Adding an "Enable Launch Security" checkbox to the Memory Details dialog
Charles Arnold
carnold at suse.com
Fri Mar 27 16:34:34 UTC 2020
On Fri, 2020-03-27 at 12:13 -0400, Cole Robinson wrote:
> CCing Erik who knows more about that launchSecurity/sev than I do
>
> On 3/27/20 11:44 AM, Charles Arnold wrote:
> > What is the opinion of adding a checkbox called "Enable Launch
> > Security" under the 'Current allocation' and 'Maximum allocation'
> > boxes
> > on the Details->Memory dialog? It would only be enabled if libvirt
> > detected support for it.
> >
>
> Provided libvirt capabilities report everything we need to know to
> whether it's really supported on the host and will actually work, and
> there's a sensible noncontroversial set of defaults we can fill in,
> then
> a single checkbox is worth considering. It's certainly an advanced
> feature but it's also getting more and more mention these days so
> maybe
> it's good to get out ahead of any future RFEs.
>
> But if we can boil it down to being that simple I guess the question
> is
> whether a checkbox in the UI is valuable when users can use 'virt-xml
> VMNAME --edit --launchSecurity sev' to fill in the same default
> values.
> I guess it depends on who we expect will want to use this option. We
> should think about how it fits the UI philosophy/DESIGN.md:
>
> https://github.com/virt-manager/virt-manager/blob/master/DESIGN.md
As I look this over here are my thoughts.
How many users do we expect will use it: It is a relatively new feature
in libvirt based on newer hardware so I'm not sure we can answer this
now.
How critical is it for users who need/want it: Definitely not a
blocker. I view it as your comment above as a "good to get ahead of any
future RFEs."
How self explanatory is the feature: The name itself may not lend
itself to be self explanatory to the average user. This is more of an
intermediate or advanced feature. It is well documented on the libvirt
domain XML format pages.
How dangerous or difficult to use is the feature: Just a checkbox from
the virt-manager level (at this point) but there appears to be other
issues below in libvirt or qemu that Daniel pointed out.
How much work is it to maintain, test: Minimal IMO although it may
evolve over time. The "Enable Launch Security" string would need to be
translated.
How much work is it to implement: I've already coded it up so my
current implemenation didn't seem to hard. What I have does rely on
libvirt reporting on whether there is support. If yes, the checkbox is
enabled and if no it is not.
- Charles
More information about the virt-tools-list
mailing list