Drop support for 5.x kernels (#7126)

achamayou · web-flow · commit 28d57e4afb10 · 2025-07-22T12:49:29.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 - CCF no longer has platform-specific builds. The single build configuration will run on both SNP and Virtual, automatically detecting the current platform at runtime. This means the `COMPILE_TARGET` CMake option is no longer required, and all release artifacts no longer have a platform in their path.
 - The `logging.host_level` configuration option and `--enclave-log-level` CLI switch are replaced by a combined `--log-level` CLI switch (#7104).
+- Drop support for `5.*` Linux kernels exposing `/dev/sev`. Only `6.*+` Linux kernels exposing `/dev/sev-guest` are now supported (#7109).
 
 ### Removed
 
diff --git a/include/ccf/pal/snp_ioctl.h b/include/ccf/pal/snp_ioctl.h
@@ -2,24 +2,19 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "ccf/pal/snp_ioctl5.h"
 #include "ccf/pal/snp_ioctl6.h"
 
 namespace ccf::pal::snp
 {
   static inline bool supports_sev_snp()
   {
-    return ioctl5::supports_sev_snp() || ioctl6::supports_sev_snp();
+    return ioctl6::supports_sev_snp();
   }
 
   static std::unique_ptr<AttestationInterface> get_attestation(
     const PlatformAttestationReportData& report_data)
   {
-    if (ioctl5::supports_sev_snp())
-    {
-      return std::make_unique<ioctl5::Attestation>(report_data);
-    }
-    else if (ioctl6::supports_sev_snp())
+    if (ioctl6::supports_sev_snp())
     {
       return std::make_unique<ioctl6::Attestation>(report_data);
     }
diff --git a/include/ccf/pal/snp_ioctl5.h b/include/ccf/pal/snp_ioctl5.h
diff --git a/samples/scripts/snpinfo.sh b/samples/scripts/snpinfo.sh
@@ -4,17 +4,14 @@
 
 set +e
 
-# Path to the SEV guest device on patched 5.x kernels
-AMD_SEV_DEVICE="/dev/sev"
+
 # Path to the SEV guest device from 6.0 onwards
 # https://www.kernel.org/doc/html/v6.0/virt/coco/sev-guest.html
 AMD_SEV_GUEST_DEVICE="/dev/sev-guest"
 
 echo "AMD SEV-SNP DEVICE:"
-if test -c "$AMD_SEV_DEVICE"; then
-    echo "$AMD_SEV_DEVICE detected."
-elif test -c "$AMD_SEV_GUEST_DEVICE"; then
+if test -c "$AMD_SEV_GUEST_DEVICE"; then
     echo "$AMD_SEV_GUEST_DEVICE detected."
 else
-    echo "Neither $AMD_SEV_DEVICE, nor $AMD_SEV_GUEST_DEVICE detected."
+    echo "$AMD_SEV_GUEST_DEVICE was not detected."
 fi
diff --git a/tests/infra/platform_detection.py b/tests/infra/platform_detection.py
@@ -11,16 +11,11 @@ class Platform(StrEnum):
     SNP = "snp"
 
 
-# Path to the SEV guest device on patched 5.x kernels
-_SEV_DEVICE_LINUX_5 = "/dev/sev"
-
 # Path to the SEV guest device from 6.0 onwards
 # https://www.kernel.org/doc/html/v6.0/virt/coco/sev-guest.html
 _SEV_DEVICE_LINUX_6 = "/dev/sev-guest"
 
-SNP_SUPPORT = any(
-    path.exists(dev) for dev in [_SEV_DEVICE_LINUX_5, _SEV_DEVICE_LINUX_6]
-)
+SNP_SUPPORT = any(path.exists(dev) for dev in [_SEV_DEVICE_LINUX_6])
 
 
 def _detect_platform():

Original file line number	Diff line number	Diff line change
`@@ -2,24 +2,19 @@`
`2`	`2`	`// Licensed under the Apache 2.0 License.`
`3`	`3`	`#pragma once`
`4`	`4`
`5`		`-#include "ccf/pal/snp_ioctl5.h"`
`6`	`5`	`#include "ccf/pal/snp_ioctl6.h"`
`7`	`6`
`8`	`7`	`namespace ccf::pal::snp`
`9`	`8`	`{`
`10`	`9`	`static inline bool supports_sev_snp()`
`11`	`10`	`{`
`12`		`- return ioctl5::supports_sev_snp() \|\| ioctl6::supports_sev_snp();`
	`11`	`+ return ioctl6::supports_sev_snp();`
`13`	`12`	`}`
`14`	`13`
`15`	`14`	`static std::unique_ptr<AttestationInterface> get_attestation(`
`16`	`15`	`const PlatformAttestationReportData& report_data)`
`17`	`16`	`{`
`18`		`- if (ioctl5::supports_sev_snp())`
`19`		`- {`
`20`		`- return std::make_unique<ioctl5::Attestation>(report_data);`
`21`		`- }`
`22`		`- else if (ioctl6::supports_sev_snp())`
	`17`	`+ if (ioctl6::supports_sev_snp())`
`23`	`18`	`{`
`24`	`19`	`return std::make_unique<ioctl6::Attestation>(report_data);`
`25`	`20`	`}`