On Tue, Aug 29, 2023 at 09:54:40AM +0200, Erik Skultety wrote:
On Mon, Aug 28, 2023 at 02:10:42PM -0700, Derek Lee wrote:
> When SEV is enabled in domcapabilities does that just mean any of SEV,
> SEV-ES, SEV-SNP is possible on the hardware?
No, <sev supported='yes'> only means that the CPU has 'sev' in the
flags. On
its own it doesn't say anything about the ES/SNP features. It might be possible
to extract information whether these have been enabled on the HW via BIOS (or
if they're enabled by default on new platforms) via the base64 encoded ID in
the <cpu0Id> XML subelement, but that's just my guess.
Even if the CPU had the "SEV-ES" feature, it doesn't mean you can use
it, because the firmware lets the hardware owner specify the split
between SEV & SEV-ES guests that are allowed on the machine. IOW even
if it supports SEV-ES, firmware could have been configured to have
zero SEV-ES guests.
For this reason, in the domain capabilities, the <sev supported='yes'>
element has child elements which give the info about the number of
configured guests of each type:
<sev supported='yes'>
...snip...
<maxGuests>10</maxGuests>
<maxESGuests>500</maxESGuests>
</sev>
Currently there is no SEV-SNP support merged in upstream Linux or
QEMU, and thus libvirt also does not support SEV-SNP. Once all the
pieces are merged in QEMU, we'll extend libvirt doman capabilities
to also reflect whether SEV-SNP is available.
NB, while SEV and SEV-ES can be thought of as just minor variations
of each other, I recommend that SEV-SNP be considered an entirely
separate confidential VM technology because architecturally SEV-SNP
is quite different from SEV/SEV-ES in the way that attestation is
driven from the guest, not the host. Long term I expect SEV/SEV-ES
to fade into irrelevance and SEV-SNP will be the only thing people
care about on AMD, because SNP is so much better.
> Similarly, does enabling SEV as a launchSecurity option in a
domainXML mean
> that whichever SEV is available will be enabled? And if the guest policy
> has the ES flag set, it will not be created unless ES is enabled?
Again, ES/SNP are just extra useful security features which sit on top of SEV
(i.e. there's no such thing as "whichever" SEV), both serving a different
purpose and both supposed to be transparent to the user, IOW if they're enabled
on the HW they'll be used.
Whether a VM is created if you explicitly request the ES flag via the guest
policy on a non-ES enabled SEV CPU is totally dependent on AMD's FW behaviour
as libvirt only passes through the values. Based on the SEV API spec, if you
set ES in the guest policy SEV-ES must be enabled on the HW with no further
information provided, so my assumption is that the FW will refuse to comply
with such a request which in turn will result in QEMU returning a failure on
creating such a VM. Again, totally based on my assumption it would be a design
flaw of such a security feature if you requested the vCPU states to be included
in the measurement with the ES policy flag and the FW would silently ignore the
fact it's not enabled in HW and simply not include the data in the response.
With regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|