Re: Add support for enabling Secure Encrypted Virtualization in the GUI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 4/4/22 6:50 AM, Daniel P. Berrangé wrote:
On Fri, Apr 01, 2022 at 12:13:17PM -0600, Charles Arnold wrote:
 From d700e8cee7cd525c0022b5a9a440f64c4ab149f0 Mon Sep 17 00:00:00 2001
From: Charles Arnold <carnold@xxxxxxxx>
Date: Fri, 1 Apr 2022 12:01:21 -0600
Subject: [PATCH 1/1] Add support for enabling Secure Encrypted
  in the GUI

Add an "Enable Launch Security" checkbox on the Details memory tab.
Do the minimal configuration required for libvirt to enable this feature
on compatible hardware.

Don't we need to turn on the 'iommu' option for all virtio devices
too, and disable PXE on any NICs ?

I used to enumerate through the virtio devices in an old version of this patch
for virt-manager and enable iommu but it really wasn't reasonable for
virt-manager to track which virtio devices needed iommu enabled. Additionally,
libvirt will sometimes add a device when a VM is created. This patch
leans on libvirt to do the right thing when sev is enabled similar to what
happens when launch security is specified on the virt-install command line.

- Charles

[Index of Archives]     [Linux Virtualization]     [KVM Development]     [CentOS Virtualization]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux