On Mon, Jan 18, 2021, Borislav Petkov wrote: > On Mon, Jan 18, 2021 at 09:32:07PM +0100, Paolo Bonzini wrote: > > I think it makes sense because AMD_SEV_ES_GUEST's #VC handling is quite a > > bit of code that you may not want or need. > > Quite a bit of code which ends up practically enabled on the majority of > distros. > > And it ain't about savings of whopping KiBs. And yet another Kconfig symbol > in our gazillion Kconfig symbols space means ugly ifdeffery and paying > attention to randconfig builds. > > For tailored configs you simply disable AMD_MEM_ENCRYPT on !AMD hw and > all done. It was the AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT dependency that tripped me up. To get KVM to enable SEV/SEV-ES by default, that needs to be enabled, which in turn requires AMD_MEM_ENCRYPT=y. I didn't realize that there isn't actually a dependency on AMD_MEM_ENCRYPT=y > So I don't see the point for this. Agreed, I'll send a KVM patch to remove the AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT dependency.
