)]}'
{"specs/2026.1/approved/arm-cca-libvirt-support.rst":[{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"1524cd8a813d70347f0335ed945f36e46bf9b664","unresolved":true,"context_lines":[{"line_number":78,"context_line":"  - Fix the usage of ``LibvirtDriver._get_mem_encryption_config()``."},{"line_number":79,"context_line":"    There are codes that the function is used for checking whether the VM"},{"line_number":80,"context_line":"    requests SEV, instead of VM memory encryption. VMs with SEV require"},{"line_number":81,"context_line":"    iommu, memory lockdown, etc. while Arm CCA does not need such treatment."},{"line_number":82,"context_line":"    In order to be ready for adding Arm CCA support, introduce properties"},{"line_number":83,"context_line":"    for ``MemEncryptionConfig`` that give information whether the memory"},{"line_number":84,"context_line":"    encrytion model requests iommu/memory lockdown/etc. and use the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"18ec309a_70ce67e4","line":81,"range":{"start_line":81,"start_character":18,"end_line":81,"end_character":26},"updated":"2025-09-16 16:45:39.000000000","message":"I\u0027m just curious, but how CCA allows memory swap to work ? Does kernel just dumps encrypted memory data to swap ?","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"722bf3496be52514fe66b23c2ed10831cf89c025","unresolved":true,"context_lines":[{"line_number":78,"context_line":"  - Fix the usage of ``LibvirtDriver._get_mem_encryption_config()``."},{"line_number":79,"context_line":"    There are codes that the function is used for checking whether the VM"},{"line_number":80,"context_line":"    requests SEV, instead of VM memory encryption. VMs with SEV require"},{"line_number":81,"context_line":"    iommu, memory lockdown, etc. while Arm CCA does not need such treatment."},{"line_number":82,"context_line":"    In order to be ready for adding Arm CCA support, introduce properties"},{"line_number":83,"context_line":"    for ``MemEncryptionConfig`` that give information whether the memory"},{"line_number":84,"context_line":"    encrytion model requests iommu/memory lockdown/etc. and use the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"911a9dd8_914de8a9","line":81,"range":{"start_line":81,"start_character":18,"end_line":81,"end_character":26},"in_reply_to":"18ec309a_70ce67e4","updated":"2025-09-30 09:33:47.000000000","message":"I noted about memory locking at https://review.opendev.org/c/openstack/nova-specs/+/960777/4..5.\n\nThe hardware and kernel of Arm CCA is designed to prevent confidential VM guest memory from being swapped out to the host\u0027s disk. For this reason, specifying MEMLOCKED in the libvirt XML is not necessary.","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"1524cd8a813d70347f0335ed945f36e46bf9b664","unresolved":true,"context_lines":[{"line_number":127,"context_line":"    written for SEV(-ES). The checks should only be applied for the"},{"line_number":128,"context_line":"    SEV(-ES) memory encryption model."},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"- Add detection of host CCA capabilities by checking the following XML"},{"line_number":131,"context_line":"  in the response from a libvirt"},{"line_number":132,"context_line":"  `virConnectGetDomainCapabilities()"},{"line_number":133,"context_line":"  \u003chttps://libvirt.org/html/libvirt-libvirt-domain.html#virConnectGetDomainCapabilities\u003e`."},{"line_number":134,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"4cde2744_6ba67697","line":131,"range":{"start_line":130,"start_character":0,"end_line":131,"end_character":32},"updated":"2025-09-16 16:45:39.000000000","message":"Is there anything else you have to check ? For AMD SEV/SEV-ES we also check SEV/SEV-ES feature is enabled in kvm kernel module. Does kvm module for ARM have a similar knob ?","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"a2372148630e68d3b81d0df04b456ad3bd1fd736","unresolved":true,"context_lines":[{"line_number":127,"context_line":"    written for SEV(-ES). The checks should only be applied for the"},{"line_number":128,"context_line":"    SEV(-ES) memory encryption model."},{"line_number":129,"context_line":""},{"line_number":130,"context_line":"- Add detection of host CCA capabilities by checking the following XML"},{"line_number":131,"context_line":"  in the response from a libvirt"},{"line_number":132,"context_line":"  `virConnectGetDomainCapabilities()"},{"line_number":133,"context_line":"  \u003chttps://libvirt.org/html/libvirt-libvirt-domain.html#virConnectGetDomainCapabilities\u003e`."},{"line_number":134,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"f24c4048_c0860653","line":131,"range":{"start_line":130,"start_character":0,"end_line":131,"end_character":32},"in_reply_to":"4cde2744_6ba67697","updated":"2025-09-24 12:25:09.000000000","message":"I\u0027ve added a note. Unlike SEV/SEV-ES, there\u0027s no need to check kernel parameters like `/sys/module/kvm_amd/parameters/sev` for Arm CCA. No further checks are required.","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"1524cd8a813d70347f0335ed945f36e46bf9b664","unresolved":true,"context_lines":[{"line_number":151,"context_line":"    This functionality-oriented check should preempt the need for any"},{"line_number":152,"context_line":"    version checking in the driver."},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"- Add the new ``COMPUTE_SECURITY_ARM_CCA`` trait to os-traits."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"    .. note::"},{"line_number":157,"context_line":"       It is not suitable for CCA to add a trait under hw.cpu.aarch64 because:"}],"source_content_type":"text/x-rst","patch_set":1,"id":"ebed2754_36b364e6","line":154,"range":{"start_line":154,"start_character":16,"end_line":154,"end_character":40},"updated":"2025-09-16 16:45:39.000000000","message":"I may want to hear some opinions from cores, but IIUC COMPUTE traits are used for software capability and I think a HW trait would be more appropriate.","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"1524cd8a813d70347f0335ed945f36e46bf9b664","unresolved":true,"context_lines":[{"line_number":168,"context_line":"  nested resource providers are created per-model. This change follows"},{"line_number":169,"context_line":"  `AMD SEV-ES Spec. \u003chttps://specs.openstack.org/openstack/nova-specs/specs/2025.1/approved/amd-sev-es-libvirt-support.html\u003e`_::"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"    +------------+     +----------------------------+"},{"line_number":172,"context_line":"    | compute RP +--+--+ SEV RP                     |"},{"line_number":173,"context_line":"    +------------+  |  | trait:HW_CPU_AMD_SEV       |"},{"line_number":174,"context_line":"                    |  +------------------------+---+"}],"source_content_type":"text/x-rst","patch_set":1,"id":"0afbb99a_4c43df76","line":171,"updated":"2025-09-16 16:45:39.000000000","message":"I don\u0027t think this describes any possible real scenario, because AMD SEV features may never be available in ARM. We should probably remove the RPs for SEV to avoid confusions.","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"a2372148630e68d3b81d0df04b456ad3bd1fd736","unresolved":true,"context_lines":[{"line_number":168,"context_line":"  nested resource providers are created per-model. This change follows"},{"line_number":169,"context_line":"  `AMD SEV-ES Spec. \u003chttps://specs.openstack.org/openstack/nova-specs/specs/2025.1/approved/amd-sev-es-libvirt-support.html\u003e`_::"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"    +------------+     +----------------------------+"},{"line_number":172,"context_line":"    | compute RP +--+--+ SEV RP                     |"},{"line_number":173,"context_line":"    +------------+  |  | trait:HW_CPU_AMD_SEV       |"},{"line_number":174,"context_line":"                    |  +------------------------+---+"}],"source_content_type":"text/x-rst","patch_set":1,"id":"49a83a49_d7525c3f","line":171,"in_reply_to":"0afbb99a_4c43df76","updated":"2025-09-24 12:25:09.000000000","message":"I fixed","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"0fdc1aa7af145dfe033f044366421926e68e8f62","unresolved":false,"context_lines":[{"line_number":168,"context_line":"  nested resource providers are created per-model. This change follows"},{"line_number":169,"context_line":"  `AMD SEV-ES Spec. \u003chttps://specs.openstack.org/openstack/nova-specs/specs/2025.1/approved/amd-sev-es-libvirt-support.html\u003e`_::"},{"line_number":170,"context_line":""},{"line_number":171,"context_line":"    +------------+     +----------------------------+"},{"line_number":172,"context_line":"    | compute RP +--+--+ SEV RP                     |"},{"line_number":173,"context_line":"    +------------+  |  | trait:HW_CPU_AMD_SEV       |"},{"line_number":174,"context_line":"                    |  +------------------------+---+"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9583a187_01f3e1fb","line":171,"in_reply_to":"49a83a49_d7525c3f","updated":"2025-09-30 17:06:17.000000000","message":"Done","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"1524cd8a813d70347f0335ed945f36e46bf9b664","unresolved":true,"context_lines":[{"line_number":208,"context_line":"      \u003cdomain type\u003d\u0027kvm\u0027\u003e"},{"line_number":209,"context_line":"        ..."},{"line_number":210,"context_line":"        \u003claunchSecurity type\u003d\u0027cca\u0027\u003e"},{"line_number":211,"context_line":"          \u003cmeasurement-algo\u003esha256\u003c/measurement-algo\u003e"},{"line_number":212,"context_line":"        \u003c/launchSecurity\u003e"},{"line_number":213,"context_line":"        ..."},{"line_number":214,"context_line":"      \u003c/domain\u003e"}],"source_content_type":"text/x-rst","patch_set":1,"id":"2dba7c45_53718985","line":211,"range":{"start_line":211,"start_character":28,"end_line":211,"end_character":34},"updated":"2025-09-16 16:45:39.000000000","message":"How do you determine the algorithm here ? Should this be defined by users or deployers ?","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"93c65b3fb49056b200b4a0bbfdda2f8dafb0ed7f","unresolved":true,"context_lines":[{"line_number":208,"context_line":"      \u003cdomain type\u003d\u0027kvm\u0027\u003e"},{"line_number":209,"context_line":"        ..."},{"line_number":210,"context_line":"        \u003claunchSecurity type\u003d\u0027cca\u0027\u003e"},{"line_number":211,"context_line":"          \u003cmeasurement-algo\u003esha256\u003c/measurement-algo\u003e"},{"line_number":212,"context_line":"        \u003c/launchSecurity\u003e"},{"line_number":213,"context_line":"        ..."},{"line_number":214,"context_line":"      \u003c/domain\u003e"}],"source_content_type":"text/x-rst","patch_set":1,"id":"6e3d233f_455a7069","line":211,"range":{"start_line":211,"start_character":28,"end_line":211,"end_character":34},"in_reply_to":"2dba7c45_53718985","updated":"2025-09-30 11:16:19.000000000","message":"Libvirt/QEMU/Kernel are designed to allow users to specify measurement-algo, but we are discussing internally whether there is the need to expose this option to end users at the application(OpenStack) level.","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"1524cd8a813d70347f0335ed945f36e46bf9b664","unresolved":true,"context_lines":[{"line_number":221,"context_line":"\u003chttps://developer.arm.com/documentation/den0125/0300/Device-Assignment--DA--and-Memory-Encryption-Contexts--MEC-\u003e`_"},{"line_number":222,"context_line":"We intend to leverage existing specifications of SEV feature"},{"line_number":223,"context_line":"for this functionality. reusing code developed for SEV and"},{"line_number":224,"context_line":"SEV-ES features. However, a guideline for the upper limit"},{"line_number":225,"context_line":"of CCA guests per node remains future work."},{"line_number":226,"context_line":""},{"line_number":227,"context_line":"  .. note::"},{"line_number":228,"context_line":"     Because the machine type is fixed to aarch64,"}],"source_content_type":"text/x-rst","patch_set":1,"id":"89f22ebb_e4c3c707","line":225,"range":{"start_line":224,"start_character":17,"end_line":225,"end_character":43},"updated":"2025-09-16 16:45:39.000000000","message":"So what\u0027s the plan until the interface to obtain the limit ? Do you want to use `[libvirt] num_memory_encrypted_guests` which we deprecated or do you wait until the interface is implemented ? Or use DB_INT_MAX assuming no limit may be needed ?","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"0fdc1aa7af145dfe033f044366421926e68e8f62","unresolved":true,"context_lines":[{"line_number":221,"context_line":"\u003chttps://developer.arm.com/documentation/den0125/0300/Device-Assignment--DA--and-Memory-Encryption-Contexts--MEC-\u003e`_"},{"line_number":222,"context_line":"We intend to leverage existing specifications of SEV feature"},{"line_number":223,"context_line":"for this functionality. reusing code developed for SEV and"},{"line_number":224,"context_line":"SEV-ES features. However, a guideline for the upper limit"},{"line_number":225,"context_line":"of CCA guests per node remains future work."},{"line_number":226,"context_line":""},{"line_number":227,"context_line":"  .. note::"},{"line_number":228,"context_line":"     Because the machine type is fixed to aarch64,"}],"source_content_type":"text/x-rst","patch_set":1,"id":"e94fdc3f_6492f935","line":225,"range":{"start_line":224,"start_character":17,"end_line":225,"end_character":43},"in_reply_to":"56312d06_ac126a13","updated":"2025-09-30 17:06:17.000000000","message":"I wonder, if we do not at all expect any limit may be introduced in CCA, we can omit that resource class part because that\u0027s just useless and use only traits associated with the compute RP ? That would eventually make the whole code cleaner.","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"a2372148630e68d3b81d0df04b456ad3bd1fd736","unresolved":true,"context_lines":[{"line_number":221,"context_line":"\u003chttps://developer.arm.com/documentation/den0125/0300/Device-Assignment--DA--and-Memory-Encryption-Contexts--MEC-\u003e`_"},{"line_number":222,"context_line":"We intend to leverage existing specifications of SEV feature"},{"line_number":223,"context_line":"for this functionality. reusing code developed for SEV and"},{"line_number":224,"context_line":"SEV-ES features. However, a guideline for the upper limit"},{"line_number":225,"context_line":"of CCA guests per node remains future work."},{"line_number":226,"context_line":""},{"line_number":227,"context_line":"  .. note::"},{"line_number":228,"context_line":"     Because the machine type is fixed to aarch64,"}],"source_content_type":"text/x-rst","patch_set":1,"id":"56312d06_ac126a13","line":225,"range":{"start_line":224,"start_character":17,"end_line":225,"end_character":43},"in_reply_to":"89f22ebb_e4c3c707","updated":"2025-09-24 12:25:09.000000000","message":"I\u0027ve fixed from L209 to 219. Initially, this spec targets Arm CCA (RMM) 1.0. In Arm CCA 1.0, there\u0027s no need to set a maximum limit per host, so we will use `nova.db.constants.MAX_INT`.","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"1524cd8a813d70347f0335ed945f36e46bf9b664","unresolved":true,"context_lines":[{"line_number":233,"context_line":"     because they are not included in"},{"line_number":234,"context_line":"     `the QEMU VM launch options for Arm CCA \u003chttps://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/Building+an+RME+stack+for+QEMU#Launching-a-Realm-guest-using-QEMU\u003e`_:"},{"line_number":235,"context_line":"     - memory backing"},{"line_number":236,"context_line":"     - driver iommu\u003don"},{"line_number":237,"context_line":""},{"line_number":238,"context_line":"Limitations"},{"line_number":239,"context_line":"-----------"},{"line_number":240,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"44905b1c_ffc486c6","line":237,"range":{"start_line":236,"start_character":7,"end_line":237,"end_character":1},"updated":"2025-09-16 16:45:39.000000000","message":"This can be now removed from domain xml because qemu automatically enables it. We can merge https://review.opendev.org/c/openstack/nova/+/909635 then we don\u0027t have to need the switch to add/not add iommu\u003don.","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"},{"author":{"_account_id":35307,"name":"Taketani Ryo","email":"taketani.ryo@fujitsu.com","username":"r-taketn0517"},"change_message_id":"a2372148630e68d3b81d0df04b456ad3bd1fd736","unresolved":true,"context_lines":[{"line_number":233,"context_line":"     because they are not included in"},{"line_number":234,"context_line":"     `the QEMU VM launch options for Arm CCA \u003chttps://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/Building+an+RME+stack+for+QEMU#Launching-a-Realm-guest-using-QEMU\u003e`_:"},{"line_number":235,"context_line":"     - memory backing"},{"line_number":236,"context_line":"     - driver iommu\u003don"},{"line_number":237,"context_line":""},{"line_number":238,"context_line":"Limitations"},{"line_number":239,"context_line":"-----------"},{"line_number":240,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"b9b8f4b7_305859f1","line":237,"range":{"start_line":236,"start_character":7,"end_line":237,"end_character":1},"in_reply_to":"44905b1c_ffc486c6","updated":"2025-09-24 12:25:09.000000000","message":"I fixed","commit_id":"c697baee708f433cec6857cad8906434d26f14ad"}]}