My understanding is that these numbers retrieves number from CPU and
do not actually represent whether SEV-ES is actually enabled in KVM.
Because libvirt checks whether SEV is actually enabled in KVM, it makes
it makes better sense to check the same for SEV-ES, IMO.
Also, this "model" approach is likely needed for SEV-SNP, which shares
the same ASID pool with SEV-ES by default. (though the implementation
is still actively updated by AMD and is not yet merged into kernel or
qemu now).
On 2/19/24 18:58, Daniel P. Berrangé wrote:
On Mon, Feb 19, 2024 at 02:54:59PM +0900, Takashi Kajinami wrote:
This introduces the new "model" field in sev elements so that clients can
check whether SEV-ES, the 2nd generation of AMD SEV, is available in
the taget hyprvisor.
Err, isn't this is already possible...
https://libvirt.org/formatdomaincaps.html#sev-capabilities
you'll see 'maxESGuests' give a non-zero number of SEV-ES is possible
on a host.
With regards,
Daniel
_______________________________________________
Devel mailing list -- devel@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
