Add support for enabling Secure Encrypted Virtualization in the GUI
Charles Arnold
carnold at suse.com
Mon Apr 4 15:49:24 UTC 2022
On 4/4/22 6:50 AM, Daniel P. Berrangé wrote:
> On Fri, Apr 01, 2022 at 12:13:17PM -0600, Charles Arnold wrote:
>> From d700e8cee7cd525c0022b5a9a440f64c4ab149f0 Mon Sep 17 00:00:00 2001
>> From: Charles Arnold <carnold at suse.com>
>> Date: Fri, 1 Apr 2022 12:01:21 -0600
>> Subject: [PATCH 1/1] Add support for enabling Secure Encrypted
>> Virtualization
>> in the GUI
>>
>> Add an "Enable Launch Security" checkbox on the Details memory tab.
>> Do the minimal configuration required for libvirt to enable this feature
>> on compatible hardware.
>>
> Don't we need to turn on the 'iommu' option for all virtio devices
> too, and disable PXE on any NICs ?
>
> https://libvirt.org/kbase/launch_security_sev.html#virtio
>
I used to enumerate through the virtio devices in an old version of this
patch
for virt-manager and enable iommu but it really wasn't reasonable for
virt-manager to track which virtio devices needed iommu enabled.
Additionally,
libvirt will sometimes add a device when a VM is created. This patch
leans on libvirt to do the right thing when sev is enabled similar to what
happens when launch security is specified on the virt-install command line.
- Charles
More information about the virt-tools-list
mailing list