miloserdoff commented on issue #10009: URL: https://github.com/apache/cloudstack/issues/10009#issuecomment-2523373063
@DaanHoogland @weizhouapache I need to start a virtual machine using libvirt and qemu via virsh start. I enabled SEV, SEV-ES, SEV-SNP support in the system. root@vadm:~# dmesg | grep -i sev [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-6.11.0-rc3-snp-host-85ef1ac03941 root=/dev/mapper/ubuntu--vg-lv--2 ro kvm_amd.sev=1 quiet splash systemd.unified_cgroup_hierarchy=1 vt.handoff=1 [ 0.000000] SEV-SNP: RMP table physical range [0x0000007fcd100000 - 0x000000804d6fffff] [ 0.003473] SEV-SNP: Reserving start/end of RMP table on a 2MB boundary [0x0000007fcd000000] [ 0.003478] SEV-SNP: Reserving start/end of RMP table on a 2MB boundary [0x000000804d600000] [ 0.364249] Kernel command line: BOOT_IMAGE=/vmlinuz-6.11.0-rc3-snp-host-85ef1ac03941 root=/dev/mapper/ubuntu--vg-lv--2 ro kvm_amd.sev=1 quiet splash systemd.unified_cgroup_hierarchy=1 vt.handoff=1 [ 9.138296] ccp 0000:05:00.5: sev enabled [ 14.697860] ccp 0000:05:00.5: SEV API:1.55 build:24 [ 14.697866] ccp 0000:05:00.5: SEV-SNP API:1.55 build:24 [ 14.705531] kvm_amd: SEV enabled (ASIDs 253 - 1006) [ 14.705533] kvm_amd: SEV-ES enabled (ASIDs 1 - 252) [ 14.705534] kvm_amd: SEV-SNP enabled (ASIDs 1 - 252) And to launch SEV and SEV-ES I use in domainXml block Test results: root@UbuntuSevTest:~# snpguest ok [PASS] - SEV: ENABLED [PASS] - SEV-ES: ENABLED [FAIL] - SNP: DISABLED [PASS] - Optional Features statuses: [PASS] - VTOM: DISABLED [PASS] - ReflectVC: DISABLED [PASS] - Restricted Injection: DISABLED [PASS] - Alternate Injection: DISABLED [PASS] - Debug Swap: DISABLED [PASS] - Prevent Host IBS: DISABLED [PASS] - SNP BTB Isolation: DISABLED [PASS] - VMPL SSS: DISABLED [PASS] - Secure TSE: DISABLED [PASS] - VMG Exit Parameter: DISABLED [ PASS ] - IBS Virtualization: DISABLED [ PASS ] - VMSA Reg Prot: DISABLED [ PASS ] - SMT Protection: DISABLED ERROR: One or more tests in snpguest-ok reported a failure Error: One or more tests in snpguest-ok reported a failure To launch SEV-SNP, use the appropriate sev-snp type And when I enter the virsh start command, an error appears root@vadm:~# virsh start i-2-323-VM error: Failed to start domain 'i-2-323-VM' error: internal error: process exited while connecting to monitor: 2024-12-06T11:38:36.268734Z qemu-system-x86_64: -accel kvm: sev_snp_launch_start: SNP_LAUNCH_START ret=-22 fw_error=0 '' 2024-12-06T11:38:36.268772Z qemu-system-x86_64: -accel kvm: sev_common_kvm_init: failed to create encryption context 2024-12-06T11:38:36.313032Z qemu-system-x86_64: -accel kvm: failed to initialize kvm: Operation not permitted root@vadm:# ls -la /dev/kvm crw-rw---- 1 root kvm 10, 232 Dec 6 12:21 /dev/kvm root@vadm:# virsh --version 10.5.0 root@vadm:~# qemu-system-x86_64 --version QEMU emulator version 9.1.0 Copyright (c) 2003-2024 Fabrice Bellard and the QEMU Project developers The libvirtd and QEMU version support sev, sev-es and snp   -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
