Subject: linux-image-5.5.0-2-amd64 won't boot in a AMD SEV Virtual Machine Package: src:linux Version: 5.5.17-1 Severity: important
The boot failure is total: not even a console log can be seen, and seems to be due to the necessary memory encryption option not being set in the debian kernel: # CONFIG_AMD_MEM_ENCRYPT is not set In spite of the fact that the rest of the SEV encryption variables are set: CONFIG_KVM_AMD_SEV=y CONFIG_USB_SEVSEG=m So I'm reporting this on the assumption that it is supposed to work out of the box and not setting AMD_MEM_ENCRYPT was an oversight. Not setting this means that all the I/O devices are sending encrypted memory pages through to QEMU which is what's causing the hang. With this set, the kernel would bounce all the encrypted pages into unencrypted pages before sending them to devices. James
