[PATCH v3 5/7] tools: secure guest check for AMD in virt-host-validate

Boris Fiuczynski fiuczy at linux.ibm.com
Mon Jun 15 14:31:03 UTC 2020


On 6/15/20 4:21 PM, Erik Skultety wrote:
> On Mon, Jun 15, 2020 at 10:28:10AM +0200, Paulo de Rezende Pinatti wrote:
>> From: Boris Fiuczynski <fiuczy at linux.ibm.com>
>>
>> Add checking in virt-host-validate for secure guest support
>> on x86 for AMD Secure Encrypted Virtualization.
>>
>> Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
>> Reviewed-by: Paulo de Rezende Pinatti <ppinatti at linux.ibm.com>
>> Reviewed-by: Bjoern Walk <bwalk at linux.ibm.com>
>> Reviewed-by: Erik Skultety <eskultet at redhat.com>
>> ---
> RB still stands, I just noticed that we require users to set mem_encrypt=on for
> SEV which we know is not mandatory, so I dropped that bit, we can recommend
> mem_encrypt somewhere else in the docs or kbase.
> 
> diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
> index f68c9c7c96..f05252439e 100644
> --- a/tools/virt-host-validate-common.c
> +++ b/tools/virt-host-validate-common.c
> @@ -506,8 +506,8 @@ int virHostValidateSecureGuests(const char *hvname,
>           if (mod_value[0] != '1') {
>               virHostMsgFail(level,
>                              "AMD Secure Encrypted Virtualization appears to be "
> -                           "disabled in kernel. Add kvm_amd.sev=1 "
> -                           "to the kernel cmdline arguments");
> +                           "disabled in kernel. Add mem_encrypt=on "
> +                           "kvm_amd.sev=1 to kernel cmdline arguments");
>               return 0;
>           }
> 

Erik,
I agree to the change which was an oversight in my changes for the 
adjusted AMD checks. Thanks for catching it.

-- 
Mit freundlichen Grüßen/Kind regards
    Boris Fiuczynski

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294





More information about the libvir-list mailing list