On 4/4/22 6:50 AM, Daniel P. Berrangé wrote:
On Fri, Apr 01, 2022 at 12:13:17PM -0600, Charles Arnold wrote:
From d700e8cee7cd525c0022b5a9a440f64c4ab149f0 Mon Sep 17 00:00:00 2001
From: Charles Arnold <carnold@xxxxxxxx>
Date: Fri, 1 Apr 2022 12:01:21 -0600
Subject: [PATCH 1/1] Add support for enabling Secure Encrypted
Virtualization
in the GUI
Add an "Enable Launch Security" checkbox on the Details memory tab.
Do the minimal configuration required for libvirt to enable this feature
on compatible hardware.
Don't we need to turn on the 'iommu' option for all virtio devices
too, and disable PXE on any NICs ?
https://libvirt.org/kbase/launch_security_sev.html#virtio
I used to enumerate through the virtio devices in an old version of this
patch
for virt-manager and enable iommu but it really wasn't reasonable for
virt-manager to track which virtio devices needed iommu enabled.
Additionally,
libvirt will sometimes add a device when a VM is created. This patch
leans on libvirt to do the right thing when sev is enabled similar to what
happens when launch security is specified on the virt-install command line.
- Charles
