Add support for enabling Secure Encrypted Virtualization in the GUI
Daniel P. Berrangé
berrange at redhat.com
Mon Apr 4 16:23:56 UTC 2022
On Mon, Apr 04, 2022 at 06:21:42PM +0200, Boris Fiuczynski wrote:
> On 4/4/22 5:48 PM, Charles Arnold wrote:
> > On 4/4/22 8:37 AM, Boris Fiuczynski wrote:
> > > On 4/4/22 2:50 PM, Daniel P. Berrangé wrote:
> > > > On Fri, Apr 01, 2022 at 12:13:17PM -0600, Charles Arnold wrote:
> > > > > From d700e8cee7cd525c0022b5a9a440f64c4ab149f0 Mon Sep 17 00:00:00 2001
> > > > > From: Charles Arnold <carnold at suse.com>
> > > > > Date: Fri, 1 Apr 2022 12:01:21 -0600
> > > > > Subject: [PATCH 1/1] Add support for enabling Secure Encrypted
> > > > > Virtualization
> > > > > in the GUI
> > > > >
> > > > > Add an "Enable Launch Security" checkbox on the Details memory tab.
> > > > > Do the minimal configuration required for libvirt to enable
> > > > > this feature
> > > > > on compatible hardware.
> > > > >
> > > >
> > > > Don't we need to turn on the 'iommu' option for all virtio devices
> > > > too, and disable PXE on any NICs ?
> > > >
> > > > https://libvirt.org/kbase/launch_security_sev.html#virtio
> > > >
> > > > With regards,
> > > > Daniel
> > > >
> > >
> > > Hi Arnold,
> > > your patch does not take into account that libvirt uses launch
> > > security for more types besides sev.
> > >
> > >
> > Good point. I haven't taken into account the s390 case which I can correct.
> > I'm not aware of other launch security types besides those two.
> >
> > - Charles
> >
>
> There has been a patch series for TDX on the mailing list in July 2021 but I
> am not sure what finally happened to it.
> https://listman.redhat.com/archives/libvir-list/2021-July/221098.html
TDX support isn't merged in the Linux kernel/KVM, nor in QEMU, nor
OVMF AFAIK, so anything related to libvirt & above is on hold until
the lower TDX bits are ready.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the virt-tools-list
mailing list