Re: [Part1 PATCH v5 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 09/29/2017 09:41 AM, Borislav Petkov wrote:
On Fri, Sep 29, 2017 at 07:28:47AM -0500, Brijesh Singh wrote:
if we are adding a chicken bits then I think we should do it for both
"smeonly" and "sevonly". We can boot host OS with SME disabled and SEV
enabled, and still be able to create the SEV guest from the hypervisor.

Sure, but is that a real use case? I mean, who would want to run
encrypted guests on an unencrypted hypervisor?


In production, you do not want to run encrypted guest on an unencrypted
hypervisor -- I was thinking about the debug environment. We can start
with mem_encrypt=sme and if we see the need for 'sev' arg then we can
extend it later.

I am working on the patch and will send for the review. thanks

-Brijesh



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux