
Source: linux
Architecture: source
Version: 5.13.9-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Bastian Blank <waldi@debian.org>
Closes: 972459 983586 985689 989040 991835
Changes:
 linux (5.13.9-1~exp1) experimental; urgency=medium
 .
   * New upstream release: https://kernelnewbies.org/Linux_5.11
   * New upstream release: https://kernelnewbies.org/Linux_5.12
   * New upstream release: https://kernelnewbies.org/Linux_5.13
 .
   [ Bastian Blank ]
   * Always build-depend on native libelf-dev.
   * Specify trusted certs file in package config.
   * Enable PROC_VMCORE.
   * Enable SECURITYFS.
   * Re-enable IMA. (closes: #972459)
   * [x86] Enable AMD_MEM_ENCRYPT. (closes: #983586, #989040)
   * Enable UNICODE. (closes: #985689)
   * Enable CGROUP_MISC.
   * [x86] Enable PINCTRL_ALDERLAKE, PINCTRL_ELKHARTLAKE, PINCTRL_EMMITSBURG,
     PINCTRL_JASPERLAKE, PINCTRL_LAKEFIELD.
   * [amd64] Enable MICROSOFT_MANA.
   * [arm64] Enable GVE. (closes: #991835)
Checksums-Sha1:
 5479ca107cffeab1595112575aac406b80124540 200741 linux_5.13.9-1~exp1.dsc
 53cfb5734a9b9e413f5bde50cb2e660b7278c3eb 125129168 linux_5.13.9.orig.tar.xz
 1752be52059993aa7780023bea7dc26a03beaf94 1390800 linux_5.13.9-1~exp1.debian.tar.xz
 951849fde2e5cbf386fd1cdb6d2b694477f8fd9a 6361 linux_5.13.9-1~exp1_source.buildinfo
Checksums-Sha256:
 72c9461f20dd827a886663b6a17f1fa0acdb48c51e4088bc99309f2e81398255 200741 linux_5.13.9-1~exp1.dsc
 3f430048e3b2d76eb55f9dd968742c050701fe4c352c8c13217ee7ab0f4f3672 125129168 linux_5.13.9.orig.tar.xz
 7d443384bc8788b1f10594fbf6000ddd1621b82eb7ce77fc9d2f4f147149255b 1390800 linux_5.13.9-1~exp1.debian.tar.xz
 66fa8899d2d61fb647cf098228501b97df5166e24e6e3b552d2454f67283c8f4 6361 linux_5.13.9-1~exp1_source.buildinfo
Files:
 344bb9ed99a30393f55d30ff56944547 200741 kernel optional linux_5.13.9-1~exp1.dsc
 f7cdacf31a444525d9ef229909551a18 125129168 kernel optional linux_5.13.9.orig.tar.xz
 87abf9331b0832291f9c204a9fd3f82b 1390800 kernel optional linux_5.13.9-1~exp1.debian.tar.xz
 bffd60faee8a42be070844d76180fc99 6361 kernel optional linux_5.13.9-1~exp1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFFBAEBCgAvFiEER3HMN63jdS1rqjxLbZOIhYpp/lEFAmERWz4RHHdhbGRpQGRl
Ymlhbi5vcmcACgkQbZOIhYpp/lHNVgf/aiAHJ5Xe8tVVHsqfPi3qa12G+TvxQIhS
Nf6ISAUKS/0ZJ+IV44a+P8gxFvsz/vFDKuhYMMYfqMcqRFDcSAawGjDl5/6zCSrf
W5tKkHoJYxLZtTHyXgzijv/Z+rw0cBcac2YLvbKev6hpwb2fkuEpIQq9HYnra1m0
vGoUxZwYA4Qp85As3RxoAlKss/Fzj/uWoPPXu3fTjIm0hM83WP6LbbkL75aN949m
XgKsD16p0EqpjoALcoIF+RkR65oNk08rOadfDgssbeXTSbhDRAkk0tjVapuycuEG
n+NFnNO3rHr49d5lZfMaEFcTKxOOWQwcz+4mdnDChXWTRhSrJbJ2gw==
=w7b1
-----END PGP SIGNATURE-----

--- End Message ---