From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Dr. David Alan Gilbert" Subject: Re: [PATCH v6 13/23] hmp: display memory encryption support in 'info kvm' Date: Fri, 2 Feb 2018 15:24:34 +0000 Message-ID: <20180202152433.GC2590@work-vm> References: <20180129174132.108925-1-brijesh.singh@amd.com> <20180129174132.108925-14-brijesh.singh@amd.com> <20180201175802.GK2457@work-vm> <7c3c7a89-04ef-016e-c9a5-4f4d4be1c449@amd.com> <20180201200442.GQ2457@work-vm> <20180202130817.GE15403@redhat.com> <3e6cf550-9bd8-daa7-e54a-d390354ffcb0@amd.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Daniel =?iso-8859-1?Q?P=2E_Berrang=E9?= , qemu-devel@nongnu.org, kvm@vger.kernel.org, Paolo Bonzini , Tom Lendacky , Peter Maydell , Richard Henderson , "Edgar E. Iglesias" , Eduardo Habkost , Stefan Hajnoczi , Eric Blake , "Michael S. Tsirkin" , Markus Armbruster To: Brijesh Singh Return-path: Received: from mx1.redhat.com ([209.132.183.28]:39410 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751554AbeBBPYn (ORCPT ); Fri, 2 Feb 2018 10:24:43 -0500 Content-Disposition: inline In-Reply-To: <3e6cf550-9bd8-daa7-e54a-d390354ffcb0@amd.com> Sender: kvm-owner@vger.kernel.org List-ID: * Brijesh Singh (brijesh.singh@amd.com) wrote: > > > On 2/2/18 7:08 AM, Daniel P. Berrangé wrote: > > On Thu, Feb 01, 2018 at 08:04:43PM +0000, Dr. David Alan Gilbert wrote: > >> * Brijesh Singh (brijesh.singh@amd.com) wrote: > >>> > >>> On 2/1/18 11:58 AM, Dr. David Alan Gilbert wrote: > >>>> * Brijesh Singh (brijesh.singh@amd.com) wrote: > >>>>> update 'info kvm' to display the memory encryption support. > >>>>> > >>>>> (qemu) info kvm > >>>>> kvm support: enabled > >>>>> memory encryption: disabled > >>>> As Markus said, this should be split qmp/hmp; but something else to > >>>> think about is whether this is a boolean or needs to be an enum; do > >>>> you have one version of encryption or are we going to need to flag up > >>>> versions or the features of the encryption? > >>> In future I could see us providing encrypted state status when we > >>> implement SEV-ES support, something like > >>> > >>> (qemu) info kvm > >>> kvm support: enabled > >>> memory encryption: enabled > >>> cpu register state: encrypted > >>> > >>> but so far I do not see need to provide the version string. If user > >>> wants to know the SEV version then it can open /dev/sev device to get > >>> platform status and more. > >> Yes, I was worried a bit more about how general that was going to be > >> or whether we're collecting a lot of architecture specific fields here. > >> So I wondered, if it was an enum, whether that would be come: > >> > >> memory encryption: none > >> > >> memory encryption: SEV > >> > >> memory encryption: SEV-ES > >> > >> (I'm not too sure whether that's better or not, just a suggestion) > > I wonder if it is is even appropriate to have under 'info kvm', since > > 'info kvm' is architecture independant and SEV is specific to AMD x86_64 > > only. It might suggest an 'info sev' command is better ? > > The reason I kept under 'info kvm' is because now KVM has a ioctl for > memory encryption operation, I like your suggestion for  introducing > 'info sev' -- the command can be used to provide additional SEV specific > details (e.g SEV FW state, SEV FW version, SEV active policy etc). Yes, that would be useful - I'm sure there's lots of information that will be useful to display for understanding the state of SEV, e.g. the policies etc. Dave > > > > Regards, > > Daniel > -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK