On Mon, Jun 15, 2020 at 10:28:05AM +0200, Paulo de Rezende Pinatti wrote: > This series introduces the concept of a 'Secure Guest' feature > which covers on s390 IBM Secure Execution and on x86 AMD Secure > Encrypted Virtualization. > > Besides adding documentation for IBM Secure Execution it also adds > checks during validation of the qemu capabilities cache. > These checks per architecture can be performed for IBM Secure > Execution on s390 and AMD Secure Encrypted Virtualization on AMD x86 > CPUs (both checks implemented in this series). > > For s390 the verification consists of: > - checking if /sys/firmware/uv is available: meaning the HW > facility is available and the host OS supports it; > - checking if the kernel cmdline contains 'prot_virt=1': meaning > the host OS wants to use the feature. > > For AMD Secure Encrypted Virtualization the verification consists of: > - checking if /sys/module/kvm_amd/parameters/sev contains the > value '1': meaning SEV is enabled in the host kernel; > - checking if /dev/sev exists > > Whenever the availability of the feature does not match the secure > guest flag in the cache then libvirt will re-build it in order to > pick up the new set of capabilities available. > > Additionally, this series adds the same aforementioned checks to the > virt-host-validate tool to facilitate the manual verification > process for users. ACK to the series, let me know whether you agree with the micro fixups I attached to the individual patch review and I'll squash them before pushing. Thanks for bearing with me, Erik
