|
|
b971b8 |
From b89b5b577ae05a9f453a55b8e7cbd81db27e95df Mon Sep 17 00:00:00 2001
|
|
|
b971b8 |
Message-Id: <b89b5b577ae05a9f453a55b8e7cbd81db27e95df@dist-git>
|
|
|
b971b8 |
From: Boris Fiuczynski <fiuczy@linux.ibm.com>
|
|
|
b971b8 |
Date: Wed, 24 Jun 2020 13:16:22 +0200
|
|
|
b971b8 |
Subject: [PATCH] docs: Update AMD launch secure description
|
|
|
b971b8 |
MIME-Version: 1.0
|
|
|
b971b8 |
Content-Type: text/plain; charset=UTF-8
|
|
|
b971b8 |
Content-Transfer-Encoding: 8bit
|
|
|
b971b8 |
|
|
|
b971b8 |
Update document with changes in qemu capability caching and the added
|
|
|
b971b8 |
secure guest support checking for AMD SEV in virt-host-validate.
|
|
|
b971b8 |
|
|
|
b971b8 |
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
|
|
|
b971b8 |
Reviewed-by: Erik Skultety <eskultet@redhat.com>
|
|
|
b971b8 |
(cherry picked from commit 2c3ffa37284b9fa3d1e6c369fa2bb71c6f6dd92a)
|
|
|
b971b8 |
|
|
|
b971b8 |
https://bugzilla.redhat.com/show_bug.cgi?id=1848997
|
|
|
b971b8 |
https://bugzilla.redhat.com/show_bug.cgi?id=1850351
|
|
|
b971b8 |
|
|
|
b971b8 |
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
b971b8 |
Message-Id: <1229877019008ac6f0135296af502e596c3e30e5.1592996194.git.jdenemar@redhat.com>
|
|
|
b971b8 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
b971b8 |
---
|
|
|
b971b8 |
docs/kbase/launch_security_sev.rst | 9 ++++++---
|
|
|
b971b8 |
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
b971b8 |
|
|
|
b971b8 |
diff --git a/docs/kbase/launch_security_sev.rst b/docs/kbase/launch_security_sev.rst
|
|
|
b971b8 |
index 65f258587d..19b978481a 100644
|
|
|
b971b8 |
--- a/docs/kbase/launch_security_sev.rst
|
|
|
b971b8 |
+++ b/docs/kbase/launch_security_sev.rst
|
|
|
b971b8 |
@@ -30,8 +30,11 @@ Enabling SEV on the host
|
|
|
b971b8 |
========================
|
|
|
b971b8 |
|
|
|
b971b8 |
Before VMs can make use of the SEV feature you need to make sure your
|
|
|
b971b8 |
-AMD CPU does support SEV. You can check whether SEV is among the CPU
|
|
|
b971b8 |
-flags with:
|
|
|
b971b8 |
+AMD CPU does support SEV. You can run ``libvirt-host-validate``
|
|
|
b971b8 |
+(libvirt >= 6.5.0) to check if your host supports secure guests or you
|
|
|
b971b8 |
+can follow the manual checks below.
|
|
|
b971b8 |
+
|
|
|
b971b8 |
+You can manually check whether SEV is among the CPU flags with:
|
|
|
b971b8 |
|
|
|
b971b8 |
::
|
|
|
b971b8 |
|
|
|
b971b8 |
@@ -109,7 +112,7 @@ following:
|
|
|
b971b8 |
</features>
|
|
|
b971b8 |
</domainCapabilities>
|
|
|
b971b8 |
|
|
|
b971b8 |
-Note that if libvirt was already installed and libvirtd running before
|
|
|
b971b8 |
+Note that if libvirt (<6.5.0) was already installed and libvirtd running before
|
|
|
b971b8 |
enabling SEV in the kernel followed by the host reboot you need to force
|
|
|
b971b8 |
libvirtd to re-probe both the host and QEMU capabilities. First stop
|
|
|
b971b8 |
libvirtd:
|
|
|
b971b8 |
--
|
|
|
b971b8 |
2.27.0
|
|
|
b971b8 |
|