My understanding is that these numbers retrieves number from CPU and do not actually represent whether SEV-ES is actually enabled in KVM. Because libvirt checks whether SEV is actually enabled in KVM, it makes it makes better sense to check the same for SEV-ES, IMO. Also, this "model" approach is likely needed for SEV-SNP, which shares the same ASID pool with SEV-ES by default. (though the implementation is still actively updated by AMD and is not yet merged into kernel or qemu now). On 2/19/24 18:58, Daniel P. Berrangé wrote:
On Mon, Feb 19, 2024 at 02:54:59PM +0900, Takashi Kajinami wrote:
This introduces the new "model" field in sev elements so that clients can check whether SEV-ES, the 2nd generation of AMD SEV, is available in the taget hyprvisor.
Err, isn't this is already possible...
https://libvirt.org/formatdomaincaps.html#sev-capabilities
you'll see 'maxESGuests' give a non-zero number of SEV-ES is possible on a host.
With regards, Daniel