[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Adjusting the default ROM option for SEV guests
From: |
Vasily Ulyanov |
Subject: |
Adjusting the default ROM option for SEV guests |
Date: |
Wed, 11 May 2022 13:30:08 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1 |
Hello QEMU devs,
Currently to launch an SEV guest there are certain requirements for the VM
configuration. One such is that ROM option needs to be disabled for virtio-net
devices [1]. The tools like virt-install or libvirt rely on the QEMU defaults if
the ROM value is not provided (the default for virtio-net is set to
romfile=efi-virtio.rom). Eventually this leads to unbootable guest and poor user
experience as it is now mandatory to explicitly disable the ROM option.
There is a similar situation with iommu_platform, though that seems to be
addressed already in [2] and QEMU adjusts the defaults depending on whether it
is a confidential guest or not.
Wouldn't it make sense to also handle the romfile like that in QEMU? I.e. in the
case when an SEV guest is run and no romfile is explicitly specified set it to
an empty value? This will also be useful when running an SEV VM directly with
QEMU.
Are there any objections or concerns? I could work on the patches but wanted to
ping the community first and get some feedback. Would QEMU be the proper place
to handle that? Any thoughts?
[1] https://libvirt.org/kbase/launch_security_sev.html#virtio-net
[2] https://gitlab.com/qemu-project/qemu/-/commit/9f88a7a3df
--
Vasily Ulyanov <vulyanov@suse.de>
Software Engineer, SUSE Labs Core
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Adjusting the default ROM option for SEV guests,
Vasily Ulyanov <=