)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":35587,"name":"Hiroki Narukawa","email":"hnarukaw@lycorp.co.jp","username":"nhirokinet"},"change_message_id":"397969b25574680968f6c8dd75dff2d445895b45","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"3d380dcc_b7ac7454","updated":"2026-04-07 08:50:44.000000000","message":"Thank you for preparing SEV-SNP spec!\n\nMost of parts required in our implementation are covered by this spec.\n\nOne thing to add is that in SEV-SNP, the following change looked like required:\n\n- Current nova/virt/libvirt/driver.py has guest.os_loader_type \u003d \u0027pflash\u0027 for all environments. However, to use SEV-SNP, this should be \u0027rom\u0027.\n  - One example code available in GitHub is the following (this commit is snp-latest branch as of now)\n  - https://github.com/AMDESE/AMDSEV/blob/d42d94c8ef66484cde7d8eb22924443a7a83b139/launch-qemu.sh#L242-L247\n \n Also I added tiny comments.","commit_id":"0fe5d4338760f426b5d6584a99e8402e90e94351"},{"author":{"_account_id":35587,"name":"Hiroki Narukawa","email":"hnarukaw@lycorp.co.jp","username":"nhirokinet"},"change_message_id":"a7211af836f37c4f4e7625c1cef31d7453b3f69d","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"ef374338_8f39a6ec","in_reply_to":"223d8165_958c060f","updated":"2026-04-08 05:48:56.000000000","message":"Oh, sorry, I checked again, our base version is not the latest master, and I found the following commit is not included in our repository.\nhttps://opendev.org/openstack/nova/commit/37a9596eb155690812d7c762a1a9b7c5f2108126\n\n\nThus my comment does not apply to this spec.","commit_id":"0fe5d4338760f426b5d6584a99e8402e90e94351"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b4838798e8d8a67657997c647e457fc3b632c87c","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"223d8165_958c060f","in_reply_to":"3d380dcc_b7ac7454","updated":"2026-04-07 16:58:59.000000000","message":"\u003e Current nova/virt/libvirt/driver.py has guest.os_loader_type \u003d \u0027pflash\u0027 for all environments.\n\nIs this really true? I think we no longer hard-code pflash type since we implemented the firmware selection by libvirt and it should be filled by libvirt automatically.","commit_id":"0fe5d4338760f426b5d6584a99e8402e90e94351"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"d3a70e7f3e486e5807297a7997c04f5017550e34","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"e47dc1d3_859ff0ef","in_reply_to":"ef374338_8f39a6ec","updated":"2026-04-08 09:58:38.000000000","message":"OK. Thanks for confirmation.","commit_id":"0fe5d4338760f426b5d6584a99e8402e90e94351"},{"author":{"_account_id":35587,"name":"Hiroki Narukawa","email":"hnarukaw@lycorp.co.jp","username":"nhirokinet"},"change_message_id":"03667df29a2cc5b4defe80a06788c21b50fbe798","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"dd761755_f7d2a8aa","updated":"2026-04-09 06:57:33.000000000","message":"I understand whether memoryBacking should be added or not is currently under checking. Looks good me if how we can determine memoryBacking.","commit_id":"38d1a50f0b8d7f06bc6c4f52fccabaa2c647bfa0"},{"author":{"_account_id":35587,"name":"Hiroki Narukawa","email":"hnarukaw@lycorp.co.jp","username":"nhirokinet"},"change_message_id":"c1e4f48926ed05eb3ad06457dd6a4157b4a22b2c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"a5300171_f358c33f","updated":"2026-04-10 08:10:37.000000000","message":"I pushed a series of patches of PoC code to gerrit for reference. We use these commits to run SEV-SNP in our environment.\n\nhttps://review.opendev.org/c/openstack/nova/+/983974\nhttps://review.opendev.org/c/openstack/nova/+/983975\nhttps://review.opendev.org/c/openstack/nova/+/983976\nhttps://review.opendev.org/c/openstack/nova/+/983977\nhttps://review.opendev.org/c/openstack/nova/+/983978\nhttps://review.opendev.org/c/openstack/nova/+/983979\nhttps://review.opendev.org/c/openstack/nova/+/983980","commit_id":"2fd4e8ede8261084f1488bd4bf8fb7127612c07d"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"669e8e3625c672548b3b4b7b3c25fbf9582b85f5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":9,"id":"308adb05_85250a6b","updated":"2026-04-15 16:07:06.000000000","message":"Thank you for preparing this spec Takashi!\n\nI have a few concerns about Direct Kernel Boot and the related attestation measurement support.","commit_id":"2fd4e8ede8261084f1488bd4bf8fb7127612c07d"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"f07d846e59f9375020c939062004122d48bca7b7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":12,"id":"02b0d268_98efda46","updated":"2026-04-23 08:48:17.000000000","message":"Sorry, there is one more topic concerning the SEV-ES and SEV-SNP traits that I didn\u0027t manage to add to yesterday\u0027s PTG session. I added a comment inline.","commit_id":"cdcde8f3e6cf8f601fd09c1590d19637cb1020cf"}],"specs/2026.2/approved/amd-sev-snp-libvirt-support.rst":[{"author":{"_account_id":35587,"name":"Hiroki Narukawa","email":"hnarukaw@lycorp.co.jp","username":"nhirokinet"},"change_message_id":"397969b25574680968f6c8dd75dff2d445895b45","unresolved":true,"context_lines":[{"line_number":121,"context_line":"  is set to ``amd-sev-snp``::"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"    \u003claunchSecurity type\u003d\u0027sev-snp\u0027 authorKey\u003d\u0027no\u0027 kernelHashes\u003d\u0027no\u0027 vcek\u003d\u0027no\u0027\u003e"},{"line_number":124,"context_line":"      \u003ccbitpos\u003e47\u003c/cbitpos\u003e"},{"line_number":125,"context_line":"      \u003creducedPhysBits\u003e1\u003c/reducedPhysBits\u003e"},{"line_number":126,"context_line":"      \u003cpolicy\u003e0x00030000\u003c/policy\u003e"},{"line_number":127,"context_line":"    \u003c/launchSecurity\u003e"}],"source_content_type":"text/x-rst","patch_set":3,"id":"8762bfaa_00e0f227","line":124,"updated":"2026-04-07 08:50:44.000000000","message":"Looks like cbitpos should be 51 instead of 47 for SEV-SNP.\nhttps://www.qemu.org/docs/master/system/i386/amd-memory-encryption.html\n\nWhen I tried with 47 on our machine, the VM failed with the error like the following:\nqemu-kvm: -accel kvm: sev_common_kvm_init: cbitpos check failed, host \u002751\u0027 requested \u002747\u0027","commit_id":"0fe5d4338760f426b5d6584a99e8402e90e94351"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b4838798e8d8a67657997c647e457fc3b632c87c","unresolved":true,"context_lines":[{"line_number":121,"context_line":"  is set to ``amd-sev-snp``::"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"    \u003claunchSecurity type\u003d\u0027sev-snp\u0027 authorKey\u003d\u0027no\u0027 kernelHashes\u003d\u0027no\u0027 vcek\u003d\u0027no\u0027\u003e"},{"line_number":124,"context_line":"      \u003ccbitpos\u003e47\u003c/cbitpos\u003e"},{"line_number":125,"context_line":"      \u003creducedPhysBits\u003e1\u003c/reducedPhysBits\u003e"},{"line_number":126,"context_line":"      \u003cpolicy\u003e0x00030000\u003c/policy\u003e"},{"line_number":127,"context_line":"    \u003c/launchSecurity\u003e"}],"source_content_type":"text/x-rst","patch_set":3,"id":"ce582cc6_f6c5c731","line":124,"in_reply_to":"8762bfaa_00e0f227","updated":"2026-04-07 16:58:59.000000000","message":"My understanding is that we should not hard-code this value but the value should match the cbitpos value exposed in domain capabilities (as I mentioned in L132). Can you double-check the value you see in virsh domcapabilities (I expect it shows 51).","commit_id":"0fe5d4338760f426b5d6584a99e8402e90e94351"},{"author":{"_account_id":35587,"name":"Hiroki Narukawa","email":"hnarukaw@lycorp.co.jp","username":"nhirokinet"},"change_message_id":"a7211af836f37c4f4e7625c1cef31d7453b3f69d","unresolved":true,"context_lines":[{"line_number":121,"context_line":"  is set to ``amd-sev-snp``::"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"    \u003claunchSecurity type\u003d\u0027sev-snp\u0027 authorKey\u003d\u0027no\u0027 kernelHashes\u003d\u0027no\u0027 vcek\u003d\u0027no\u0027\u003e"},{"line_number":124,"context_line":"      \u003ccbitpos\u003e47\u003c/cbitpos\u003e"},{"line_number":125,"context_line":"      \u003creducedPhysBits\u003e1\u003c/reducedPhysBits\u003e"},{"line_number":126,"context_line":"      \u003cpolicy\u003e0x00030000\u003c/policy\u003e"},{"line_number":127,"context_line":"    \u003c/launchSecurity\u003e"}],"source_content_type":"text/x-rst","patch_set":3,"id":"c5030d5d_6ddca5d4","line":124,"in_reply_to":"899d9c3a_641e5829","updated":"2026-04-08 05:48:56.000000000","message":"Yes, virsh dumpxml outputs cbitpos as 51, but our nova code does not give this value. Looks like if xml does not have cbitpos, libvirt will add the correct value automatically. Thus, just like SEV or SEV-ES, implementation of SEV-SNP for nova also does not need to specify or know cbitpos.","commit_id":"0fe5d4338760f426b5d6584a99e8402e90e94351"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"0642677cef0e72b5689fc18cc5381d6ac229c6fb","unresolved":false,"context_lines":[{"line_number":121,"context_line":"  is set to ``amd-sev-snp``::"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"    \u003claunchSecurity type\u003d\u0027sev-snp\u0027 authorKey\u003d\u0027no\u0027 kernelHashes\u003d\u0027no\u0027 vcek\u003d\u0027no\u0027\u003e"},{"line_number":124,"context_line":"      \u003ccbitpos\u003e47\u003c/cbitpos\u003e"},{"line_number":125,"context_line":"      \u003creducedPhysBits\u003e1\u003c/reducedPhysBits\u003e"},{"line_number":126,"context_line":"      \u003cpolicy\u003e0x00030000\u003c/policy\u003e"},{"line_number":127,"context_line":"    \u003c/launchSecurity\u003e"}],"source_content_type":"text/x-rst","patch_set":3,"id":"e89f0925_6871a9f9","line":124,"in_reply_to":"c5030d5d_6ddca5d4","updated":"2026-04-08 09:57:30.000000000","message":"OK libvirt now fills it automatically https://gitlab.com/libvirt/libvirt/commit/2508d10f67ce8874500deee1592e00430dbdca63 . I\u0027ve adjusted the spec accordingly.","commit_id":"0fe5d4338760f426b5d6584a99e8402e90e94351"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"c1b76ea9eb1b4d486c47a886ff8bf5d6966eebef","unresolved":true,"context_lines":[{"line_number":121,"context_line":"  is set to ``amd-sev-snp``::"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"    \u003claunchSecurity type\u003d\u0027sev-snp\u0027 authorKey\u003d\u0027no\u0027 kernelHashes\u003d\u0027no\u0027 vcek\u003d\u0027no\u0027\u003e"},{"line_number":124,"context_line":"      \u003ccbitpos\u003e47\u003c/cbitpos\u003e"},{"line_number":125,"context_line":"      \u003creducedPhysBits\u003e1\u003c/reducedPhysBits\u003e"},{"line_number":126,"context_line":"      \u003cpolicy\u003e0x00030000\u003c/policy\u003e"},{"line_number":127,"context_line":"    \u003c/launchSecurity\u003e"}],"source_content_type":"text/x-rst","patch_set":3,"id":"899d9c3a_641e5829","line":124,"in_reply_to":"ce582cc6_f6c5c731","updated":"2026-04-07 17:08:10.000000000","message":"cbitpos may change according to the processor generation. I updated the example to reflect the value in Milan, but again the value shouldn\u0027t be hardcoded but detected automatically, IIUC.","commit_id":"0fe5d4338760f426b5d6584a99e8402e90e94351"},{"author":{"_account_id":35587,"name":"Hiroki Narukawa","email":"hnarukaw@lycorp.co.jp","username":"nhirokinet"},"change_message_id":"397969b25574680968f6c8dd75dff2d445895b45","unresolved":true,"context_lines":[{"line_number":250,"context_line":""},{"line_number":251,"context_line":"#. Add the new ``HW_CPU_AMD_SEV_SNP`` trait for os-traits"},{"line_number":252,"context_line":""},{"line_number":253,"context_line":"#. Add detection of host SEV-SNP capabilities as detailed above and reshaping"},{"line_number":254,"context_line":"   of existing MEMO_ENCRYPTION_CONTEXT resource."},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"#. Add ``mem_encryption_model`` property to ImageMeta object"}],"source_content_type":"text/x-rst","patch_set":3,"id":"d7dc5eff_9beae6bf","line":253,"updated":"2026-04-07 08:50:44.000000000","message":"When introducing, reshaping of RPs was required to use parent-child relationship, but for this work, in my understanding reshaping would not be required, do we have some data to reshape?","commit_id":"0fe5d4338760f426b5d6584a99e8402e90e94351"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"c88d5a88f5201cda5ec0df380feac15c52df5376","unresolved":false,"context_lines":[{"line_number":250,"context_line":""},{"line_number":251,"context_line":"#. Add the new ``HW_CPU_AMD_SEV_SNP`` trait for os-traits"},{"line_number":252,"context_line":""},{"line_number":253,"context_line":"#. Add detection of host SEV-SNP capabilities as detailed above and reshaping"},{"line_number":254,"context_line":"   of existing MEMO_ENCRYPTION_CONTEXT resource."},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"#. Add ``mem_encryption_model`` property to ImageMeta object"}],"source_content_type":"text/x-rst","patch_set":3,"id":"9a3a9378_38a30edf","line":253,"in_reply_to":"6e2ddf00_b08ae834","updated":"2026-04-07 17:02:11.000000000","message":"Oh I have to remove this then. Done.","commit_id":"0fe5d4338760f426b5d6584a99e8402e90e94351"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b4838798e8d8a67657997c647e457fc3b632c87c","unresolved":true,"context_lines":[{"line_number":250,"context_line":""},{"line_number":251,"context_line":"#. Add the new ``HW_CPU_AMD_SEV_SNP`` trait for os-traits"},{"line_number":252,"context_line":""},{"line_number":253,"context_line":"#. Add detection of host SEV-SNP capabilities as detailed above and reshaping"},{"line_number":254,"context_line":"   of existing MEMO_ENCRYPTION_CONTEXT resource."},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"#. Add ``mem_encryption_model`` property to ImageMeta object"}],"source_content_type":"text/x-rst","patch_set":3,"id":"6e2ddf00_b08ae834","line":253,"in_reply_to":"d7dc5eff_9beae6bf","updated":"2026-04-07 16:58:59.000000000","message":"We required reshape when we introduced SEV-ES because we had to migrate MEM_ENCRYPTION_CONTEXT. However this change does not change the RP structure so we don\u0027t need reshape again.","commit_id":"0fe5d4338760f426b5d6584a99e8402e90e94351"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"987ae7272f7e6bf1fb397ccd4f851c29866912bb","unresolved":true,"context_lines":[{"line_number":146,"context_line":"     per-instance. However due to lack of per-instance properties in nova,"},{"line_number":147,"context_line":"     these options are out of the current scope."},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"  Also configure the ``memoryBacking`` element to use the ``memfd`` backing::"},{"line_number":150,"context_line":""},{"line_number":151,"context_line":"    \u003cmemoryBacking\u003e"},{"line_number":152,"context_line":"      \u003csource type\u003d\"memfd\"/\u003e"},{"line_number":153,"context_line":"    \u003c/memoryBacking\u003e"},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"  .. note::"},{"line_number":156,"context_line":"     The locked attribue doesn\u0027t have to be set for SEV-SNP."}],"source_content_type":"text/x-rst","patch_set":5,"id":"658b8a62_20071ca8","line":153,"range":{"start_line":149,"start_character":0,"end_line":153,"end_character":20},"updated":"2026-04-07 18:08:32.000000000","message":"I have to double-check this requirement. Looking at the latest qemu I guess qemu automatically uses memfd backend when confidential computing is required.","commit_id":"567f4baf00f12a07c6f3e63deb731e7aac09d02f"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"093ae4b4d5eaf242b5e24a62f97950595caeda30","unresolved":false,"context_lines":[{"line_number":146,"context_line":"     per-instance. However due to lack of per-instance properties in nova,"},{"line_number":147,"context_line":"     these options are out of the current scope."},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"  Also configure the ``memoryBacking`` element to use the ``memfd`` backing::"},{"line_number":150,"context_line":""},{"line_number":151,"context_line":"    \u003cmemoryBacking\u003e"},{"line_number":152,"context_line":"      \u003csource type\u003d\"memfd\"/\u003e"},{"line_number":153,"context_line":"    \u003c/memoryBacking\u003e"},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"  .. note::"},{"line_number":156,"context_line":"     The locked attribue doesn\u0027t have to be set for SEV-SNP."}],"source_content_type":"text/x-rst","patch_set":5,"id":"91015a6e_ed072c95","line":153,"range":{"start_line":149,"start_character":0,"end_line":153,"end_character":20},"in_reply_to":"5f86e845_02eacf07","updated":"2026-04-09 14:05:20.000000000","message":"Further investigation revels that qemu\u003e9.1.0 uses private memfd automatically without being explicitly asked to do so.\n\nhttps://github.com/qemu/QEMU/commit/15f7a80c49cb3637f62fa37fa4a17da913bd91ff\nhttps://github.com/qemu/QEMU/commit/37662d85b0b7dded0ebdf6747bef6c3bb7ed6a0c\nhttps://github.com/qemu/QEMU/commit/dc0d28ca46c0e7ee3c055ad4da24022995bd3765\nhttps://github.com/qemu/QEMU/commit/125b95a6d465a03ff30816eff0b1889aec01f0c3","commit_id":"567f4baf00f12a07c6f3e63deb731e7aac09d02f"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"9665a200a2820bdf51de8964f1739a2948604cea","unresolved":false,"context_lines":[{"line_number":146,"context_line":"     per-instance. However due to lack of per-instance properties in nova,"},{"line_number":147,"context_line":"     these options are out of the current scope."},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"  Also configure the ``memoryBacking`` element to use the ``memfd`` backing::"},{"line_number":150,"context_line":""},{"line_number":151,"context_line":"    \u003cmemoryBacking\u003e"},{"line_number":152,"context_line":"      \u003csource type\u003d\"memfd\"/\u003e"},{"line_number":153,"context_line":"    \u003c/memoryBacking\u003e"},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"  .. note::"},{"line_number":156,"context_line":"     The locked attribue doesn\u0027t have to be set for SEV-SNP."