miloserdoff commented on issue #10009: URL: https://github.com/apache/cloudstack/issues/10009#issuecomment-2949026635
> > [@weizhouapache](https://github.com/weizhouapache) When I tried to launch the guest OS via qemu-system-x86_64, everything was fine. > > does the guest OS (not host) support SEV-SNP ? if yes, can you share the dumpxml of the VM ? `<domain type='kvm'> <name>VM_NAME</name> <uuid>uid</uuid> <description>Debian GNU/Linux 12 (64-bit)</description> <memory unit='KiB'>8392704</memory> <currentMemory unit='KiB'>8392704</currentMemory> <vcpu placement='static'>1</vcpu> <cputune> <shares>87</shares> </cputune> <resource> <partition>/machine</partition> </resource> <sysinfo type='smbios'> <system> <entry name='manufacturer'>Apache Software Foundation</entry> <entry name='product'>CloudStack KVM Hypervisor</entry> <entry name='serial'>uid</entry> <entry name='uuid'>uid</entry> </system> </sysinfo> <os> <type arch='x86_64' machine='pc-i440fx-7.0'>hvm</type> <loader readonly='yes' type='rom'>/path/to/OVMF.fd</loader> <nvram>/path/to/OVMF_VARS.fd</nvram> <boot dev='cdrom'/> <boot dev='hd'/> <smbios mode='sysinfo'/> </os> <features> <acpi/> <apic/> <pae/> </features> <cpu mode='host-model' check='none'/> <clock offset='utc'> <timer name='kvmclock'/> </clock> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/path/to/qemu-system-x86_64</emulator> <disk type='file' device='disk'> <driver name='qemu' type='qcow2' cache='none'/> <source file='/mnt/57d2e553-446c-3dd9-9c89-03e59e905b84/138ce8b4-b3d8-4e34-bcbe-4ec526346b7b'/> <target dev='vda' bus='virtio'/> <serial>138ce8b4b3d84e34bcbe</serial> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> </disk> <disk type='file' device='cdrom'> <driver name='qemu' type='raw'/> <target dev='hdc' bus='ide'/> <readonly/> <address type='drive' controller='0' bus='1' target='0' unit='0'/> </disk> <controller type='usb' index='0' model='piix3-uhci'> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> </controller> <controller type='pci' index='0' model='pci-root'/> <controller type='ide' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> </controller> <controller type='virtio-serial' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> </controller> <interface type='bridge'> <mac address='mac'/> <source bridge='bridge'/> <bandwidth> <inbound average='25600' peak='25600'/> <outbound average='25600' peak='25600'/> </bandwidth> <model type='virtio'/> <link state='up'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <serial type='pty'> <target type='isa-serial' port='0'> <model name='isa-serial'/> </target> </serial> <console type='pty'> <target type='serial' port='0'/> </console> <channel type='unix'> <source mode='bind' path='/var/lib/libvirt/qemu/vm_name.org.qemu.guest_agent.0'/> <target type='virtio' name='org.qemu.guest_agent.0'/> <address type='virtio-serial' controller='0' bus='0' port='1'/> </channel> <input type='tablet' bus='usb'> <address type='usb' bus='0' port='1'/> </input> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> <audio id='1' type='none'/> <video> <model type='cirrus' vram='16384' heads='1' primary='yes'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </video> <watchdog model='i6300esb' action='none'> <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/> </watchdog> <memballoon model='virtio'> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> </memballoon> </devices> <seclabel type='dynamic' model='dac' relabel='yes'/> <launchSecurity type='sev-snp'> <cbitpos>51</cbitpos> <reducedPhysBits>6</reducedPhysBits> <policy>0x00030000</policy> </launchSecurity> </domain>` This is the libvirt configuration that allowed me to start the VM and enable SEV-SNP on it. [ PASS ] - SEV: ENABLED [ PASS ] - SEV-ES: ENABLED [ PASS ] - SNP: ENABLED [ PASS ] - Optional Features statuses: [ PASS ] - VTOM: DISABLED [ PASS ] - ReflectVC: DISABLED [ PASS ] - Restricted Injection: DISABLED [ PASS ] - Alternate Injection: DISABLED [ PASS ] - Debug Swap: DISABLED [ PASS ] - Prevent Host IBS: DISABLED [ PASS ] - SNP BTB Isolation: DISABLED [ PASS ] - VMPL SSS: DISABLED [ PASS ] - Secure TSE: DISABLED [ PASS ] - VMG Exit Parameter: DISABLED [ PASS ] - IBS Virtualization: DISABLED [ PASS ] - VMSA Reg Prot: DISABLED [ PASS ] - SMT Protection: DISABLED -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
