On Tue, Jul 09, 2024 at 11:10:05PM -0500, Michael Roth wrote: > Currently if the 'legacy-vm-type' property of the sev-guest object is > 'on', QEMU will attempt to use the newer KVM_SEV_INIT2 kernel > interface in conjunction with the newer KVM_X86_SEV_VM and > KVM_X86_SEV_ES_VM KVM VM types. > > This can lead to measurement changes if, for instance, an SEV guest was > created on a host that originally had an older kernel that didn't > support KVM_SEV_INIT2, but is booted on the same host later on after the > host kernel was upgraded. > > Instead, if legacy-vm-type is 'off', QEMU should fail if the > KVM_SEV_INIT2 interface is not provided by the current host kernel. > Modify the fallback handling accordingly. > > In the future, VMSA features and other flags might be added to QEMU > which will require legacy-vm-type to be 'off' because they will rely > on the newer KVM_SEV_INIT2 interface. It may be difficult to convey to > users what values of legacy-vm-type are compatible with which > features/options, so as part of this rework, switch legacy-vm-type to a > tri-state OnOffAuto option. 'auto' in this case will automatically > switch to using the newer KVM_SEV_INIT2, but only if it is required to > make use of new VMSA features or other options only available via > KVM_SEV_INIT2. > > Defining 'auto' in this way would avoid inadvertantly breaking > compatibility with older kernels since it would only be used in cases > where users opt into newer features that are only available via > KVM_SEV_INIT2 and newer kernels, and provide better default behavior > than the legacy-vm-type=off behavior that was previously in place, so > make it the default for 9.1+ machine types. > > Cc: Daniel P. Berrangé <berrange@xxxxxxxxxx> > Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx> > cc: kvm@xxxxxxxxxxxxxxx > Signed-off-by: Michael Roth <michael.roth@xxxxxxx> > --- > v2: > - switch to OnOffAuto for legacy-vm-type 'property' > - make 'auto' the default for 9.1+, which will automatically use > KVM_SEV_INIT2 when strictly required by a particular set of options, > but will otherwise keep using the legacy interface. > > hw/i386/pc.c | 2 +- > qapi/qom.json | 18 ++++++---- > target/i386/sev.c | 85 +++++++++++++++++++++++++++++++++++++++-------- > 3 files changed, 83 insertions(+), 22 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
