On 19/01/21 18:09, Borislav Petkov wrote:
It was the AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT dependency that tripped me up. To get KVM to enable SEV/SEV-ES by default,By default? What would be the use case for that?
It doesn't enable by default SEV/SEV-ES for all the guests, it only enables the functionality.
But tying that to a Kconfig value is useless, it should just default to 1 (allow creating encrypted guests) if the hardware is available.
Paolo
