Re: [PATCH v3 5/7] tools: secure guest check for AMD in virt-host-validate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/15/20 4:21 PM, Erik Skultety wrote:
On Mon, Jun 15, 2020 at 10:28:10AM +0200, Paulo de Rezende Pinatti wrote:
From: Boris Fiuczynski <fiuczy@xxxxxxxxxxxxx>

Add checking in virt-host-validate for secure guest support
on x86 for AMD Secure Encrypted Virtualization.

Signed-off-by: Boris Fiuczynski <fiuczy@xxxxxxxxxxxxx>
Reviewed-by: Paulo de Rezende Pinatti <ppinatti@xxxxxxxxxxxxx>
Reviewed-by: Bjoern Walk <bwalk@xxxxxxxxxxxxx>
Reviewed-by: Erik Skultety <eskultet@xxxxxxxxxx>
---
RB still stands, I just noticed that we require users to set mem_encrypt=on for
SEV which we know is not mandatory, so I dropped that bit, we can recommend
mem_encrypt somewhere else in the docs or kbase.

diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index f68c9c7c96..f05252439e 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -506,8 +506,8 @@ int virHostValidateSecureGuests(const char *hvname,
          if (mod_value[0] != '1') {
              virHostMsgFail(level,
                             "AMD Secure Encrypted Virtualization appears to be "
-                           "disabled in kernel. Add kvm_amd.sev=1 "
-                           "to the kernel cmdline arguments");
+                           "disabled in kernel. Add mem_encrypt=on "
+                           "kvm_amd.sev=1 to kernel cmdline arguments");
              return 0;
          }


Erik,
I agree to the change which was an oversight in my changes for the adjusted AMD checks. Thanks for catching it.

--
Mit freundlichen Grüßen/Kind regards
   Boris Fiuczynski

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux