On Tue, Sep 16, 2025 at 02:46:27PM +0200, Markus Armbruster wrote: > Naveen N Rao <[email protected]> writes: > > > Hi Markus, > > > > On Fri, Sep 12, 2025 at 01:20:43PM +0200, Markus Armbruster wrote: > >> "Naveen N Rao (AMD)" <[email protected]> writes: > >> > >> > Add support for enabling debug-swap VMSA SEV feature in SEV-ES and > >> > SEV-SNP guests through a new "debug-swap" boolean property on SEV guest > >> > objects. Though the boolean property is available for plain SEV guests, > >> > check_sev_features() will reject setting this for plain SEV guests. > >> > >> Let's see whether I understand... > >> > >> It's a property of sev-guest and sev-snp-guest objects. These are the > >> "SEV guest objects". > >> > >> I guess a sev-snp-guest object implies it's a SEV-SNP guest, and setting > >> @debug-swap on such an object just works. > >> > >> With a sev-guest object, it's either a "plain SEV guest" or a "SEV-ES" > >> guest. > >> > >> If it's the latter, setting @debug-swap just works. > >> > >> If it's the former, and you set @debug-swap to true, then KVM > >> accelerator initialization will fail later on. This might trigger > >> fallback to TCG. > >> > >> Am I confused? > > > > You're spot on, except that in the last case above (plain old SEV > > guest), qemu throws an error: > > qemu-system-x86_64: check_sev_features: SEV features require either > > SEV-ES or SEV-SNP to be enabled > > Okay. > > Can you (or anyone) explain to me why SEV-SNP gets its own object type, > but SEV-ES does not?
SEV-ES is a minor incremental enhancement over SEV, with the user provided configuration in QEMU largely common between the two. SEV-SNP is a significant improvement that requires new/different user config data to be provided to QEMU. It also changes the way attestation is driven, moving out of host/QEMU, into the guest. It made more sense to separate the configuration for SEV-SNP from that used for SEV/SEV-ES. It also helps reinforce the message that SEV-SNP is where the long term focus should be, with SEV/SEV-ES (ideally) only used on old platforms that predate SNP, or running OS that lack the more recent software support for SNP. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
