On 5/18/20 3:01 PM, Erik Skultety wrote:
On Mon, May 11, 2020 at 06:42:00PM +0200, Boris Fiuczynski wrote:
Add checking in virt-host-validate for secure guest support
on x86 for AMD Secure Encrypted Virtualization.
Signed-off-by: Boris Fiuczynski <fiuczy@xxxxxxxxxxxxx>
Reviewed-by: Paulo de Rezende Pinatti <ppinatti@xxxxxxxxxxxxx>
Reviewed-by: Bjoern Walk <bwalk@xxxxxxxxxxxxx>
---
docs/kbase/launch_security_sev.rst | 7 ++++--
tools/virt-host-validate-common.c | 36 ++++++++++++++++++++++++++++--
tools/virt-host-validate-common.h | 1 +
3 files changed, 40 insertions(+), 4 deletions(-)
diff --git a/docs/kbase/launch_security_sev.rst b/docs/kbase/launch_security_sev.rst
index fa602c7432..45166b3886 100644
--- a/docs/kbase/launch_security_sev.rst
+++ b/docs/kbase/launch_security_sev.rst
@@ -30,8 +30,11 @@ Enabling SEV on the host
========================
Before VMs can make use of the SEV feature you need to make sure your
-AMD CPU does support SEV. You can check whether SEV is among the CPU
-flags with:
+AMD CPU does support SEV. You can run ``libvirt-host-validate``
+(libvirt >= 6.4.0) to check if your host supports secure guests or you
+can follow the manual checks below.
+
+You can manually check whether SEV is among the CPU flags with:
^this change should go along the (<6.4.0) in one of the earlier patches into a
standalone patch.
Actually the earlier patches fix the stale cap cache and this update is
because of a new support in libvirt-host-validate. I am not sure that we
should tie these to into one patch.
I would prefer to keep the two doc changes separate and with the changes
that caused the update.
Otherwise looking good.
Thanks but the changes need also to be adjusted as discussed on patch 3.
I will do so in a followup version.
--
Mit freundlichen Grüßen/Kind regards
Boris Fiuczynski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294