libvirt/SOURCES/libvirt-docs-Update-AMD-launch-secure-description.patch

57 lines
2.1 KiB
Diff
Raw Normal View History

From b89b5b577ae05a9f453a55b8e7cbd81db27e95df Mon Sep 17 00:00:00 2001
Message-Id: <b89b5b577ae05a9f453a55b8e7cbd81db27e95df@dist-git>
From: Boris Fiuczynski <fiuczy@linux.ibm.com>
Date: Wed, 24 Jun 2020 13:16:22 +0200
Subject: [PATCH] docs: Update AMD launch secure description
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Update document with changes in qemu capability caching and the added
secure guest support checking for AMD SEV in virt-host-validate.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit 2c3ffa37284b9fa3d1e6c369fa2bb71c6f6dd92a)
https://bugzilla.redhat.com/show_bug.cgi?id=1848997
https://bugzilla.redhat.com/show_bug.cgi?id=1850351
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Message-Id: <1229877019008ac6f0135296af502e596c3e30e5.1592996194.git.jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
docs/kbase/launch_security_sev.rst | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/docs/kbase/launch_security_sev.rst b/docs/kbase/launch_security_sev.rst
index 65f258587d..19b978481a 100644
--- a/docs/kbase/launch_security_sev.rst
+++ b/docs/kbase/launch_security_sev.rst
@@ -30,8 +30,11 @@ Enabling SEV on the host
========================
Before VMs can make use of the SEV feature you need to make sure your
-AMD CPU does support SEV. You can check whether SEV is among the CPU
-flags with:
+AMD CPU does support SEV. You can run ``libvirt-host-validate``
+(libvirt >= 6.5.0) to check if your host supports secure guests or you
+can follow the manual checks below.
+
+You can manually check whether SEV is among the CPU flags with:
::
@@ -109,7 +112,7 @@ following:
</features>
</domainCapabilities>
-Note that if libvirt was already installed and libvirtd running before
+Note that if libvirt (<6.5.0) was already installed and libvirtd running before
enabling SEV in the kernel followed by the host reboot you need to force
libvirtd to re-probe both the host and QEMU capabilities. First stop
libvirtd:
--
2.27.0