)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":6962,"name":"Kashyap Chamarthy","email":"kchamart@redhat.com","username":"kashyapc"},"change_message_id":"daffb4d82f0d5b1e583fe59032b3d2f67fcbe0d9","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"8d25ef25_609abd4b","updated":"2024-04-10 15:13:20.000000000","message":"An important thing I forgot to note in my first review:\n\n- AMD SEV-ES is known to be vulnerable in its \"attestation\" mechanism.  It goes back to 2022; this is fixed with their SEV-SNP tech; see: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1004.html\n\n- The above affects 1st/2nd/3rd Gen AMD EPYC processors\n\n- The protection of CPU registers offered by SEV-ES is not affected.\n\nThe main question we should ask ourselves is: Is it worth investing the effort in SEV-ES (with its limited security protection) or wait for SEV-SNP support to land in QEMU, libvirt, OVMF, et al, and focus on it?","commit_id":"7c4933d86f23cb3964513293e4e5e772f9875a97"},{"author":{"_account_id":6962,"name":"Kashyap Chamarthy","email":"kchamart@redhat.com","username":"kashyapc"},"change_message_id":"367fa2824f82657b8206a9916d04087a2f70c921","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"a09447d5_b675545c","updated":"2024-04-10 12:48:03.000000000","message":"Hi!  Thanks for taking this on. :-)  I support the idea itself!  This is a \"soft -1\" to discuss some initial comments inline.","commit_id":"7c4933d86f23cb3964513293e4e5e772f9875a97"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"d396b1868e49f514d12b592e178ea70d554c328a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"970e17ec_f47b82f9","in_reply_to":"8d25ef25_609abd4b","updated":"2024-04-22 02:53:23.000000000","message":"Attestation mechanism is currently out of scope of this work, because the mechanism supported by SEV/SEV-ES is heavily dependent on hypervisor feature and is not suitable for confidential computing use case. So the known vulnerability is not a big blocker for the current work.\n\nBecause SEV-SNP is still under active development (even after a few years) and SEV-ES has been available for some time, it\u0027s still useful to provide the functionality in case users are looking for better data protection mechanism than SEV.","commit_id":"7c4933d86f23cb3964513293e4e5e772f9875a97"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"01adb71e28b23016b2e6f9023f30c00001628f4c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":15,"id":"3ce9b408_3a60ce0f","updated":"2024-05-14 10:47:53.000000000","message":"I have a set of requests and questions inline.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"54029a6706c56358d0270b09583dfe2792c17b18","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":17,"id":"129483ab_20d713c8","updated":"2024-07-18 09:49:30.000000000","message":"I still have a few comments but I don\u0027t want to hold this spec, so please just provide a FUP patch for my comments.","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"9ae0fa0d99ae872752434a9a991c6c9f65c477e9","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":17,"id":"788e3ad8_ac3f7b7a","updated":"2024-07-18 10:22:28.000000000","message":"OK with me. My concerns were answered / addressed. Given that today is the spec freeze deadline, I\u0027m OK to land this and have a follow up patch documenting some of the late agreements.","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b55e9e7b3958a7a2ddb81e558089f4a4a91771ce","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":17,"id":"576ed252_10eda103","updated":"2024-07-21 13:19:15.000000000","message":"Thanks ! I\u0027ve submitted https://review.opendev.org/c/openstack/nova-specs/+/924563 to address the remaining comments.","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"}],"specs/2024.1/approved/amd-sev-es-libvirt-support.rst":[{"author":{"_account_id":30073,"name":"Brendan Shephard","email":"bshephar@bne-home.net","username":"bshephar"},"change_message_id":"0b5469a265ef096e17aa12e8d120b8cc33d67536","unresolved":true,"context_lines":[{"line_number":30,"context_line":"   At the time or writing AMD already released CPUs which supports SEV-SNP, but"},{"line_number":31,"context_line":"   the required hypervisor features to use SEV-SNP are not yet merged into"},{"line_number":32,"context_line":"   the underlying components(kernel, QEMU, libvirt and ovmf). So in this spec"},{"line_number":33,"context_line":"   we focus on SEV-ES. We attempt to keep the proposal as much compatiblre with"},{"line_number":34,"context_line":"   SEV-SNP as possible, based on the implementations published by AMD."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Use Cases"}],"source_content_type":"text/x-rst","patch_set":5,"id":"97a525c5_865614a0","line":33,"range":{"start_line":33,"start_character":63,"end_line":33,"end_character":74},"updated":"2024-02-06 14:35:37.000000000","message":"nit, spelling: compatible","commit_id":"8c9e0e9b5f6ea6e301861ddef39c3dedee5ce83b"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"4015265423c481340aef0b95a374be56a968a409","unresolved":false,"context_lines":[{"line_number":30,"context_line":"   At the time or writing AMD already released CPUs which supports SEV-SNP, but"},{"line_number":31,"context_line":"   the required hypervisor features to use SEV-SNP are not yet merged into"},{"line_number":32,"context_line":"   the underlying components(kernel, QEMU, libvirt and ovmf). So in this spec"},{"line_number":33,"context_line":"   we focus on SEV-ES. We attempt to keep the proposal as much compatiblre with"},{"line_number":34,"context_line":"   SEV-SNP as possible, based on the implementations published by AMD."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Use Cases"}],"source_content_type":"text/x-rst","patch_set":5,"id":"5bede191_a2df1585","line":33,"range":{"start_line":33,"start_character":63,"end_line":33,"end_character":74},"in_reply_to":"97a525c5_865614a0","updated":"2024-02-07 02:13:29.000000000","message":"Done","commit_id":"8c9e0e9b5f6ea6e301861ddef39c3dedee5ce83b"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"4386bc2bf1dce06aa74029f07d4339cc816beffa","unresolved":true,"context_lines":[{"line_number":212,"context_line":"Other contributors:"},{"line_number":213,"context_line":"  None"},{"line_number":214,"context_line":""},{"line_number":215,"context_line":"Work Items"},{"line_number":216,"context_line":"----------"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"Work items or tasks -- break the feature up into the things that need to be"}],"source_content_type":"text/x-rst","patch_set":9,"id":"ef39b6f6_785ad17c","line":215,"updated":"2024-02-07 12:00:29.000000000","message":"Oops. I have to fill this section.","commit_id":"51f6e249fdeece3c5b8b4c3dbb5d87c66504879b"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"1c599513c5eec7573cd0444a8ed7497439364f11","unresolved":false,"context_lines":[{"line_number":212,"context_line":"Other contributors:"},{"line_number":213,"context_line":"  None"},{"line_number":214,"context_line":""},{"line_number":215,"context_line":"Work Items"},{"line_number":216,"context_line":"----------"},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"Work items or tasks -- break the feature up into the things that need to be"}],"source_content_type":"text/x-rst","patch_set":9,"id":"9844c805_9becf4b7","line":215,"in_reply_to":"ef39b6f6_785ad17c","updated":"2024-02-07 13:54:53.000000000","message":"Done","commit_id":"51f6e249fdeece3c5b8b4c3dbb5d87c66504879b"}],"specs/2024.2/approved/amd-sev-es-libvirt-support.rst":[{"author":{"_account_id":6962,"name":"Kashyap Chamarthy","email":"kchamart@redhat.com","username":"kashyapc"},"change_message_id":"367fa2824f82657b8206a9916d04087a2f70c921","unresolved":true,"context_lines":[{"line_number":18,"context_line":"Problem description"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"Current libvirt driver supports launching instances with memory encryption by"},{"line_number":22,"context_line":"`AMD\u0027s SEV (Secure Encrypted Virtualization) technology"},{"line_number":23,"context_line":"\u003chttps://developer.amd.com/sev/\u003e`_. However the current implementation supports"},{"line_number":24,"context_line":"only AMD SEV, and does not support new versions. For exmaple SEV-ES also"},{"line_number":25,"context_line":"encrypts all CPU register contents when a VM stops running, to achieve more"},{"line_number":26,"context_line":"complete protection of VM data, but users can\u0027t leverage these features because"},{"line_number":27,"context_line":"of this limitation."},{"line_number":28,"context_line":""},{"line_number":29,"context_line":".. note::"},{"line_number":30,"context_line":"   At the time or writing AMD already released CPUs which supports SEV-SNP, but"}],"source_content_type":"text/x-rst","patch_set":13,"id":"2c29a6ca_64a4fd1c","line":27,"range":{"start_line":21,"start_character":1,"end_line":27,"end_character":19},"updated":"2024-04-10 12:48:03.000000000","message":"We should also mention the important limitation of plain SEV that SEV-ES solves:\n\n- With plain SEV, the maximum number of encryption keys possible are 16.  Each VM consumes a key to protect its memory.  So you can run only 16 guests with encrypted memory.\n\n- With SEV-ES, this limit is increased to 500.  So, with SEV-ES, you can run about 500 \"encrypted\" guests (with protected memory and CPU register state).","commit_id":"7c4933d86f23cb3964513293e4e5e772f9875a97"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"54029a6706c56358d0270b09583dfe2792c17b18","unresolved":true,"context_lines":[{"line_number":18,"context_line":"Problem description"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"Current libvirt driver supports launching instances with memory encryption by"},{"line_number":22,"context_line":"`AMD\u0027s SEV (Secure Encrypted Virtualization) technology"},{"line_number":23,"context_line":"\u003chttps://developer.amd.com/sev/\u003e`_. However the current implementation supports"},{"line_number":24,"context_line":"only AMD SEV, and does not support new versions. For exmaple SEV-ES also"},{"line_number":25,"context_line":"encrypts all CPU register contents when a VM stops running, to achieve more"},{"line_number":26,"context_line":"complete protection of VM data, but users can\u0027t leverage these features because"},{"line_number":27,"context_line":"of this limitation."},{"line_number":28,"context_line":""},{"line_number":29,"context_line":".. note::"},{"line_number":30,"context_line":"   At the time or writing AMD already released CPUs which supports SEV-SNP, but"}],"source_content_type":"text/x-rst","patch_set":13,"id":"d85c122d_f3b14e60","line":27,"range":{"start_line":21,"start_character":1,"end_line":27,"end_character":19},"in_reply_to":"0419b6eb_348aff91","updated":"2024-07-18 09:49:30.000000000","message":"I\u0027m fine with the current content here","commit_id":"7c4933d86f23cb3964513293e4e5e772f9875a97"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"d396b1868e49f514d12b592e178ea70d554c328a","unresolved":true,"context_lines":[{"line_number":18,"context_line":"Problem description"},{"line_number":19,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"Current libvirt driver supports launching instances with memory encryption by"},{"line_number":22,"context_line":"`AMD\u0027s SEV (Secure Encrypted Virtualization) technology"},{"line_number":23,"context_line":"\u003chttps://developer.amd.com/sev/\u003e`_. However the current implementation supports"},{"line_number":24,"context_line":"only AMD SEV, and does not support new versions. For exmaple SEV-ES also"},{"line_number":25,"context_line":"encrypts all CPU register contents when a VM stops running, to achieve more"},{"line_number":26,"context_line":"complete protection of VM data, but users can\u0027t leverage these features because"},{"line_number":27,"context_line":"of this limitation."},{"line_number":28,"context_line":""},{"line_number":29,"context_line":".. note::"},{"line_number":30,"context_line":"   At the time or writing AMD already released CPUs which supports SEV-SNP, but"}],"source_content_type":"text/x-rst","patch_set":13,"id":"0419b6eb_348aff91","line":27,"range":{"start_line":21,"start_character":1,"end_line":27,"end_character":19},"in_reply_to":"2c29a6ca_64a4fd1c","updated":"2024-04-22 02:53:23.000000000","message":"This is not a difference between SEV and SEV-ES but one between EPYC gen 1 and gen 2. Number of slots is not dependent on CPU features but CPU model.","commit_id":"7c4933d86f23cb3964513293e4e5e772f9875a97"},{"author":{"_account_id":6962,"name":"Kashyap Chamarthy","email":"kchamart@redhat.com","username":"kashyapc"},"change_message_id":"367fa2824f82657b8206a9916d04087a2f70c921","unresolved":true,"context_lines":[{"line_number":27,"context_line":"of this limitation."},{"line_number":28,"context_line":""},{"line_number":29,"context_line":".. note::"},{"line_number":30,"context_line":"   At the time or writing AMD already released CPUs which supports SEV-SNP, but"},{"line_number":31,"context_line":"   the required hypervisor features to use SEV-SNP are not yet merged into"},{"line_number":32,"context_line":"   the underlying components(kernel, QEMU, libvirt and ovmf). So in this spec"},{"line_number":33,"context_line":"   we focus on SEV-ES. We attempt to keep the proposal as much compatible with"},{"line_number":34,"context_line":"   SEV-SNP as possible, based on the implementations published by AMD."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Use Cases"},{"line_number":37,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":13,"id":"5fadd814_5e5680cc","line":34,"range":{"start_line":30,"start_character":0,"end_line":34,"end_character":70},"updated":"2024-04-10 12:48:03.000000000","message":"Thanks for mentioning the \"keep the proposal as much compatible\" with SEV-SNP as possible.  \n\nI know SEV-SNP is still a work in progress in lower layers, and is more complex than ES — just the QEMU RFC itself seems to be quite complicated.  Here\u0027s[1] the latest in-progress v3 of SEV-SNP support on qemu-devel.\n\n\n[1] https://lists.gnu.org/archive/html/qemu-devel/2024-03/msg04978.html\n-- [PATCH RFC v3 00/49] Add AMD Secure Nested Paging (SEV-SNP) support","commit_id":"7c4933d86f23cb3964513293e4e5e772f9875a97"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"d396b1868e49f514d12b592e178ea70d554c328a","unresolved":false,"context_lines":[{"line_number":27,"context_line":"of this limitation."},{"line_number":28,"context_line":""},{"line_number":29,"context_line":".. note::"},{"line_number":30,"context_line":"   At the time or writing AMD already released CPUs which supports SEV-SNP, but"},{"line_number":31,"context_line":"   the required hypervisor features to use SEV-SNP are not yet merged into"},{"line_number":32,"context_line":"   the underlying components(kernel, QEMU, libvirt and ovmf). So in this spec"},{"line_number":33,"context_line":"   we focus on SEV-ES. We attempt to keep the proposal as much compatible with"},{"line_number":34,"context_line":"   SEV-SNP as possible, based on the implementations published by AMD."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Use Cases"},{"line_number":37,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":13,"id":"f7abbbd2_21de7bde","line":34,"range":{"start_line":30,"start_character":0,"end_line":34,"end_character":70},"in_reply_to":"5fadd814_5e5680cc","updated":"2024-04-22 02:53:23.000000000","message":"yeah. I\u0027m also leaving the link for kernel patch for future reference. Fortunately the kernel patch is likely merged quite soon so I hope the work in QEMU would progress further.\n\nhttps://lore.kernel.org/linux-coco/20240421180122.1650812-1-michael.roth@amd.com/T/#t","commit_id":"7c4933d86f23cb3964513293e4e5e772f9875a97"},{"author":{"_account_id":6962,"name":"Kashyap Chamarthy","email":"kchamart@redhat.com","username":"kashyapc"},"change_message_id":"367fa2824f82657b8206a9916d04087a2f70c921","unresolved":true,"context_lines":[{"line_number":54,"context_line":"We propose extending the existing implementation to support launching instances"},{"line_number":55,"context_line":"with SEV functionality."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"- Add detection of host SEV-ES capabilities, which checks the following items."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"  - The presence of the following XML in the response from a libvirt"},{"line_number":60,"context_line":"    `virConnectGetDomainCapabilities()"}],"source_content_type":"text/x-rst","patch_set":13,"id":"66c58da5_c2719fc4","line":57,"updated":"2024-04-10 12:48:03.000000000","message":"Also consider the below two things:\n\n- `virt-qemu-sev-validate` tool[2] — it lets you \"validate\" the measurement of a SEV-ES guest, among other features.  Even if we don\u0027t use this, we should at least mention this in the documentation.\n\n- Boot attestation — users who know why they want to use SEV-ES usually also know that \"guest boot attestation\" important before they can trust that the guest is truly confidential.  Again, we don\u0027t have to do it as part of this change, but at least we should point to upstream libvirt docs[3] to give enough guidance.\n\n  It also talks about the requirements, such as the expected configuration of  the \"\u003claunchSecurity\u003e\" XML element, (already part of Nova\u0027s XML modelling code).\n  \n[2] https://libvirt.org/manpages/virt-qemu-sev-validate.html\n\n[3] https://libvirt.org/kbase/launch_security_sev.html#guest-attestation-for-sev-sev-es-from-a-trusted-host","commit_id":"7c4933d86f23cb3964513293e4e5e772f9875a97"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"d396b1868e49f514d12b592e178ea70d554c328a","unresolved":false,"context_lines":[{"line_number":54,"context_line":"We propose extending the existing implementation to support launching instances"},{"line_number":55,"context_line":"with SEV functionality."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"- Add detection of host SEV-ES capabilities, which checks the following items."},{"line_number":58,"context_line":""},{"line_number":59,"context_line":"  - The presence of the following XML in the response from a libvirt"},{"line_number":60,"context_line":"    `virConnectGetDomainCapabilities()"}],"source_content_type":"text/x-rst","patch_set":13,"id":"59a9748f_b2db9825","line":57,"in_reply_to":"66c58da5_c2719fc4","updated":"2024-04-22 02:53:23.000000000","message":"I included the description about attestation (using measurement). As described, I\u0027ll leave it as out of our current scope.","commit_id":"7c4933d86f23cb3964513293e4e5e772f9875a97"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"01adb71e28b23016b2e6f9023f30c00001628f4c","unresolved":true,"context_lines":[{"line_number":38,"context_line":""},{"line_number":39,"context_line":"#. As a cloud administrator, in order that my users can have more confidence"},{"line_number":40,"context_line":"   in the security of their running instances, I want to provide a flavor"},{"line_number":41,"context_line":"   containing the  `required trait extra spec"},{"line_number":42,"context_line":"   \u003chttps://docs.openstack.org/nova/latest/user/flavors.html#extra-specs-required-traits\u003e`_"},{"line_number":43,"context_line":"   which will allow users booting instances with that flavor to ensure"},{"line_number":44,"context_line":"   that their instances run on an SEV-ES-capable compute host with SEV-ES"}],"source_content_type":"text/x-rst","patch_set":15,"id":"2770b42c_cf806e3e","line":41,"updated":"2024-05-14 10:47:53.000000000","message":"on the PTG we agree to have a hw:mem_encryption_model flavor extra spec and nova will translate that to a placement trait request to placment","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"510297bf01b1429a1e2a4744f833782b5f3eb7db","unresolved":false,"context_lines":[{"line_number":38,"context_line":""},{"line_number":39,"context_line":"#. As a cloud administrator, in order that my users can have more confidence"},{"line_number":40,"context_line":"   in the security of their running instances, I want to provide a flavor"},{"line_number":41,"context_line":"   containing the  `required trait extra spec"},{"line_number":42,"context_line":"   \u003chttps://docs.openstack.org/nova/latest/user/flavors.html#extra-specs-required-traits\u003e`_"},{"line_number":43,"context_line":"   which will allow users booting instances with that flavor to ensure"},{"line_number":44,"context_line":"   that their instances run on an SEV-ES-capable compute host with SEV-ES"}],"source_content_type":"text/x-rst","patch_set":15,"id":"6c939059_97f21dfe","line":41,"in_reply_to":"2770b42c_cf806e3e","updated":"2024-05-14 13:35:40.000000000","message":"I brought this from the original SEV spec but I agree it\u0027s not very precise. I\u0027ve updated this in the current version.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"01adb71e28b23016b2e6f9023f30c00001628f4c","unresolved":true,"context_lines":[{"line_number":89,"context_line":"  nested resource providers are created per-model::"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"    +------------+     +----------------------------+"},{"line_number":92,"context_line":"    | compute RP +--+--+ SEV RP                     |"},{"line_number":93,"context_line":"    +------------+  |  | trait:HW_CPU_AMD_SEV       |"},{"line_number":94,"context_line":"                    |  +------------------------+---+"},{"line_number":95,"context_line":"                    |  | MEM_ENCRYPTION_CONTEXT | N |"}],"source_content_type":"text/x-rst","patch_set":15,"id":"ef18a81b_67030a55","line":92,"updated":"2024-05-14 10:47:53.000000000","message":"note: make sure that the name of the nested RP is unique across the whole cloud. The easiest way to achieve it by including the name of the root RP into the name of the nested RP","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"510297bf01b1429a1e2a4744f833782b5f3eb7db","unresolved":false,"context_lines":[{"line_number":89,"context_line":"  nested resource providers are created per-model::"},{"line_number":90,"context_line":""},{"line_number":91,"context_line":"    +------------+     +----------------------------+"},{"line_number":92,"context_line":"    | compute RP +--+--+ SEV RP                     |"},{"line_number":93,"context_line":"    +------------+  |  | trait:HW_CPU_AMD_SEV       |"},{"line_number":94,"context_line":"                    |  +------------------------+---+"},{"line_number":95,"context_line":"                    |  | MEM_ENCRYPTION_CONTEXT | N |"}],"source_content_type":"text/x-rst","patch_set":15,"id":"367efc2f_021718f6","line":92,"in_reply_to":"ef18a81b_67030a55","updated":"2024-05-14 13:35:40.000000000","message":"That\u0027s a good point and I agree including the name of the root PR is a very good idea. I\u0027ve described that point in the latest version. If we have better naming method then I\u0027ll update it accordingly.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"01adb71e28b23016b2e6f9023f30c00001628f4c","unresolved":true,"context_lines":[{"line_number":107,"context_line":"     allocated for ES guests and non-ES guests exclusively, from the total"},{"line_number":108,"context_line":"     ASIDs available. Minimum ASID for SEV (non-ES) guests, which is"},{"line_number":109,"context_line":"     effectively same as maxumum ASID for ES guests, should be configured in"},{"line_number":110,"context_line":"     BIOS (or UEFI) to use SEV-ES."},{"line_number":111,"context_line":""},{"line_number":112,"context_line":"  .. note::"},{"line_number":113,"context_line":"     SEV-SNP uses the same ASID pool for ES by default when cyphertext hiding"}],"source_content_type":"text/x-rst","patch_set":15,"id":"1d81022d_474d352d","line":110,"updated":"2024-05-14 10:47:53.000000000","message":"As per PTG note that nova won\u0027t support changing the BIOS regarding enabling / disabling SEV features or changing the static allocation between SEV and SEV-ES of instances already running on the compute host. \nThe nova-compute startup logic needs to detect such change and refuse to start up if such change is detected. (I think we might be less strict and only refuse to start if any of the previously existing resource is removed and there are instances using those resources. I.e. enabling new resources alone should not be an issue)","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"9ae0fa0d99ae872752434a9a991c6c9f65c477e9","unresolved":true,"context_lines":[{"line_number":107,"context_line":"     allocated for ES guests and non-ES guests exclusively, from the total"},{"line_number":108,"context_line":"     ASIDs available. Minimum ASID for SEV (non-ES) guests, which is"},{"line_number":109,"context_line":"     effectively same as maxumum ASID for ES guests, should be configured in"},{"line_number":110,"context_line":"     BIOS (or UEFI) to use SEV-ES."},{"line_number":111,"context_line":""},{"line_number":112,"context_line":"  .. note::"},{"line_number":113,"context_line":"     SEV-SNP uses the same ASID pool for ES by default when cyphertext hiding"}],"source_content_type":"text/x-rst","patch_set":15,"id":"5ad8b947_50b51998","line":110,"in_reply_to":"0bdabefb_7f4424ae","updated":"2024-07-18 10:22:28.000000000","message":"@kajinamit@oss.nttdata.com thanks. I agree with your assessment about the cases we can / cannot support. \n\n@sbauza@redhat.com Top of the documentation point I would like to see some checks in the nova-compute startup code at least for the two cases we cannot support listed above.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"510297bf01b1429a1e2a4744f833782b5f3eb7db","unresolved":true,"context_lines":[{"line_number":107,"context_line":"     allocated for ES guests and non-ES guests exclusively, from the total"},{"line_number":108,"context_line":"     ASIDs available. Minimum ASID for SEV (non-ES) guests, which is"},{"line_number":109,"context_line":"     effectively same as maxumum ASID for ES guests, should be configured in"},{"line_number":110,"context_line":"     BIOS (or UEFI) to use SEV-ES."},{"line_number":111,"context_line":""},{"line_number":112,"context_line":"  .. note::"},{"line_number":113,"context_line":"     SEV-SNP uses the same ASID pool for ES by default when cyphertext hiding"}],"source_content_type":"text/x-rst","patch_set":15,"id":"43779785_896e4ec1","line":110,"in_reply_to":"1d81022d_474d352d","updated":"2024-05-14 13:35:40.000000000","message":"I think what we should not support are\n * Disabling SEV when SEV-enabled instances are assigned to the node\n * Reducing SEV ASID to the number less than SEV-enabled instances allocated to the node\n \nwhile we may be able to support\n * Enabling SEV-ES(or even SEV)\n * Reducing SEV ASID as long as enough number of ASIDs are kept for the allocated SEV-enabled instances\n\nEspecially allowing users to enable SEV-ES without requiring them to move around the existing SEV-enabled instances may be useful.\n\nI can add a validation logic which obtains number of SEV/SEV-ES enabled guests and check the feature availability and available slots to catch the unsupported case.\n\nI didn\u0027t add the validation to the explicit TODO list because I could not find similar validations to detect features disabled after allocations, but I can cover it if that sounds like a must-have feature here.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"54029a6706c56358d0270b09583dfe2792c17b18","unresolved":true,"context_lines":[{"line_number":107,"context_line":"     allocated for ES guests and non-ES guests exclusively, from the total"},{"line_number":108,"context_line":"     ASIDs available. Minimum ASID for SEV (non-ES) guests, which is"},{"line_number":109,"context_line":"     effectively same as maxumum ASID for ES guests, should be configured in"},{"line_number":110,"context_line":"     BIOS (or UEFI) to use SEV-ES."},{"line_number":111,"context_line":""},{"line_number":112,"context_line":"  .. note::"},{"line_number":113,"context_line":"     SEV-SNP uses the same ASID pool for ES by default when cyphertext hiding"}],"source_content_type":"text/x-rst","patch_set":15,"id":"0bdabefb_7f4424ae","line":110,"in_reply_to":"43779785_896e4ec1","updated":"2024-07-18 09:49:30.000000000","message":"looks to me just a documentation point.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b55e9e7b3958a7a2ddb81e558089f4a4a91771ce","unresolved":false,"context_lines":[{"line_number":107,"context_line":"     allocated for ES guests and non-ES guests exclusively, from the total"},{"line_number":108,"context_line":"     ASIDs available. Minimum ASID for SEV (non-ES) guests, which is"},{"line_number":109,"context_line":"     effectively same as maxumum ASID for ES guests, should be configured in"},{"line_number":110,"context_line":"     BIOS (or UEFI) to use SEV-ES."},{"line_number":111,"context_line":""},{"line_number":112,"context_line":"  .. note::"},{"line_number":113,"context_line":"     SEV-SNP uses the same ASID pool for ES by default when cyphertext hiding"}],"source_content_type":"text/x-rst","patch_set":15,"id":"e90a050b_400ef5d7","line":110,"in_reply_to":"5ad8b947_50b51998","updated":"2024-07-21 13:19:15.000000000","message":"Added a description which mentions such validations. Does it make sense ?","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"01adb71e28b23016b2e6f9023f30c00001628f4c","unresolved":true,"context_lines":[{"line_number":110,"context_line":"     BIOS (or UEFI) to use SEV-ES."},{"line_number":111,"context_line":""},{"line_number":112,"context_line":"  .. note::"},{"line_number":113,"context_line":"     SEV-SNP uses the same ASID pool for ES by default when cyphertext hiding"},{"line_number":114,"context_line":"     is not requested, and the HW_CPU_AMD_SEV_ANP trait may be added to"},{"line_number":115,"context_line":"     the SEV-ES RP when SEV-SNP support is added::"},{"line_number":116,"context_line":""},{"line_number":117,"context_line":"        +------------+     +----------------------------+"},{"line_number":118,"context_line":"        | compute RP +--+--+ SEV RP                     |"}],"source_content_type":"text/x-rst","patch_set":15,"id":"2a40e1c6_ff3094b1","line":115,"range":{"start_line":113,"start_character":0,"end_line":115,"end_character":50},"updated":"2024-05-14 10:47:53.000000000","message":"Am I correct that it is out of scope of the current spec? If so then please note it.\nAlso the HW_CPU_AMD_SEV_SNP_CH and HW_CPU_AMD_SEV_ANP traits are not really explained here.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"510297bf01b1429a1e2a4744f833782b5f3eb7db","unresolved":false,"context_lines":[{"line_number":110,"context_line":"     BIOS (or UEFI) to use SEV-ES."},{"line_number":111,"context_line":""},{"line_number":112,"context_line":"  .. note::"},{"line_number":113,"context_line":"     SEV-SNP uses the same ASID pool for ES by default when cyphertext hiding"},{"line_number":114,"context_line":"     is not requested, and the HW_CPU_AMD_SEV_ANP trait may be added to"},{"line_number":115,"context_line":"     the SEV-ES RP when SEV-SNP support is added::"},{"line_number":116,"context_line":""},{"line_number":117,"context_line":"        +------------+     +----------------------------+"},{"line_number":118,"context_line":"        | compute RP +--+--+ SEV RP                     |"}],"source_content_type":"text/x-rst","patch_set":15,"id":"7cf4061d_86963272","line":115,"range":{"start_line":113,"start_character":0,"end_line":115,"end_character":50},"in_reply_to":"2a40e1c6_ff3094b1","updated":"2024-05-14 13:35:40.000000000","message":"This is out of scope of this spec, but I\u0027m writing this to catch any potential problems early before we actually start working on SEV-SNP support implementation. What I\u0027m not very clear about here is the impact of adding a new trait to an existing RP (we may need to add a new SEV_SNP trait to SEV-ES RP when the hypervisor supports SEV-SNP) and would like to understand if any concern would be found by reviewers at this point.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"01adb71e28b23016b2e6f9023f30c00001628f4c","unresolved":true,"context_lines":[{"line_number":138,"context_line":""},{"line_number":139,"context_line":"- Add support for a new ``hw:mem_encryption_model`` parameter in flavor"},{"line_number":140,"context_line":"  extra specs, and a new ``hw_mem_encryption_model`` image property. When"},{"line_number":141,"context_line":"  either of these is set to ``amd-sev-es`` along with the parameter/propery to"},{"line_number":142,"context_line":"  enable memory encryption, it would be internally translated to"},{"line_number":143,"context_line":"  ``resources:MEM_ENCRYPTION_CONTEXT\u003d1`` and"},{"line_number":144,"context_line":"  ``trait:HW_CPU_AMD_SEV_ES\u003drequired`` which would be added to the flavor extra"}],"source_content_type":"text/x-rst","patch_set":15,"id":"30e7ac0a_8bb564b7","line":141,"updated":"2024-05-14 10:47:53.000000000","message":"What will happen if both the flavor and the image property is set but to a conflicting value?","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"510297bf01b1429a1e2a4744f833782b5f3eb7db","unresolved":false,"context_lines":[{"line_number":138,"context_line":""},{"line_number":139,"context_line":"- Add support for a new ``hw:mem_encryption_model`` parameter in flavor"},{"line_number":140,"context_line":"  extra specs, and a new ``hw_mem_encryption_model`` image property. When"},{"line_number":141,"context_line":"  either of these is set to ``amd-sev-es`` along with the parameter/propery to"},{"line_number":142,"context_line":"  enable memory encryption, it would be internally translated to"},{"line_number":143,"context_line":"  ``resources:MEM_ENCRYPTION_CONTEXT\u003d1`` and"},{"line_number":144,"context_line":"  ``trait:HW_CPU_AMD_SEV_ES\u003drequired`` which would be added to the flavor extra"}],"source_content_type":"text/x-rst","patch_set":15,"id":"7f83e161_ce8a78fe","line":141,"in_reply_to":"30e7ac0a_8bb564b7","updated":"2024-05-14 13:35:40.000000000","message":"It should be rejected. I\u0027ve described that point more clearly.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"01adb71e28b23016b2e6f9023f30c00001628f4c","unresolved":true,"context_lines":[{"line_number":161,"context_line":"   the guest attestation feature once SEV-SNP is generally available, because"},{"line_number":162,"context_line":"   SEV-SNP provides a better mechanism for guest attestation, using the special"},{"line_number":163,"context_line":"   device presented to guest machines to obtain attestation reports."},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"Alternatives"},{"line_number":166,"context_line":"------------"},{"line_number":167,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"6d995679_c05c9698","line":164,"updated":"2024-05-14 10:47:53.000000000","message":"What VM lifecycle operations will not be supported on a SEV-ES VM? Is it the same as on SEV VMs? https://docs.openstack.org/nova/latest/admin/sev.html#impermanent-limitations\n\nDoes the other limitations like PCI passthrough, machine type, disk bus etc, applies to the SEV-ES VMs as is? Is there any further limitations?","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b55e9e7b3958a7a2ddb81e558089f4a4a91771ce","unresolved":false,"context_lines":[{"line_number":161,"context_line":"   the guest attestation feature once SEV-SNP is generally available, because"},{"line_number":162,"context_line":"   SEV-SNP provides a better mechanism for guest attestation, using the special"},{"line_number":163,"context_line":"   device presented to guest machines to obtain attestation reports."},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"Alternatives"},{"line_number":166,"context_line":"------------"},{"line_number":167,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"b3a88c2a_6a554608","line":164,"in_reply_to":"3f5edd54_117532cf","updated":"2024-07-21 13:19:15.000000000","message":"Added the reference to the existing AMD-SEV limitations","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"510297bf01b1429a1e2a4744f833782b5f3eb7db","unresolved":true,"context_lines":[{"line_number":161,"context_line":"   the guest attestation feature once SEV-SNP is generally available, because"},{"line_number":162,"context_line":"   SEV-SNP provides a better mechanism for guest attestation, using the special"},{"line_number":163,"context_line":"   device presented to guest machines to obtain attestation reports."},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"Alternatives"},{"line_number":166,"context_line":"------------"},{"line_number":167,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"8cb226bd_b0ea8d23","line":164,"in_reply_to":"6d995679_c05c9698","updated":"2024-05-14 13:35:40.000000000","message":"The same set of limitations apply to SEV-ES.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"9ae0fa0d99ae872752434a9a991c6c9f65c477e9","unresolved":true,"context_lines":[{"line_number":161,"context_line":"   the guest attestation feature once SEV-SNP is generally available, because"},{"line_number":162,"context_line":"   SEV-SNP provides a better mechanism for guest attestation, using the special"},{"line_number":163,"context_line":"   device presented to guest machines to obtain attestation reports."},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"Alternatives"},{"line_number":166,"context_line":"------------"},{"line_number":167,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"3f5edd54_117532cf","line":164,"in_reply_to":"74d90cbe_065670f6","updated":"2024-07-18 10:22:28.000000000","message":"OK with me.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"54029a6706c56358d0270b09583dfe2792c17b18","unresolved":true,"context_lines":[{"line_number":161,"context_line":"   the guest attestation feature once SEV-SNP is generally available, because"},{"line_number":162,"context_line":"   SEV-SNP provides a better mechanism for guest attestation, using the special"},{"line_number":163,"context_line":"   device presented to guest machines to obtain attestation reports."},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"Alternatives"},{"line_number":166,"context_line":"------------"},{"line_number":167,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"74d90cbe_065670f6","line":164,"in_reply_to":"8cb226bd_b0ea8d23","updated":"2024-07-18 09:49:30.000000000","message":"we could add this in a follow-up patch for this spec.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"01adb71e28b23016b2e6f9023f30c00001628f4c","unresolved":true,"context_lines":[{"line_number":234,"context_line":"Finally, a cloud administrator will need to define SEV-ES-enabled flavors"},{"line_number":235,"context_line":"as described above, unless it is sufficient for users to define"},{"line_number":236,"context_line":"SEV-ES-enabled images."},{"line_number":237,"context_line":""},{"line_number":238,"context_line":"Developer impact"},{"line_number":239,"context_line":"----------------"},{"line_number":240,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"445fde93_e97b1f28","line":237,"updated":"2024-05-14 10:47:53.000000000","message":"Does the existing config option https://docs.openstack.org/nova/latest/configuration/config.html#libvirt.num_memory_encrypted_guests will automatically apply to both SEV and SEV-ES or will there be a separate ES specific config option? This is especially interesting in deployment with \u003c libvirt 8.0.0","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"510297bf01b1429a1e2a4744f833782b5f3eb7db","unresolved":true,"context_lines":[{"line_number":234,"context_line":"Finally, a cloud administrator will need to define SEV-ES-enabled flavors"},{"line_number":235,"context_line":"as described above, unless it is sufficient for users to define"},{"line_number":236,"context_line":"SEV-ES-enabled images."},{"line_number":237,"context_line":""},{"line_number":238,"context_line":"Developer impact"},{"line_number":239,"context_line":"----------------"},{"line_number":240,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"c62d384f_029c6dab","line":237,"in_reply_to":"445fde93_e97b1f28","updated":"2024-05-14 13:35:40.000000000","message":"If we implement such manual configuration then we need a separate option. However I\u0027d prefer avoid implementing option per model because it may complicate config interface.\n\nWhat I\u0027d propose here is to require the detection feature in libvirt to use SEV-ES and do not provide the option for ES (and probably deprecate that config option).\n\nThis means that we do not allow using SEV-ES with libvirt \u003c8.0.0 although it\u0027s technically capable but the limitation may not be quite severe given the fact that libvirt 8.0.0 is the next minimum libvirt version and now major distros such as centos 9 or ubuntu 24.04 provide newer version of libvirt.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b55e9e7b3958a7a2ddb81e558089f4a4a91771ce","unresolved":true,"context_lines":[{"line_number":234,"context_line":"Finally, a cloud administrator will need to define SEV-ES-enabled flavors"},{"line_number":235,"context_line":"as described above, unless it is sufficient for users to define"},{"line_number":236,"context_line":"SEV-ES-enabled images."},{"line_number":237,"context_line":""},{"line_number":238,"context_line":"Developer impact"},{"line_number":239,"context_line":"----------------"},{"line_number":240,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"71801e57_cb894459","line":237,"in_reply_to":"a4addc5f_73eeb44d","updated":"2024-07-21 13:19:15.000000000","message":"Added note about not adding a new option and deprecating the existing one.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"54029a6706c56358d0270b09583dfe2792c17b18","unresolved":true,"context_lines":[{"line_number":234,"context_line":"Finally, a cloud administrator will need to define SEV-ES-enabled flavors"},{"line_number":235,"context_line":"as described above, unless it is sufficient for users to define"},{"line_number":236,"context_line":"SEV-ES-enabled images."},{"line_number":237,"context_line":""},{"line_number":238,"context_line":"Developer impact"},{"line_number":239,"context_line":"----------------"},{"line_number":240,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"c762bf22_d6278ef3","line":237,"in_reply_to":"c62d384f_029c6dab","updated":"2024-07-18 09:49:30.000000000","message":"Then you need to add this in the spec.\nGiven the time we have for today, I\u0027m fine with a follow-up change.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"9ae0fa0d99ae872752434a9a991c6c9f65c477e9","unresolved":true,"context_lines":[{"line_number":234,"context_line":"Finally, a cloud administrator will need to define SEV-ES-enabled flavors"},{"line_number":235,"context_line":"as described above, unless it is sufficient for users to define"},{"line_number":236,"context_line":"SEV-ES-enabled images."},{"line_number":237,"context_line":""},{"line_number":238,"context_line":"Developer impact"},{"line_number":239,"context_line":"----------------"},{"line_number":240,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"a4addc5f_73eeb44d","line":237,"in_reply_to":"c762bf22_d6278ef3","updated":"2024-07-18 10:22:28.000000000","message":"I\u0027m OK not allowing to turn on SEV-ES with libvirt \u003c 8.0.0. This simplifies the implementation.","commit_id":"09f666ee7378e1f863c7bde6673ef60f2ae0db30"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"afee31aef8e2e0b8af8a7ecd72bf65f448b87abe","unresolved":true,"context_lines":[{"line_number":101,"context_line":"                       | MEM_ENCRYPTION_CONTEXT | N |"},{"line_number":102,"context_line":"                       +------------------------+---+"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"  The SEV RP is named ``\u003cnodename\u003e_sev`` and the SEV-ES RP is named"},{"line_number":105,"context_line":"  ``\u003cnodename\u003e_sev_es``, so that the RP names are unique in the cluster."},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"  .. note::"}],"source_content_type":"text/x-rst","patch_set":16,"id":"7507966f_80601e50","line":104,"range":{"start_line":104,"start_character":34,"end_line":104,"end_character":38},"updated":"2024-06-25 17:00:06.000000000","message":"it\u0027s probably better to use amd_sev to make the naming consistent with the model name in image property.","commit_id":"b9079de231e319d4ebf1cd1abdc8c83ca1d50fb9"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"93c4a6d2532e5075bc3041841be6af05bc30b65b","unresolved":false,"context_lines":[{"line_number":101,"context_line":"                       | MEM_ENCRYPTION_CONTEXT | N |"},{"line_number":102,"context_line":"                       +------------------------+---+"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"  The SEV RP is named ``\u003cnodename\u003e_sev`` and the SEV-ES RP is named"},{"line_number":105,"context_line":"  ``\u003cnodename\u003e_sev_es``, so that the RP names are unique in the cluster."},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"  .. note::"}],"source_content_type":"text/x-rst","patch_set":16,"id":"b17a5339_730b9a6b","line":104,"range":{"start_line":104,"start_character":34,"end_line":104,"end_character":38},"in_reply_to":"7507966f_80601e50","updated":"2024-06-25 17:03:44.000000000","message":"Done","commit_id":"b9079de231e319d4ebf1cd1abdc8c83ca1d50fb9"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"54029a6706c56358d0270b09583dfe2792c17b18","unresolved":false,"context_lines":[{"line_number":31,"context_line":"   the required hypervisor features to use SEV-SNP are not yet merged into"},{"line_number":32,"context_line":"   the underlying components(kernel, QEMU, libvirt and ovmf). So in this spec"},{"line_number":33,"context_line":"   we focus on SEV-ES. We attempt to keep the proposal as much compatible with"},{"line_number":34,"context_line":"   SEV-SNP as possible, based on the implementations published by AMD."},{"line_number":35,"context_line":""},{"line_number":36,"context_line":"Use Cases"},{"line_number":37,"context_line":"---------"}],"source_content_type":"text/x-rst","patch_set":17,"id":"d3492966_99b09600","line":34,"updated":"2024-07-18 09:49:30.000000000","message":"++","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"54029a6706c56358d0270b09583dfe2792c17b18","unresolved":false,"context_lines":[{"line_number":74,"context_line":""},{"line_number":75,"context_line":"    Also the ``maxESGuests`` field should be present and its value should be"},{"line_number":76,"context_line":"    a positive (non-zero) value."},{"line_number":77,"context_line":""},{"line_number":78,"context_line":"  - ``/sys/module/kvm_amd/parameters/sev_es`` should have the value ``Y``"},{"line_number":79,"context_line":"    to indicate that the kernel has SEV capabilities enabled.  This"},{"line_number":80,"context_line":"    should be readable by any user (i.e. even non-root)."}],"source_content_type":"text/x-rst","patch_set":17,"id":"27dc66c6_08eb6460","line":77,"updated":"2024-07-18 09:49:30.000000000","message":"this is more terchnically detailed that we usually need in a spec, but I appreciate it.","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"54029a6706c56358d0270b09583dfe2792c17b18","unresolved":false,"context_lines":[{"line_number":77,"context_line":""},{"line_number":78,"context_line":"  - ``/sys/module/kvm_amd/parameters/sev_es`` should have the value ``Y``"},{"line_number":79,"context_line":"    to indicate that the kernel has SEV capabilities enabled.  This"},{"line_number":80,"context_line":"    should be readable by any user (i.e. even non-root)."},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"- Add the new ``HW_CPU_AMD_SEV_ES`` trait to os-traits."},{"line_number":83,"context_line":""}],"source_content_type":"text/x-rst","patch_set":17,"id":"a9094f2f_25d29e95","line":80,"updated":"2024-07-18 09:49:30.000000000","message":"noted, no need to escalate privileges, then.\n\nPlease note that we already lookup sysfs by some methods in https://github.com/openstack/nova/blob/master/nova/filesystem.py\n\n(this is not a request for you to add this link in that spec, just a FYI for your implementation patches)","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"54029a6706c56358d0270b09583dfe2792c17b18","unresolved":false,"context_lines":[{"line_number":99,"context_line":"                       | trait:HW_CPU_AMD_SEV_ES    |"},{"line_number":100,"context_line":"                       +------------------------+---+"},{"line_number":101,"context_line":"                       | MEM_ENCRYPTION_CONTEXT | N |"},{"line_number":102,"context_line":"                       +------------------------+---+"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"  The SEV RP is named ``\u003cnodename\u003e_amd_sev`` and the SEV-ES RP is named"},{"line_number":105,"context_line":"  ``\u003cnodename\u003e_amd_sev_es``, so that the RP names are unique in the cluster."}],"source_content_type":"text/x-rst","patch_set":17,"id":"0e5a1ef7_b417f2ac","line":102,"updated":"2024-07-18 09:49:30.000000000","message":"that\u0027s what we agreed on the PTG session, indeed.","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"54029a6706c56358d0270b09583dfe2792c17b18","unresolved":false,"context_lines":[{"line_number":143,"context_line":"     Note that SEV-SNP support is out of the current scope and this design"},{"line_number":144,"context_line":"     needs further dicsussion when the support is actually implemented. It is"},{"line_number":145,"context_line":"     described here to explain the potential plan to extend the RP structure"},{"line_number":146,"context_line":"     in the future."},{"line_number":147,"context_line":""},{"line_number":148,"context_line":"- Add support for a new ``hw:mem_encryption_model`` parameter in flavor"},{"line_number":149,"context_line":"  extra specs, and a new ``hw_mem_encryption_model`` image property. When"}],"source_content_type":"text/x-rst","patch_set":17,"id":"2d7edaa5_7573b2aa","line":146,"updated":"2024-07-18 09:49:30.000000000","message":"noted, honestly it wasn\u0027t needed, but fine.","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":9708,"name":"Balazs Gibizer","display_name":"gibi","email":"gibizer@gmail.com","username":"gibi"},"change_message_id":"9ae0fa0d99ae872752434a9a991c6c9f65c477e9","unresolved":true,"context_lines":[{"line_number":154,"context_line":"  specs in the ``RequestSpec`` object. If these new model parameter/property is"},{"line_number":155,"context_line":"  absent or set to ``amd-sev`` then it would be translated to"},{"line_number":156,"context_line":"  ``resources:MEM_ENCRYPTION_CONTEXT\u003d1`` and"},{"line_number":157,"context_line":"  ``trait:HW_CPU_AMD_SEV\u003drequired``. If conflicting models are requestd by"},{"line_number":158,"context_line":"  the instance flavor and the instance image (for example the flavor has"},{"line_number":159,"context_line":"  ``hw:mem_encryption_model\u003damd-sev`` but the image has"},{"line_number":160,"context_line":"  ``hw_mem_encryption_model\u003damd-sev-es``) then the request is rejected. Also"}],"source_content_type":"text/x-rst","patch_set":17,"id":"4be37cf2_68711b40","line":157,"range":{"start_line":157,"start_character":63,"end_line":157,"end_character":71},"updated":"2024-07-18 10:22:28.000000000","message":"nit: requested","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b55e9e7b3958a7a2ddb81e558089f4a4a91771ce","unresolved":false,"context_lines":[{"line_number":154,"context_line":"  specs in the ``RequestSpec`` object. If these new model parameter/property is"},{"line_number":155,"context_line":"  absent or set to ``amd-sev`` then it would be translated to"},{"line_number":156,"context_line":"  ``resources:MEM_ENCRYPTION_CONTEXT\u003d1`` and"},{"line_number":157,"context_line":"  ``trait:HW_CPU_AMD_SEV\u003drequired``. If conflicting models are requestd by"},{"line_number":158,"context_line":"  the instance flavor and the instance image (for example the flavor has"},{"line_number":159,"context_line":"  ``hw:mem_encryption_model\u003damd-sev`` but the image has"},{"line_number":160,"context_line":"  ``hw_mem_encryption_model\u003damd-sev-es``) then the request is rejected. Also"}],"source_content_type":"text/x-rst","patch_set":17,"id":"f1ccebb5_bfd842c0","line":157,"range":{"start_line":157,"start_character":63,"end_line":157,"end_character":71},"in_reply_to":"4be37cf2_68711b40","updated":"2024-07-21 13:19:15.000000000","message":"Done","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"54029a6706c56358d0270b09583dfe2792c17b18","unresolved":true,"context_lines":[{"line_number":212,"context_line":""},{"line_number":213,"context_line":"No performance impact on nova is anticipated."},{"line_number":214,"context_line":""},{"line_number":215,"context_line":"Perfomance impact for the other parts are same as the existing SEV support"},{"line_number":216,"context_line":"feature."},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"Other deployer impact"}],"source_content_type":"text/x-rst","patch_set":17,"id":"8a409712_472611ca","line":215,"range":{"start_line":215,"start_character":0,"end_line":215,"end_character":10},"updated":"2024-07-18 09:49:30.000000000","message":"nit: Performance","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b55e9e7b3958a7a2ddb81e558089f4a4a91771ce","unresolved":false,"context_lines":[{"line_number":212,"context_line":""},{"line_number":213,"context_line":"No performance impact on nova is anticipated."},{"line_number":214,"context_line":""},{"line_number":215,"context_line":"Perfomance impact for the other parts are same as the existing SEV support"},{"line_number":216,"context_line":"feature."},{"line_number":217,"context_line":""},{"line_number":218,"context_line":"Other deployer impact"}],"source_content_type":"text/x-rst","patch_set":17,"id":"fa8e8114_256904ea","line":215,"range":{"start_line":215,"start_character":0,"end_line":215,"end_character":10},"in_reply_to":"8a409712_472611ca","updated":"2024-07-21 13:19:15.000000000","message":"Done","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"54029a6706c56358d0270b09583dfe2792c17b18","unresolved":true,"context_lines":[{"line_number":237,"context_line":""},{"line_number":238,"context_line":"  - kernel \u003e\u003d 4.16"},{"line_number":239,"context_line":"  - QEMU \u003e\u003d 6.1.0"},{"line_number":240,"context_line":"  - libvirt \u003e\u003d 8.0.0"},{"line_number":241,"context_line":"  - ovmf \u003e\u003d commit 7f0b28415cb4 2020-08-12"},{"line_number":242,"context_line":""},{"line_number":243,"context_line":"  .. note::"}],"source_content_type":"text/x-rst","patch_set":17,"id":"411d2023_7d54aa30","line":240,"updated":"2024-07-18 09:49:30.000000000","message":"Given our current min versions [1], then you need to check that (in the driver code) for SEV-ES\n\n[1] https://github.com/openstack/nova/blob/e82854dc8c514e457528b52834d79176fe5a2135/nova/virt/libvirt/driver.py#L219-L222","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"31f241db5457415be66472d2614aa49b4a5fba9e","unresolved":true,"context_lines":[{"line_number":237,"context_line":""},{"line_number":238,"context_line":"  - kernel \u003e\u003d 4.16"},{"line_number":239,"context_line":"  - QEMU \u003e\u003d 6.1.0"},{"line_number":240,"context_line":"  - libvirt \u003e\u003d 8.0.0"},{"line_number":241,"context_line":"  - ovmf \u003e\u003d commit 7f0b28415cb4 2020-08-12"},{"line_number":242,"context_line":""},{"line_number":243,"context_line":"  .. note::"}],"source_content_type":"text/x-rst","patch_set":17,"id":"12c6921a_d676bdaa","line":240,"in_reply_to":"0534d2ee_db635a11","updated":"2024-07-23 16:28:58.000000000","message":"Hmm... Looking at the libvirt implementation again I noticed it does not really check that QEMU supports SEV-ES... so we have to check at least QEMU version is met. I\u0027ll explain it.\n\nAlso, it turned out the min QEMU version to support SEV-ES is not 6.1.0 but 6.0.0. I\u0027ll correct that, too.","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b55e9e7b3958a7a2ddb81e558089f4a4a91771ce","unresolved":true,"context_lines":[{"line_number":237,"context_line":""},{"line_number":238,"context_line":"  - kernel \u003e\u003d 4.16"},{"line_number":239,"context_line":"  - QEMU \u003e\u003d 6.1.0"},{"line_number":240,"context_line":"  - libvirt \u003e\u003d 8.0.0"},{"line_number":241,"context_line":"  - ovmf \u003e\u003d commit 7f0b28415cb4 2020-08-12"},{"line_number":242,"context_line":""},{"line_number":243,"context_line":"  .. note::"}],"source_content_type":"text/x-rst","patch_set":17,"id":"0534d2ee_db635a11","line":240,"in_reply_to":"411d2023_7d54aa30","updated":"2024-07-21 13:19:15.000000000","message":"In short, No.\n\nIf the version requirement of QEMU and libvirt is met then libvirt should expose minimum SEV-ES guests. So if the information is not present then we can assume that\n - QEMU and/or libvirt is too old\n - QEMU and libvirt meet the requirement but the feature is not available\n\nBecause the current logic in libvirt does not check the kernel version we have to check it explicitly (and this is what I proposed in the implementation details).","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"54029a6706c56358d0270b09583dfe2792c17b18","unresolved":true,"context_lines":[{"line_number":278,"context_line":"#. Add the new ``HW_CPU_AMD_SEV_ES`` trait for os-traits"},{"line_number":279,"context_line":""},{"line_number":280,"context_line":"#. Add detection of host SEV-ES capabilities as detailed above and reshaping"},{"line_number":281,"context_line":"   of existing MEMO_ENCRYPTION_CONTEXT resource."},{"line_number":282,"context_line":""},{"line_number":283,"context_line":"#. Add ``mem_encryption_model`` property to ImageMeta object"},{"line_number":284,"context_line":""}],"source_content_type":"text/x-rst","patch_set":17,"id":"cc963331_a0a4b719","line":281,"updated":"2024-07-18 09:49:30.000000000","message":"again, please remember you need to check the libvirt and qemu versions too then.","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b55e9e7b3958a7a2ddb81e558089f4a4a91771ce","unresolved":false,"context_lines":[{"line_number":278,"context_line":"#. Add the new ``HW_CPU_AMD_SEV_ES`` trait for os-traits"},{"line_number":279,"context_line":""},{"line_number":280,"context_line":"#. Add detection of host SEV-ES capabilities as detailed above and reshaping"},{"line_number":281,"context_line":"   of existing MEMO_ENCRYPTION_CONTEXT resource."},{"line_number":282,"context_line":""},{"line_number":283,"context_line":"#. Add ``mem_encryption_model`` property to ImageMeta object"},{"line_number":284,"context_line":""}],"source_content_type":"text/x-rst","patch_set":17,"id":"17a47ad2_e5af7905","line":281,"in_reply_to":"cc963331_a0a4b719","updated":"2024-07-21 13:19:15.000000000","message":"See my comment above.","commit_id":"63c4572d92be40430f0c2013d37c6891887c84fe"}]}