-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AMD SEV technology enablement #6991
Comments
How the plan for testing looks like? Would it be possible to test this with non-root? Thanks, @vasiliy-ul ! |
HI @xpivarc . The actual test cases are provided with the implementation PR (well, only one test case so far...). Though for testing the feature there are a couple of prerequisites that are still missing: 1) we need to have a guest VM with recent kernel and UEFI boot support. The relevant PRs (switch to Fedora 35) are under discussion at the moment; 2) the feature requires specific hardware to run on. I am not sure if there is a test machine with AMD EPYC CPU available in kubevirt CI cluster for that. For now I tested and verified manually on AMD machine. Regarding non-root: I cannot think of any potetnial issue at the moment. Qemu will just need to have RW access to |
As far as I know, we are missing the hw in our clusters.
Thanks for the response. It is also our assumption but we want to be sure :) I would appreciate it if you give it a try. |
Hi @xpivarc . I tried to run a SEV guest with |
@vasiliy-ul Thank you! |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with /lifecycle stale |
/remove-lifecycle stale |
Hi all, this is up-to-date right? We don't have SEV-ES yet |
@hw-claudio not yet. We are still integrating the SEV CI nodes to be able to test the code changes |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with /lifecycle stale |
@alicefr noticed the bot inactivity message, are the SEV CI nodes integrated now, is AMD SEV-ES functional? |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with /lifecycle rotten |
/remove-lifecycle rotten |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with /lifecycle stale |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with /lifecycle stale |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with /lifecycle rotten |
Is this live with ES/SNP? Currently working with libvirt on one of our clusters and would love to be able to fold this into our CoCo build. |
SEV-ES is already enabled. SNP is WIP in kernel/qemu/libvirt (not yet upstreamed), hence not supported in KubeVirt so far. /remove-lifecycle rotten |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with /lifecycle stale |
This is the placeholder issue for tracking the progress of AMD Memory Encryption features (SEV, SEV-ES, SEV-SNP) enablement in KubeVirt.
Original discussion from the mailing list: https://groups.google.com/g/kubevirt-dev/c/a6XlT0qRNAY/m/IWFAOu2xAAAJ
/kind enhancement
Implementation
[WIP] Libvirt API: https://listman.redhat.com/archives/libvir-list/2021-December/msg00800.htmlSEVPlatformInfo
andSEVMeasurementInfo
inVMIStatus
/dev/sev
device to pods only if the feature gate is enabledTesting
Documentation
The text was updated successfully, but these errors were encountered: