On Fri, Mar 27, 2020 at 12:13:09PM -0400, Cole Robinson wrote: > CCing Erik who knows more about that launchSecurity/sev than I do > > On 3/27/20 11:44 AM, Charles Arnold wrote: > > What is the opinion of adding a checkbox called "Enable Launch > > Security" under the 'Current allocation' and 'Maximum allocation' boxes > > on the Details->Memory dialog? It would only be enabled if libvirt > > detected support for it. > > > > Provided libvirt capabilities report everything we need to know to > whether it's really supported on the host and will actually work, and > there's a sensible noncontroversial set of defaults we can fill in, then > a single checkbox is worth considering. It's certainly an advanced > feature but it's also getting more and more mention these days so maybe > it's good to get out ahead of any future RFEs. Two issues right now. There is a ridiculously low limit of 15 VMs on first generation CPUs, perhaps not a huge problem for typical scenarios using virt-manager though. Second though is that while libvirt reports whether the feature exists & is supported in QEMU, QEMU is lieing to us, because it isn't checking whether kvm-amd actually allows the feature to be used. https://bugzilla.redhat.com/show_bug.cgi?id=1689202 https://bugzilla.redhat.com/show_bug.cgi?id=1731439 As long as the checkbox isn't enabled by default, its probably ok to ignore those two issues Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
