Public bug reported: On Noble 24.04
When I try to run AMD-SEV ES VM on supported hardware: AMD CPU EPYC with this domain definition: <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'> <name>sev</name> <memory unit='GiB'>16</memory> <memoryBacking> <locked/> </memoryBacking> <vcpu placement="static">32</vcpu> <os> <type arch='x86_64' machine='q35'>hvm</type> <loader type='rom' readonly='yes'>/usr/share/qemu/OVMF.fd</loader> <boot dev='hd'/> </os> <cpu mode='host-model' check='partial'> <model fallback='allow'/> </cpu> <devices> <emulator>/usr/bin/qemu-system-x86_64</emulator> <disk type="file" device="disk"> <driver name="qemu" type="qcow2"/> <source file="/tmp/ubuntu-24.04-server-cloudimg-amd64.img"/> <target dev="vda" bus="virtio"/> </disk> </devices> <allowReboot value='no'/> <launchSecurity type='sev'> <policy>0x5</policy> </launchSecurity> </domain> NB: you might want to adapt /tmp/ubuntu-24.04-server-cloudimg-amd64.img to another Ubuntu cloud image. I run into this error: error: Failed to start domain 'sev' error: internal error: process exited while connecting to monitor: 2025-10-10T15:21:49.413092Z qemu-system-x86_64: -accel kvm: sev_kvm_init: Failed to open /dev/sev 'Permission denied' 2025-10-10T15:21:49.432040Z qemu-system-x86_64: -accel kvm: failed to initialize kvm: Operation not permitted If I add: dev/sev rw, in the libvirt-qemu abstraction (/etc/apparmor.d/abstractions/libvirt- qemu) and restart libvirtd, the VM can be run fine. ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New ** Affects: libvirt (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: libvirt (Ubuntu Noble) Importance: Undecided Status: New ** Description changed: On Noble 24.04 When I try to run AMD-SEV ES VM on supported hardware: AMD CPU EPYC with this domain definition: - - <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'> - <name>sev</name> - <memory unit='GiB'>16</memory> - <memoryBacking> - <locked/> - </memoryBacking> - <vcpu placement="static">32</vcpu> - <os> - <type arch='x86_64' machine='q35'>hvm</type> - <loader type='rom' readonly='yes'>/usr/share/qemu/OVMF.fd</loader> - <boot dev='hd'/> - </os> - <cpu mode='host-model' check='partial'> - <model fallback='allow'/> - </cpu> - <devices> - <emulator>/usr/bin/qemu-system-x86_64</emulator> - <disk type="file" device="disk"> - <driver name="qemu" type="qcow2"/> - <source file="/tmp/ubuntu-24.04-server-cloudimg-amd64.img"/> - <target dev="vda" bus="virtio"/> - </disk> - </devices> - <allowReboot value='no'/> - <launchSecurity type='sev'> - <policy>0x5</policy> - </launchSecurity> - </domain> + <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'> + <name>sev</name> + <memory unit='GiB'>16</memory> + <memoryBacking> + <locked/> + </memoryBacking> + <vcpu placement="static">32</vcpu> + <os> + <type arch='x86_64' machine='q35'>hvm</type> + <loader type='rom' readonly='yes'>/usr/share/qemu/OVMF.fd</loader> + <boot dev='hd'/> + </os> + <cpu mode='host-model' check='partial'> + <model fallback='allow'/> + </cpu> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <disk type="file" device="disk"> + <driver name="qemu" type="qcow2"/> + <source file="/tmp/ubuntu-24.04-server-cloudimg-amd64.img"/> + <target dev="vda" bus="virtio"/> + </disk> + </devices> + <allowReboot value='no'/> + <launchSecurity type='sev'> + <policy>0x5</policy> + </launchSecurity> + </domain> NB: you might want to adapt /tmp/ubuntu-24.04-server-cloudimg-amd64.img to another Ubuntu cloud image. - I run into this error: - error: Failed to start domain 'sev' error: internal error: process exited while connecting to monitor: 2025-10-10T15:21:49.413092Z qemu-system-x86_64: -accel kvm: sev_kvm_init: Failed to open /dev/sev 'Permission denied' 2025-10-10T15:21:49.432040Z qemu-system-x86_64: -accel kvm: failed to initialize kvm: Operation not permitted + + + If I add: + + dev/sev rw, + + in the libvirt-qemu abstraction (/etc/apparmor.d/abstractions/libvirt- + qemu) and restart libvirtd, the VM can be run fine. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2127492 Title: permission denied for /dev/sev when run AMD-SEV ES VM To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2127492/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
