[PATCH 5/6] tools: secure guest check for AMD in virt-host-validate

Boris Fiuczynski fiuczy at linux.ibm.com
Mon May 18 15:16:23 UTC 2020 

On 5/18/20 3:01 PM, Erik Skultety wrote:
> On Mon, May 11, 2020 at 06:42:00PM +0200, Boris Fiuczynski wrote:
>> Add checking in virt-host-validate for secure guest support
>> on x86 for AMD Secure Encrypted Virtualization.
>>
>> Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
>> Reviewed-by: Paulo de Rezende Pinatti <ppinatti at linux.ibm.com>
>> Reviewed-by: Bjoern Walk <bwalk at linux.ibm.com>
>> ---
>>   docs/kbase/launch_security_sev.rst |  7 ++++--
>>   tools/virt-host-validate-common.c  | 36 ++++++++++++++++++++++++++++--
>>   tools/virt-host-validate-common.h  |  1 +
>>   3 files changed, 40 insertions(+), 4 deletions(-)
>>
>> diff --git a/docs/kbase/launch_security_sev.rst b/docs/kbase/launch_security_sev.rst
>> index fa602c7432..45166b3886 100644
>> --- a/docs/kbase/launch_security_sev.rst
>> +++ b/docs/kbase/launch_security_sev.rst
>> @@ -30,8 +30,11 @@ Enabling SEV on the host
>>   ========================
>>   
>>   Before VMs can make use of the SEV feature you need to make sure your
>> -AMD CPU does support SEV. You can check whether SEV is among the CPU
>> -flags with:
>> +AMD CPU does support SEV. You can run ``libvirt-host-validate``
>> +(libvirt >= 6.4.0) to check if your host supports secure guests or you
>> +can follow the manual checks below.
>> +
>> +You can manually check whether SEV is among the CPU flags with:
> 
> ^this change should go along the (<6.4.0) in one of the earlier patches into a
> standalone patch.

Actually the earlier patches fix the stale cap cache and this update is 
because of a new support in libvirt-host-validate. I am not sure that we 
should tie these to into one patch.
I would prefer to keep the two doc changes separate and with the changes 
that caused the update.

> 
> Otherwise looking good.
> 
Thanks but the changes need also to be adjusted as discussed on patch 3.
I will do so in a followup version.


-- 
Mit freundlichen Grüßen/Kind regards
    Boris Fiuczynski

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294

More information about the libvir-list mailing list