Re: [PATCH] i386/sev: Don't allow automatic fallback to legacy KVM_SEV*_INIT

2024-07-10 Thread Daniel P . Berrangé
On Tue, Jul 09, 2024 at 11:03:19PM -0500, Michael Roth wrote: > On Thu, Jul 04, 2024 at 11:53:33AM +0200, Paolo Bonzini wrote: > > On Thu, Jul 4, 2024 at 11:39 AM Daniel P. Berrangé > > wrote: > > > > The debug_swap parameter simply could not be enabled in the old API > > > > without breaking mea

Re: [PATCH] i386/sev: Don't allow automatic fallback to legacy KVM_SEV*_INIT

2024-07-09 Thread Michael Roth
On Thu, Jul 04, 2024 at 11:53:33AM +0200, Paolo Bonzini wrote: > On Thu, Jul 4, 2024 at 11:39 AM Daniel P. Berrangé > wrote: > > > The debug_swap parameter simply could not be enabled in the old API > > > without breaking measurements. The new API *is the fix* to allow using > > > it (though QEMU

Re: [PATCH] i386/sev: Don't allow automatic fallback to legacy KVM_SEV*_INIT

2024-07-04 Thread Paolo Bonzini
On Thu, Jul 4, 2024 at 11:39 AM Daniel P. Berrangé wrote: > > The debug_swap parameter simply could not be enabled in the old API > > without breaking measurements. The new API *is the fix* to allow using > > it (though QEMU doesn't have the option plumbed in yet). There is no > > extensibility. >

Re: [PATCH] i386/sev: Don't allow automatic fallback to legacy KVM_SEV*_INIT

2024-07-04 Thread Daniel P . Berrangé
On Thu, Jul 04, 2024 at 11:31:16AM +0200, Paolo Bonzini wrote: > On Thu, Jul 4, 2024 at 10:42 AM Daniel P. Berrangé > wrote: > > > > On Thu, Jul 04, 2024 at 08:51:05AM +0200, Paolo Bonzini wrote: > > > On Thu, Jul 4, 2024 at 2:01 AM Michael Roth wrote: > > > > Currently if the 'legacy-vm-type' p

Re: [PATCH] i386/sev: Don't allow automatic fallback to legacy KVM_SEV*_INIT

2024-07-04 Thread Paolo Bonzini
On Thu, Jul 4, 2024 at 10:42 AM Daniel P. Berrangé wrote: > > On Thu, Jul 04, 2024 at 08:51:05AM +0200, Paolo Bonzini wrote: > > On Thu, Jul 4, 2024 at 2:01 AM Michael Roth wrote: > > > Currently if the 'legacy-vm-type' property of the sev-guest object is > > > left unset, QEMU will attempt to us

Re: [PATCH] i386/sev: Don't allow automatic fallback to legacy KVM_SEV*_INIT

2024-07-04 Thread Daniel P . Berrangé
On Thu, Jul 04, 2024 at 08:51:05AM +0200, Paolo Bonzini wrote: > On Thu, Jul 4, 2024 at 2:01 AM Michael Roth wrote: > > Currently if the 'legacy-vm-type' property of the sev-guest object is > > left unset, QEMU will attempt to use the newer KVM_SEV_INIT2 kernel > > interface in conjunction with th

Re: [PATCH] i386/sev: Don't allow automatic fallback to legacy KVM_SEV*_INIT

2024-07-03 Thread Paolo Bonzini
On Thu, Jul 4, 2024 at 2:01 AM Michael Roth wrote: > Currently if the 'legacy-vm-type' property of the sev-guest object is > left unset, QEMU will attempt to use the newer KVM_SEV_INIT2 kernel > interface in conjunction with the newer KVM_X86_SEV_VM and > KVM_X86_SEV_ES_VM KVM VM types. > > This c

[PATCH] i386/sev: Don't allow automatic fallback to legacy KVM_SEV*_INIT

2024-07-03 Thread Michael Roth
Currently if the 'legacy-vm-type' property of the sev-guest object is left unset, QEMU will attempt to use the newer KVM_SEV_INIT2 kernel interface in conjunction with the newer KVM_X86_SEV_VM and KVM_X86_SEV_ES_VM KVM VM types. This can lead to measurement changes if, for instance, an SEV guest w