[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Adjusting the default ROM option for SEV guests
From: |
Claudio Fontana |
Subject: |
Re: Adjusting the default ROM option for SEV guests |
Date: |
Wed, 6 Jul 2022 16:57:40 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 |
Hello all
any comment on this one? It seems it would make sense to disable option roms
for SEV by default in QEMU, any feedback anyone?
Thanks,
Claudio
On 5/11/22 13:30, Vasily Ulyanov wrote:
> Hello QEMU devs,
>
> Currently to launch an SEV guest there are certain requirements for the VM
> configuration. One such is that ROM option needs to be disabled for virtio-net
> devices [1]. The tools like virt-install or libvirt rely on the QEMU defaults
> if
> the ROM value is not provided (the default for virtio-net is set to
> romfile=efi-virtio.rom). Eventually this leads to unbootable guest and poor
> user
> experience as it is now mandatory to explicitly disable the ROM option.
>
> There is a similar situation with iommu_platform, though that seems to be
> addressed already in [2] and QEMU adjusts the defaults depending on whether it
> is a confidential guest or not.
>
> Wouldn't it make sense to also handle the romfile like that in QEMU? I.e. in
> the
> case when an SEV guest is run and no romfile is explicitly specified set it to
> an empty value? This will also be useful when running an SEV VM directly with
> QEMU.
>
> Are there any objections or concerns? I could work on the patches but wanted
> to
> ping the community first and get some feedback. Would QEMU be the proper place
> to handle that? Any thoughts?
>
> [1] https://libvirt.org/kbase/launch_security_sev.html#virtio-net
> [2] https://gitlab.com/qemu-project/qemu/-/commit/9f88a7a3df
>
- Re: Adjusting the default ROM option for SEV guests,
Claudio Fontana <=