From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Tyler Fanelli <tfanelli@redhat.com>
Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org, mtosatti@redhat.com,
armbru@redhat.com, pbonzini@redhat.com, eblake@redhat.com
Subject: Re: [PATCH] sev: allow capabilities to check for SEV-ES support
Date: Tue, 16 Nov 2021 09:17:44 +0000 [thread overview]
Message-ID: <YZN3OECfHBXd55M5@redhat.com> (raw)
In-Reply-To: <20211115193804.294529-1-tfanelli@redhat.com>
On Mon, Nov 15, 2021 at 02:38:04PM -0500, Tyler Fanelli wrote:
> Probe for SEV-ES and SEV-SNP capabilities to distinguish between Rome,
> Naples, and Milan processors. Use the CPUID function to probe if a
> processor is capable of running SEV-ES or SEV-SNP, rather than if it
> actually is running SEV-ES or SEV-SNP.
>
> Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
> ---
> qapi/misc-target.json | 11 +++++++++--
> target/i386/sev.c | 6 ++++--
> 2 files changed, 13 insertions(+), 4 deletions(-)
>
> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
> index 5aa2b95b7d..c3e9bce12b 100644
> --- a/qapi/misc-target.json
> +++ b/qapi/misc-target.json
> @@ -182,13 +182,19 @@
> # @reduced-phys-bits: Number of physical Address bit reduction when SEV is
> # enabled
> #
> +# @es: SEV-ES capability of the machine.
> +#
> +# @snp: SEV-SNP capability of the machine.
> +#
> # Since: 2.12
> ##
> { 'struct': 'SevCapability',
> 'data': { 'pdh': 'str',
> 'cert-chain': 'str',
> 'cbitpos': 'int',
> - 'reduced-phys-bits': 'int'},
> + 'reduced-phys-bits': 'int',
> + 'es': 'bool',
> + 'snp': 'bool'},
> 'if': 'TARGET_I386' }
>
> ##
> @@ -205,7 +211,8 @@
> #
> # -> { "execute": "query-sev-capabilities" }
> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
> -# "cbitpos": 47, "reduced-phys-bits": 5}}
> +# "cbitpos": 47, "reduced-phys-bits": 5
> +# "es": false, "snp": false}}
We've previously had patches posted to support SNP in QEMU
https://lists.gnu.org/archive/html/qemu-devel/2021-08/msg04761.html
and this included an update to query-sev for reporting info
about the VM instance.
Your patch is updating query-sev-capabilities, which is a
counterpart for detecting host capabilities separate from
a guest instance.
None the less I wonder if the same design questions from
query-sev apply. ie do we need to have the ability to
report any SNP specific information fields, if so we need
to use a discriminated union of structs, not just bool
flags.
More generally I'm some what wary of adding this to
query-sev-capabilities at all, unless it is part of the
main SEV-SNP series.
Also what's the intended usage for the mgmt app from just
having these boolean fields ? Are they other more explicit
feature flags we should be reporting, instead of what are
essentially SEV generation codenames.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
WARNING: multiple messages have this Message-ID (diff)
From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Tyler Fanelli <tfanelli@redhat.com>
Cc: kvm@vger.kernel.org, mtosatti@redhat.com, qemu-devel@nongnu.org,
armbru@redhat.com, pbonzini@redhat.com, eblake@redhat.com
Subject: Re: [PATCH] sev: allow capabilities to check for SEV-ES support
Date: Tue, 16 Nov 2021 09:17:44 +0000 [thread overview]
Message-ID: <YZN3OECfHBXd55M5@redhat.com> (raw)
In-Reply-To: <20211115193804.294529-1-tfanelli@redhat.com>
On Mon, Nov 15, 2021 at 02:38:04PM -0500, Tyler Fanelli wrote:
> Probe for SEV-ES and SEV-SNP capabilities to distinguish between Rome,
> Naples, and Milan processors. Use the CPUID function to probe if a
> processor is capable of running SEV-ES or SEV-SNP, rather than if it
> actually is running SEV-ES or SEV-SNP.
>
> Signed-off-by: Tyler Fanelli <tfanelli@redhat.com>
> ---
> qapi/misc-target.json | 11 +++++++++--
> target/i386/sev.c | 6 ++++--
> 2 files changed, 13 insertions(+), 4 deletions(-)
>
> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
> index 5aa2b95b7d..c3e9bce12b 100644
> --- a/qapi/misc-target.json
> +++ b/qapi/misc-target.json
> @@ -182,13 +182,19 @@
> # @reduced-phys-bits: Number of physical Address bit reduction when SEV is
> # enabled
> #
> +# @es: SEV-ES capability of the machine.
> +#
> +# @snp: SEV-SNP capability of the machine.
> +#
> # Since: 2.12
> ##
> { 'struct': 'SevCapability',
> 'data': { 'pdh': 'str',
> 'cert-chain': 'str',
> 'cbitpos': 'int',
> - 'reduced-phys-bits': 'int'},
> + 'reduced-phys-bits': 'int',
> + 'es': 'bool',
> + 'snp': 'bool'},
> 'if': 'TARGET_I386' }
>
> ##
> @@ -205,7 +211,8 @@
> #
> # -> { "execute": "query-sev-capabilities" }
> # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
> -# "cbitpos": 47, "reduced-phys-bits": 5}}
> +# "cbitpos": 47, "reduced-phys-bits": 5
> +# "es": false, "snp": false}}
We've previously had patches posted to support SNP in QEMU
https://lists.gnu.org/archive/html/qemu-devel/2021-08/msg04761.html
and this included an update to query-sev for reporting info
about the VM instance.
Your patch is updating query-sev-capabilities, which is a
counterpart for detecting host capabilities separate from
a guest instance.
None the less I wonder if the same design questions from
query-sev apply. ie do we need to have the ability to
report any SNP specific information fields, if so we need
to use a discriminated union of structs, not just bool
flags.
More generally I'm some what wary of adding this to
query-sev-capabilities at all, unless it is part of the
main SEV-SNP series.
Also what's the intended usage for the mgmt app from just
having these boolean fields ? Are they other more explicit
feature flags we should be reporting, instead of what are
essentially SEV generation codenames.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2021-11-16 9:18 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-15 19:38 [PATCH] sev: allow capabilities to check for SEV-ES support Tyler Fanelli
2021-11-15 19:38 ` Tyler Fanelli
2021-11-15 22:47 ` Eric Blake
2021-11-15 22:47 ` Eric Blake
2021-11-16 9:17 ` Daniel P. Berrangé [this message]
2021-11-16 9:17 ` Daniel P. Berrangé
2021-11-16 15:29 ` Tyler Fanelli
2021-11-16 15:29 ` Tyler Fanelli
2021-11-16 15:53 ` Daniel P. Berrangé
2021-11-16 15:53 ` Daniel P. Berrangé
2021-11-16 16:58 ` Tyler Fanelli
2021-11-16 16:58 ` Tyler Fanelli
2021-11-16 17:23 ` Daniel P. Berrangé
2021-11-16 17:23 ` Daniel P. Berrangé
2021-11-16 17:32 ` Tyler Fanelli
2021-11-16 17:32 ` Tyler Fanelli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YZN3OECfHBXd55M5@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=tfanelli@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.