}],"source_content_type":"text/x-rst","patch_set":5,"id":"a720d739_602d45e8","line":153,"range":{"start_line":149,"start_character":0,"end_line":153,"end_character":20},"in_reply_to":"658b8a62_20071ca8","updated":"2026-04-07 18:28:06.000000000","message":"I\u0027m concluding that this is correct according to https://ubuntu.com/server/docs/how-to/virtualisation/sev-snp/ .\n\nI tested the whole SNP implementation using the old AMD\u0027s code which introduced the separate memfd-private backend... I\u0027d be helpful if I can hear opitions about this requirement from people recently testing it.","commit_id":"567f4baf00f12a07c6f3e63deb731e7aac09d02f"},{"author":{"_account_id":35587,"name":"Hiroki Narukawa","email":"hnarukaw@lycorp.co.jp","username":"nhirokinet"},"change_message_id":"a7211af836f37c4f4e7625c1cef31d7453b3f69d","unresolved":false,"context_lines":[{"line_number":146,"context_line":"     per-instance. However due to lack of per-instance properties in nova,"},{"line_number":147,"context_line":"     these options are out of the current scope."},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"  Also configure the ``memoryBacking`` element to use the ``memfd`` backing::"},{"line_number":150,"context_line":""},{"line_number":151,"context_line":"    \u003cmemoryBacking\u003e"},{"line_number":152,"context_line":"      \u003csource type\u003d\"memfd\"/\u003e"},{"line_number":153,"context_line":"    \u003c/memoryBacking\u003e"},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"  .. note::"},{"line_number":156,"context_line":"     The locked attribue doesn\u0027t have to be set for SEV-SNP."}],"source_content_type":"text/x-rst","patch_set":5,"id":"d192fc59_da7e30b8","line":153,"range":{"start_line":149,"start_character":0,"end_line":153,"end_character":20},"in_reply_to":"a720d739_602d45e8","updated":"2026-04-08 05:48:56.000000000","message":"In our environment, SEV-SNP VM worked without this specification.","commit_id":"567f4baf00f12a07c6f3e63deb731e7aac09d02f"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"d788d97fbe90fec06e35877cb0f29d22c5b9d25c","unresolved":true,"context_lines":[{"line_number":146,"context_line":"     per-instance. However due to lack of per-instance properties in nova,"},{"line_number":147,"context_line":"     these options are out of the current scope."},{"line_number":148,"context_line":""},{"line_number":149,"context_line":"  Also configure the ``memoryBacking`` element to use the ``memfd`` backing::"},{"line_number":150,"context_line":""},{"line_number":151,"context_line":"    \u003cmemoryBacking\u003e"},{"line_number":152,"context_line":"      \u003csource type\u003d\"memfd\"/\u003e"},{"line_number":153,"context_line":"    \u003c/memoryBacking\u003e"},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"  .. note::"},{"line_number":156,"context_line":"     The locked attribue doesn\u0027t have to be set for SEV-SNP."}],"source_content_type":"text/x-rst","patch_set":5,"id":"5f86e845_02eacf07","line":153,"range":{"start_line":149,"start_character":0,"end_line":153,"end_character":20},"in_reply_to":"d192fc59_da7e30b8","updated":"2026-04-08 10:05:10.000000000","message":"OK this might not be required looking at the latest KubeVirt implementation. We can probably have this double-checked by people in Yaook, as they also implemented their own SEV-SNP support.","commit_id":"567f4baf00f12a07c6f3e63deb731e7aac09d02f"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"c9fefe6d0a1f08a5231ca40f6a55a29b5c15c864","unresolved":false,"context_lines":[{"line_number":120,"context_line":"  spec or the ``hw_mem_encryption_model`` image property is present and"},{"line_number":121,"context_line":"  is set to ``amd-sev-snp``::"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"    \u003claunchSecurity type\u003d\u0027sev-snp\u0027 kernelHashes\u003d\u0027no\u0027\u003e"},{"line_number":124,"context_line":"      \u003cpolicy\u003e0x00030000\u003c/policy\u003e"},{"line_number":125,"context_line":"    \u003c/launchSecurity\u003e"},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"  See `the libvirt guide \u003chttps://libvirt.org/formatdomain.html#launch-security\u003e`_"},{"line_number":128,"context_line":"  to find further details about the ``launchSecurity`` element."