From b89b5b577ae05a9f453a55b8e7cbd81db27e95df Mon Sep 17 00:00:00 2001 Message-Id: From: Boris Fiuczynski Date: Wed, 24 Jun 2020 13:16:22 +0200 Subject: [PATCH] docs: Update AMD launch secure description MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update document with changes in qemu capability caching and the added secure guest support checking for AMD SEV in virt-host-validate. Signed-off-by: Boris Fiuczynski Reviewed-by: Erik Skultety (cherry picked from commit 2c3ffa37284b9fa3d1e6c369fa2bb71c6f6dd92a) https://bugzilla.redhat.com/show_bug.cgi?id=1848997 https://bugzilla.redhat.com/show_bug.cgi?id=1850351 Signed-off-by: Jiri Denemark Message-Id: <1229877019008ac6f0135296af502e596c3e30e5.1592996194.git.jdenemar@redhat.com> Reviewed-by: Ján Tomko --- docs/kbase/launch_security_sev.rst | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/kbase/launch_security_sev.rst b/docs/kbase/launch_security_sev.rst index 65f258587d..19b978481a 100644 --- a/docs/kbase/launch_security_sev.rst +++ b/docs/kbase/launch_security_sev.rst @@ -30,8 +30,11 @@ Enabling SEV on the host ======================== Before VMs can make use of the SEV feature you need to make sure your -AMD CPU does support SEV. You can check whether SEV is among the CPU -flags with: +AMD CPU does support SEV. You can run ``libvirt-host-validate`` +(libvirt >= 6.5.0) to check if your host supports secure guests or you +can follow the manual checks below. + +You can manually check whether SEV is among the CPU flags with: :: @@ -109,7 +112,7 @@ following: -Note that if libvirt was already installed and libvirtd running before +Note that if libvirt (<6.5.0) was already installed and libvirtd running before enabling SEV in the kernel followed by the host reboot you need to force libvirtd to re-probe both the host and QEMU capabilities. First stop libvirtd: -- 2.27.0