On Tue, Aug 29, 2023 at 09:54:40AM +0200, Erik Skultety wrote: > On Mon, Aug 28, 2023 at 02:10:42PM -0700, Derek Lee wrote: > > When SEV is enabled in domcapabilities does that just mean any of SEV, > > SEV-ES, SEV-SNP is possible on the hardware? > > No, <sev supported='yes'> only means that the CPU has 'sev' in the flags. On > its own it doesn't say anything about the ES/SNP features. It might be possible > to extract information whether these have been enabled on the HW via BIOS (or > if they're enabled by default on new platforms) via the base64 encoded ID in > the <cpu0Id> XML subelement, but that's just my guess. Even if the CPU had the "SEV-ES" feature, it doesn't mean you can use it, because the firmware lets the hardware owner specify the split between SEV & SEV-ES guests that are allowed on the machine. IOW even if it supports SEV-ES, firmware could have been configured to have zero SEV-ES guests. For this reason, in the domain capabilities, the <sev supported='yes'> element has child elements which give the info about the number of configured guests of each type: <sev supported='yes'> ...snip... <maxGuests>10</maxGuests> <maxESGuests>500</maxESGuests> </sev> Currently there is no SEV-SNP support merged in upstream Linux or QEMU, and thus libvirt also does not support SEV-SNP. Once all the pieces are merged in QEMU, we'll extend libvirt doman capabilities to also reflect whether SEV-SNP is available. NB, while SEV and SEV-ES can be thought of as just minor variations of each other, I recommend that SEV-SNP be considered an entirely separate confidential VM technology because architecturally SEV-SNP is quite different from SEV/SEV-ES in the way that attestation is driven from the guest, not the host. Long term I expect SEV/SEV-ES to fade into irrelevance and SEV-SNP will be the only thing people care about on AMD, because SNP is so much better. > > Similarly, does enabling SEV as a launchSecurity option in a domainXML mean > > that whichever SEV is available will be enabled? And if the guest policy > > has the ES flag set, it will not be created unless ES is enabled? > > Again, ES/SNP are just extra useful security features which sit on top of SEV > (i.e. there's no such thing as "whichever" SEV), both serving a different > purpose and both supposed to be transparent to the user, IOW if they're enabled > on the HW they'll be used. > > Whether a VM is created if you explicitly request the ES flag via the guest > policy on a non-ES enabled SEV CPU is totally dependent on AMD's FW behaviour > as libvirt only passes through the values. Based on the SEV API spec, if you > set ES in the guest policy SEV-ES must be enabled on the HW with no further > information provided, so my assumption is that the FW will refuse to comply > with such a request which in turn will result in QEMU returning a failure on > creating such a VM. Again, totally based on my assumption it would be a design > flaw of such a security feature if you requested the vCPU states to be included > in the measurement with the ES policy flag and the FW would silently ignore the > fact it's not enabled in HW and simply not include the data in the response. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|