Am 09/12/2022 um 15:25 schrieb Markus Frank: > This Patch is for enabling AMD SEV (Secure Encrypted > Virtualization) support in QEMU > > VM-Config-Examples: > amd_sev: type=std,nodbg=1,noks=1 > amd_sev: es,nodbg=1,kernel-hashes=1 > > Node-Config-Example (gets generated automatically): > amd_sev: cbitpos=47,reduced-phys-bios=1 > > kernel-hashes, reduced-phys-bios & cbitpos correspond to the varibles > with the same name in qemu. > > kernel-hashes=1 adds kernel-hashes to enable measured linux kernel > launch since it is per default off for backward compatibility. > > reduced-phys-bios and cbitpos are system specific and can be read out > with QMP. If not set by the user, a dummy-vm gets started to read QMP > for these variables out and save them to the node config. > Afterwards the dummy-vm gets stopped. > > type=std stands for standard sev to differentiate it from sev-es (es) > or sev-snp (snp) when support is upstream. > > Qemu's sev-guest policy gets calculated with the parameters nodbg & noks > These parameters correspond to policy-bits 0 & 1. > If type=es than policy-bit 2 gets set to 1 to activate SEV-ES. > Policy bit 3 (nosend) is always set to 1, because migration > features for sev are not upstream yet and are attackable. > > see coherent doc patch > > Signed-off-by: Markus Frank <m.fr...@proxmox.com> > --- > I still could not get SEV-ES to work. > After a firmware update I got the same error like Daniel in his testing: > kvm: ../softmmu/vl.c:2568: qemu_machine_creation_done: Assertion > `machine->cgs->ready' failed. >
This was one of the main turn-offs for me, but maybe the situation change here w.r.t newer HW, kernel and QEMU support. Can you please re-test this rather soonish? E.g. with kernel 6.5 and 6.8, also trying a newer QEMU like Fiona's 8.2 build and our newer AMD based HW would be good to check out. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel