Hello, I took a look on this bug report, And here are my thoughts:
For Ubuntu Noble 24.04: 1) To enable AMD-SEV ES, we do not need a special build of OVMF (OVMF.amdsev.fd) as proposed by the SRU MP The default OVMF.fd is enough to have AMD-SEV ES support. With this being said, the proposed SRU covers way more than the original ask from the reporter. The original ask is to add "amd-sev-es" feature into one of the descriptor file that has AMD-SEV SE support. IMO adding this feature into the /usr/share/qemu/firmware/60-edk2-x86_64.json is enough. 2) Assuming that we still want this proposed SRU, the test plan is not 100% accurate and uncomplete. a) It is not accurate at several places but the most notable one is about checking the character device /dev/sev-guest in the guest. After checking the kernel source code, this device driver is only dedicated to AMD SEV-SNP guest (https://github.com/torvalds/linux/blob/cd5a0afbdf8033dc83786315d63f8b325bdba2fd/drivers/virt/coco/sev-guest/sev-guest.c#L636) Instead of verifying the character device, one way to verify the AMD-SEV ES support in the guest is to look for the message in dmesg: "Memory Encryption Features active: AMD SEV SEV-ES" b) It is uncomplete because we also need to verify that the descriptor change works and it allows the automatic selection of the OVMF file when a AMD-SEV ES VM is run (e.g. by libvirt). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2122286 Title: firmware definitions lack "amd-sev-es" feature To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2122286/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
