[PATCH 5/6] tools: secure guest check for AMD in virt-host-validate
Boris Fiuczynski
fiuczy at linux.ibm.com
Mon May 18 15:16:23 UTC 2020
On 5/18/20 3:01 PM, Erik Skultety wrote:
> On Mon, May 11, 2020 at 06:42:00PM +0200, Boris Fiuczynski wrote:
>> Add checking in virt-host-validate for secure guest support
>> on x86 for AMD Secure Encrypted Virtualization.
>>
>> Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
>> Reviewed-by: Paulo de Rezende Pinatti <ppinatti at linux.ibm.com>
>> Reviewed-by: Bjoern Walk <bwalk at linux.ibm.com>
>> ---
>> docs/kbase/launch_security_sev.rst | 7 ++++--
>> tools/virt-host-validate-common.c | 36 ++++++++++++++++++++++++++++--
>> tools/virt-host-validate-common.h | 1 +
>> 3 files changed, 40 insertions(+), 4 deletions(-)
>>
>> diff --git a/docs/kbase/launch_security_sev.rst b/docs/kbase/launch_security_sev.rst
>> index fa602c7432..45166b3886 100644
>> --- a/docs/kbase/launch_security_sev.rst
>> +++ b/docs/kbase/launch_security_sev.rst
>> @@ -30,8 +30,11 @@ Enabling SEV on the host
>> ========================
>>
>> Before VMs can make use of the SEV feature you need to make sure your
>> -AMD CPU does support SEV. You can check whether SEV is among the CPU
>> -flags with:
>> +AMD CPU does support SEV. You can run ``libvirt-host-validate``
>> +(libvirt >= 6.4.0) to check if your host supports secure guests or you
>> +can follow the manual checks below.
>> +
>> +You can manually check whether SEV is among the CPU flags with:
>
> ^this change should go along the (<6.4.0) in one of the earlier patches into a
> standalone patch.
Actually the earlier patches fix the stale cap cache and this update is
because of a new support in libvirt-host-validate. I am not sure that we
should tie these to into one patch.
I would prefer to keep the two doc changes separate and with the changes
that caused the update.
>
> Otherwise looking good.
>
Thanks but the changes need also to be adjusted as discussed on patch 3.
I will do so in a followup version.
--
Mit freundlichen Grüßen/Kind regards
Boris Fiuczynski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
More information about the libvir-list
mailing list