A new Linux driver patch series posted by AMD today introduces a new kernel driver “SFS” for Seamless Firmware Servicing. I hadn’t heard AMD talk about Seamless Firmware Servicing at any previous events but it appears to be supported for current-generation AMD EPYC 5th Gen “Turin” processors.
Today’s Linux driver patch series describes AMD Seamless Firmware Servicing as a secure means of applying non-persistent updates to running firmware for the non-x86 processor “uncore” portions of the CPU. The SFS patch series explains:
“AMD Seamless Firmware Servicing (SFS) is a secure method to allow non-persistent updates to running firmware and settings without requiring BIOS reflash and/or system reset.
SFS does not address anything that runs on the x86 processors and it can be used to update ASP firmware, modules, register settings and update firmware for other microprocessors like TMPM, etc.
SFS driver support adds ioctl support to communicate the SFS commands to the ASP/PSP by using the TEE mailbox interface.
The Seamless Firmware Servicing (SFS) driver is added as a PSP sub-device.
Includes a pre-patch for the SEV driver to add new API interface to extend the hypervisor fixed pages list passed to SNP_INIT_EX to allow other PSP sub-devices such as the SFS driver to add their HV_Fixed pages to this list.”
As I don’t recall AMD talking about Seamless Firmware Servicing (SFS) at previous EPYC events, I was thinking at first this was a feature coming for next-generation EPYC Zen 6 processors… Especially with 5th Gen EPYC “Turin” being out for a year already and much of the Turin Linux kernel patches having been merged in a timely manner in advance of launch. But after searching about AMD SFS, it turns out this is already supported with Turin and had been publicly documented in 2024 albeit not widely promoted. Surprisingly rather late now for getting this into the mainline Linux kernel long after the initial debut of the AMD EPYC 9005 series.
The AMD technical documentation further summarizes Seamless Firmware Servicing as:
“AMD created SFS as a secure method to allow non-persistent updates to running firmware and settings without requiring a BIOS reflash and/or system reset. This approach improves system stability by allowing patches to address a few selected “high-benefit/low-risk-to-mitigate” issues on running systems. SFS can improve overall system health without increasing maintenance downtime.
In addition, SFS patching can mitigate some security issues which can reduce the frequency of unplanned maintenance events.
SFS does not patch code that is normally part of customer BIOS and runs on x86, such as SMM, AGESA, or UEFI; nor is it able to update run-once code, such as AGESA boot loader (ABL). The intent of SFS is solely for the purposes stated above.”
The AMD Seamless Firmware Servicing driver is now under review as it now works its way to getting into the mainline Linux kernel.
