[PATCH v3 5/7] tools: secure guest check for AMD in virt-host-validate
Erik Skultety
eskultet at redhat.com
Mon Jun 15 14:21:29 UTC 2020
On Mon, Jun 15, 2020 at 10:28:10AM +0200, Paulo de Rezende Pinatti wrote:
> From: Boris Fiuczynski <fiuczy at linux.ibm.com>
>
> Add checking in virt-host-validate for secure guest support
> on x86 for AMD Secure Encrypted Virtualization.
>
> Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
> Reviewed-by: Paulo de Rezende Pinatti <ppinatti at linux.ibm.com>
> Reviewed-by: Bjoern Walk <bwalk at linux.ibm.com>
> Reviewed-by: Erik Skultety <eskultet at redhat.com>
> ---
RB still stands, I just noticed that we require users to set mem_encrypt=on for
SEV which we know is not mandatory, so I dropped that bit, we can recommend
mem_encrypt somewhere else in the docs or kbase.
diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index f68c9c7c96..f05252439e 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -506,8 +506,8 @@ int virHostValidateSecureGuests(const char *hvname,
if (mod_value[0] != '1') {
virHostMsgFail(level,
"AMD Secure Encrypted Virtualization appears to be "
- "disabled in kernel. Add kvm_amd.sev=1 "
- "to the kernel cmdline arguments");
+ "disabled in kernel. Add mem_encrypt=on "
+ "kvm_amd.sev=1 to kernel cmdline arguments");
return 0;
}
More information about the libvir-list
mailing list