miloserdoff commented on issue #10009: URL: https://github.com/apache/cloudstack/issues/10009#issuecomment-2987817828
@weizhouapache Thanks, this really helped me get SEV-SNP enabled VMs up and running! > > [@weizhouapache](https://github.com/weizhouapache) Hello. I added LaunchSecurity block via extrahosts to enable SEV-SNP support. And I got the error: > > LibvirtException org.libvirt.LibvirtException: unsupported configuration: 'sev-snp' launch security is not supported with this QEMU binary > > Are there any options for replacing tag values? > > For example: cpu mode="custom" match="exact" check="full"> replace with cpu mode='host-model' check='none'/> And emulator>/usr/bin/qemu-system-x86_64 replace with emulator>/home/user/sev-snp/qemu-system-x86_64 > > for CPU mode, you can refer to https://docs.cloudstack.apache.org/en/latest/installguide/hypervisor/kvm.html#configure-cpu-model-for-kvm-guest-optional > > there is no way to customize the cpu. you can create symblink if all vms use the same virtual CPU > > > > [@weizhouapache](https://github.com/weizhouapache) When I tried to launch the guest OS via qemu-system-x86_64, everything was fine. > > > > > > > > > does the guest OS (not host) support SEV-SNP ? if yes, can you share the dumpxml of the VM ? > > > > > > [sev-snp.txt](https://github.com/user-attachments/files/20627699/sev-snp.txt) > > This is the libvirt configuration that allowed me to start the VM and enable SEV-SNP on it. [ PASS ] - SEV: ENABLED [ PASS ] - SEV-ES: ENABLED [ PASS ] - SNP: ENABLED [ PASS ] - Optional Features statuses: [ PASS ] - VTOM: DISABLED [ PASS ] - ReflectVC: DISABLED [ PASS ] - Restricted Injection: DISABLED [ PASS ] - Alternate Injection: DISABLED [ PASS ] - Debug Swap: DISABLED [ PASS ] - Prevent Host IBS: DISABLED [ PASS ] - SNP BTB Isolation: DISABLED [ PASS ] - VMPL SSS: DISABLED [ PASS ] - Secure TSE: DISABLED [ PASS ] - VMG Exit Parameter: DISABLED [ PASS ] - IBS Virtualization: DISABLED [ PASS ] - VMSA Reg Prot: DISABLED [ PASS ] - SMT Protection: DISABLED > > [@miloserdoff](https://github.com/miloserdoff) I commented on another issue some days ago: [#9912 (comment)](https://github.com/apache/cloudstack/discussions/9912#discussioncomment-12794076) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
