Re: [PATCH v3 5/7] tools: secure guest check for AMD in virt-host-validate

On Mon, Jun 15, 2020 at 10:28:10AM +0200, Paulo de Rezende Pinatti wrote: > From: Boris Fiuczynski <fiuczy(a)linux.ibm.com&gt; > > Add checking in virt-host-validate for secure guest support > on x86 for AMD Secure Encrypted Virtualization. > > Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com&gt; > Reviewed-by: Paulo de Rezende Pinatti <ppinatti(a)linux.ibm.com&gt; > Reviewed-by: Bjoern Walk <bwalk(a)linux.ibm.com&gt; > Reviewed-by: Erik Skultety <eskultet(a)redhat.com&gt; > --- RB still stands, I just noticed that we require users to set mem_encrypt=on for SEV which we know is not mandatory, so I dropped that bit, we can recommend mem_encrypt somewhere else in the docs or kbase. diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c index f68c9c7c96..f05252439e 100644 --- a/tools/virt-host-validate-common.c +++ b/tools/virt-host-validate-common.c @@ -506,8 +506,8 @@ int virHostValidateSecureGuests(const char *hvname, if (mod_value[0] != '1') { virHostMsgFail(level, "AMD Secure Encrypted Virtualization appears to be " - "disabled in kernel. Add kvm_amd.sev=1 " - "to the kernel cmdline arguments"); + "disabled in kernel. Add mem_encrypt=on " + "kvm_amd.sev=1 to kernel cmdline arguments"); return 0; }