}],"source_content_type":"text/x-rst","patch_set":8,"id":"bc2b7f64_645d50c7","line":125,"range":{"start_line":123,"start_character":4,"end_line":125,"end_character":21},"updated":"2026-04-08 10:03:46.000000000","message":"Removed the optional fields to simplify the XML.","commit_id":"38d1a50f0b8d7f06bc6c4f52fccabaa2c647bfa0"},{"author":{"_account_id":35587,"name":"Hiroki Narukawa","email":"hnarukaw@lycorp.co.jp","username":"nhirokinet"},"change_message_id":"4cabad9243ca82bb7c63b55ba312c95590c1e76d","unresolved":false,"context_lines":[{"line_number":239,"context_line":"Implementation"},{"line_number":240,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":241,"context_line":""},{"line_number":242,"context_line":"Assignee(s)"},{"line_number":243,"context_line":"-----------"},{"line_number":244,"context_line":""},{"line_number":245,"context_line":"Primary assignee:"}],"source_content_type":"text/x-rst","patch_set":8,"id":"38b0c595_af625634","line":242,"updated":"2026-04-10 08:05:54.000000000","message":"I\u0027m also willing to contribute in implementation.","commit_id":"38d1a50f0b8d7f06bc6c4f52fccabaa2c647bfa0"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"669e8e3625c672548b3b4b7b3c25fbf9582b85f5","unresolved":true,"context_lines":[{"line_number":130,"context_line":"  - The ``policy`` attribute is hard-coded to the most standard value at this"},{"line_number":131,"context_line":"    moment following the existing AMD SEV/SEV-ES support."},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"  - The ``kernelHashes`` attribute is set to ``yes`` when the instance uses"},{"line_number":134,"context_line":"    Direct Kernel Boot, to allow guest owners to measure bootchain components"},{"line_number":135,"context_line":"    (OVMF, initramfs, kernel and kernel args). Usage of Direct Kernel Boot is"},{"line_number":136,"context_line":"    detected according to the ``kernel_id`` property of the image."}],"source_content_type":"text/x-rst","patch_set":9,"id":"a1725534_63955147","line":133,"updated":"2026-04-15 16:07:06.000000000","message":"From our experience with SNP, SEV kernel hashing (`kernelHashes\u003dyes`) with measurement use cases is only really useful with a unified OVMF and stateless firmware boot as stateful UEFI mode could undermine the trust anchor [1] and taint measurement.\n\nTherefore, in addition to setting `kernelHashes\u003dyes` when detecting Direct Kernel Boot, I think we should also:\n\n1. ensure `guest.os_loader_stateless` is set to `True` [1]\n2. change the `guest.os_loader_type` to `rom` instead of `pflash` [2]\n\n[1] \"If intending to attest the boot measurement, it is required to use a firmware binary that is stateless, as persistent NVRAM can undermine the trust of the secure guest. This is achieved by telling libvirt that a stateless binary is required\" - https://libvirt.org/kbase/launch_security_sev.html#boot-loader\n\n[2] https://marc.info/?l\u003dlibvir-list\u0026m\u003d164218718706402","commit_id":"2fd4e8ede8261084f1488bd4bf8fb7127612c07d"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"46a84b8319313223a7d495ac7ca19ee51e2dbe76","unresolved":false,"context_lines":[{"line_number":130,"context_line":"  - The ``policy`` attribute is hard-coded to the most standard value at this"},{"line_number":131,"context_line":"    moment following the existing AMD SEV/SEV-ES support."},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"  - The ``kernelHashes`` attribute is set to ``yes`` when the instance uses"},{"line_number":134,"context_line":"    Direct Kernel Boot, to allow guest owners to measure bootchain components"},{"line_number":135,"context_line":"    (OVMF, initramfs, kernel and kernel args). Usage of Direct Kernel Boot is"},{"line_number":136,"context_line":"    detected according to the ``kernel_id`` property of the image."}],"source_content_type":"text/x-rst","patch_set":9,"id":"5026f60d_d09ba716","line":133,"in_reply_to":"1ec74930_a2642f0c","updated":"2026-04-22 14:45:35.000000000","message":"I\u0027ve added a note in the deployer impact that users may need to create a firmware descriptor file so that libvirt selects a rom type firmware for sev-snp. I hope this addresses your concern.","commit_id":"2fd4e8ede8261084f1488bd4bf8fb7127612c07d"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"db004591a5305d7e105f096f4a61881233ff060f","unresolved":true,"context_lines":[{"line_number":130,"context_line":"  - The ``policy`` attribute is hard-coded to the most standard value at this"},{"line_number":131,"context_line":"    moment following the existing AMD SEV/SEV-ES support."},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"  - The ``kernelHashes`` attribute is set to ``yes`` when the instance uses"},{"line_number":134,"context_line":"    Direct Kernel Boot, to allow guest owners to measure bootchain components"},{"line_number":135,"context_line":"    (OVMF, initramfs, kernel and kernel args). Usage of Direct Kernel Boot is"},{"line_number":136,"context_line":"    detected according to the ``kernel_id`` property of the image."}],"source_content_type":"text/x-rst","patch_set":9,"id":"1ec74930_a2642f0c","line":133,"in_reply_to":"218e8bef_cbdc8ff1","updated":"2026-04-16 11:14:28.000000000","message":"I recorded this topic in the PTG etherpad to get wider feedback there.","commit_id":"2fd4e8ede8261084f1488bd4bf8fb7127612c07d"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"fdb1615f7fdc5e2af6e4ff43a1b115baebc1aef7","unresolved":true,"context_lines":[{"line_number":130,"context_line":"  - The ``policy`` attribute is hard-coded to the most standard value at this"},{"line_number":131,"context_line":"    moment following the existing AMD SEV/SEV-ES support."},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"  - The ``kernelHashes`` attribute is set to ``yes`` when the instance uses"},{"line_number":134,"context_line":"    Direct Kernel Boot, to allow guest owners to measure bootchain components"},{"line_number":135,"context_line":"    (OVMF, initramfs, kernel and kernel args). Usage of Direct Kernel Boot is"},{"line_number":136,"context_line":"    detected according to the ``kernel_id`` property of the image."}],"source_content_type":"text/x-rst","patch_set":9,"id":"218e8bef_cbdc8ff1","line":133,"in_reply_to":"26616217_39b2bd5d","updated":"2026-04-16 10:51:19.000000000","message":"\u003e I don\u0027t think requiring rom type is a good idea here because we don\u0027t actually care about the firmware type but we want it to be stateless.\n\nMy point behind this is that the qemu firmware descriptor files in each distro already ships firmware with \u0027device\u0027: \u0027memory\u0027 for sev-snp, so as long as the file is present libvirt should select the rom type firmware eventually without being explicitly asked. We can technically require rom type so that libvirt only select firmwares with \u0027device\u0027: \u0027memory\u0027, but I feel like that is redundant at this stage and may loose flexibility for future change in libvirt.\n\nOn the other hand hw_firmware_stateless can be specificed by users, and we should detect the invalid combination (hw_firmware_stateless\u003dFalse + sev-snp). This may be required regardless of kernelHashes .","commit_id":"2fd4e8ede8261084f1488bd4bf8fb7127612c07d"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"3701ff01e1a2c2b526b777cef0a330d83ff5eb90","unresolved":true,"context_lines":[{"line_number":130,"context_line":"  - The ``policy`` attribute is hard-coded to the most standard value at this"},{"line_number":131,"context_line":"    moment following the existing AMD SEV/SEV-ES support."},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"  - The ``kernelHashes`` attribute is set to ``yes`` when the instance uses"},{"line_number":134,"context_line":"    Direct Kernel Boot, to allow guest owners to measure bootchain components"},{"line_number":135,"context_line":"    (OVMF, initramfs, kernel and kernel args). Usage of Direct Kernel Boot is"},{"line_number":136,"context_line":"    detected according to the ``kernel_id`` property of the image."}],"source_content_type":"text/x-rst","patch_set":9,"id":"8b472e45_f62a9ded","line":133,"in_reply_to":"2675623d_9da96b2c","updated":"2026-04-16 09:56:36.000000000","message":"Kernel hashing as a mechanism might work without these technically, yes. But since this spec is about SEV-SNP specifically, we might also need to consider SNP-specific requirements. As far as I am aware, SNP is considered incompatible with pflash due to its design [3]. A behavior that has matched our own tests so far.\n\nFurthermore, setting `rom` then also seems to make `stateless` mandatory.\n\nHas anybody been successful in creating a functional SNP-enabled VM through libvirt/QEMU without `rom` loader type?