Hi Paolo,
On 10/05/2018 03:18 PM, Paolo Bonzini wrote:
On 06/10/2018 00:03, Guenter Roeck wrote:
This should be handled by
config KVM_AMD_SEV
def_bool y
bool "AMD Secure Encrypted Virtualization (SEV) support"
depends on KVM_AMD && X86_64
depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
---help---
Provides support for launching Encrypted VMs on AMD processors.
Unfortunately it doesn't. It disables KVM_AMD_SEV, but that doesn't prevent
the calls.
Yes, exactly - that's why I mentioned the sev_guest patch that should
cull all the SEV code from a !KVM_AMD_SEV build.
Maybe this works as well? I haven't tested it yet:
I am sure there are many possible solutions. I would personally prefer one
that enforces KVM_AMD=m with CRYPTO_DEV_CCP_DD=m, but that is just me.
Well, KVM_AMD=y is a relatively unusual choice to begin with. The
It is common enough that we are not the only ones affected. Also, even a
"relatively unusual choice" should, in my opinion, not result in a build
error. Never mind, I'll just apply the suggested workaround and configure
CRYPTO_DEV_CCP_DD=y. I need to do that anyway, after all, if I want to keep
KVM_AMD=y.
Thanks,
Guenter
