On 06/10/2018 00:03, Guenter Roeck wrote: >> This should be handled by >> >> config KVM_AMD_SEV >> def_bool y >> bool "AMD Secure Encrypted Virtualization (SEV) support" >> depends on KVM_AMD && X86_64 >> depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) >> ---help--- >> Provides support for launching Encrypted VMs on AMD processors. >> > Unfortunately it doesn't. It disables KVM_AMD_SEV, but that doesn't prevent > the calls. Yes, exactly - that's why I mentioned the sev_guest patch that should cull all the SEV code from a !KVM_AMD_SEV build. >> Maybe this works as well? I haven't tested it yet: >> > I am sure there are many possible solutions. I would personally prefer one > that enforces KVM_AMD=m with CRYPTO_DEV_CCP_DD=m, but that is just me. Well, KVM_AMD=y is a relatively unusual choice to begin with. The question is whether then you want to disable this choice completely when CRYPTO_DEV_CCP_DD=m, or just disable SEV. My patch is a good idea anyway, if I may say so :), because it culls a lot of code from a !KVM_AMD_SEV build. But if it is not enough, we certainly have to do something else about the failure you're reporting. Paolo
