On 6/20/24 17:19, Jonathon Jongsma wrote:
On 6/20/24 6:22 AM, Michal Privoznik wrote:
SEV-SNP support just landed in QEMU. Here is the first round of patches to incorporate support into libvirt.
TODOs (aka problems of future me):
- Teach tools/virt-qemu-sev-validate how to deal with SEV-SNP - Try to find a SEV-SNP machine a test these patches in real worl - Write a kbase article on attestation with SEV-SNP
None of the CPU models that we currently have in libvirt allow you to run an SNP guest. That was the impetus behind my versioned CPU model series: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/2GLIS...
I've been meaning to push that series forward again, but hadn't gotten to it yet.
I'm not that familiar with all gotchas, but should the following just work? <cpu mode='host-passthrough' migratable='off'/> AFAIK, migration with SEV-SNP is not implemented yet.
Also, what about reporting domain capabilities for sev-snp support? It will require checking whether the host CPU supports SNP similarly to how we check the max sev guests, etc.
Good point! Let me post patch(es) for that. Michal