\n\n[3] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/BZOKLW4ZYDNUGIZK3NQDR5H7KEGENFG3/","commit_id":"2fd4e8ede8261084f1488bd4bf8fb7127612c07d"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"f679435e19248b0cdaddddc2b3199ba9d3d2be6e","unresolved":true,"context_lines":[{"line_number":130,"context_line":"  - The ``policy`` attribute is hard-coded to the most standard value at this"},{"line_number":131,"context_line":"    moment following the existing AMD SEV/SEV-ES support."},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"  - The ``kernelHashes`` attribute is set to ``yes`` when the instance uses"},{"line_number":134,"context_line":"    Direct Kernel Boot, to allow guest owners to measure bootchain components"},{"line_number":135,"context_line":"    (OVMF, initramfs, kernel and kernel args). Usage of Direct Kernel Boot is"},{"line_number":136,"context_line":"    detected according to the ``kernel_id`` property of the image."}],"source_content_type":"text/x-rst","patch_set":9,"id":"26616217_39b2bd5d","line":133,"in_reply_to":"8b472e45_f62a9ded","updated":"2026-04-16 10:23:51.000000000","message":"When I tested the draft implementation by AMD I was able to launch guests with rom type (even with var file) with kernelHash enabled but something might be changed.\n\nMaybe we can require hw_firmware_stateless when SNP is requested ? I don\u0027t think requiring rom type is a good idea here because we don\u0027t actually care about the firmware type but we want it to be stateless.","commit_id":"2fd4e8ede8261084f1488bd4bf8fb7127612c07d"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"1e7a6cfbcc781c67c73a050652045b575eb3fc81","unresolved":true,"context_lines":[{"line_number":130,"context_line":"  - The ``policy`` attribute is hard-coded to the most standard value at this"},{"line_number":131,"context_line":"    moment following the existing AMD SEV/SEV-ES support."},{"line_number":132,"context_line":""},{"line_number":133,"context_line":"  - The ``kernelHashes`` attribute is set to ``yes`` when the instance uses"},{"line_number":134,"context_line":"    Direct Kernel Boot, to allow guest owners to measure bootchain components"},{"line_number":135,"context_line":"    (OVMF, initramfs, kernel and kernel args). Usage of Direct Kernel Boot is"},{"line_number":136,"context_line":"    detected according to the ``kernel_id`` property of the image."}],"source_content_type":"text/x-rst","patch_set":9,"id":"2675623d_9da96b2c","line":133,"in_reply_to":"a1725534_63955147","updated":"2026-04-15 17:32:19.000000000","message":"My understanding is that kernelHashes \"can\" work without these technically, and if users aim to get truly trustable measurement using kernelHash, for their attestation workflow, then they can use the image with hw_firmware_stateless property to prohibit non-unified firmware.\n\nI\u0027d not implement these mentioned logics within nova, at least at this stage, to avoid problems caused by changes in qemu/ovmf (for example in case they introduced yet another type, like they did to replace existing pflash with stateless flag by rom type in the past)","commit_id":"2fd4e8ede8261084f1488bd4bf8fb7127612c07d"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"d2f061a1336976908c78b7e6954021ada81b6930","unresolved":true,"context_lines":[{"line_number":223,"context_line":""},{"line_number":224,"context_line":"Also, the specific QEMU firmware descriptor file, which tells libvirt to use"},{"line_number":225,"context_line":"rom type firmware is required. The content should contain the following"},{"line_number":226,"context_line":"content::"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"    {"},{"line_number":229,"context_line":"      \"description\": \"UEFI firmware for x86_64, with SEV-SNP support\","}],"source_content_type":"text/x-rst","patch_set":10,"id":"946264f6_fd018dcd","line":226,"range":{"start_line":226,"start_character":0,"end_line":226,"end_character":7},"updated":"2026-04-22 15:14:00.000000000","message":"This is available in c9s and c10s\n\nhttps://gitlab.com/redhat/centos-stream/rpms/edk2/-/blob/c9s/60-edk2-ovmf-x64-amdsev.json?ref_type\u003dheads\nhttps://gitlab.com/redhat/centos-stream/rpms/edk2/-/blob/c10s/60-edk2-ovmf-x64-amdsev.json?ref_type\u003dheads\n\nbut is not in ubuntu (even in 26.04 beta-ish package)","commit_id":"301829e11b96ecfc244c5a34015125a71dc7d4d3"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"5e82c1e75e8d6848f0520ac07b48d1844adce3cc","unresolved":false,"context_lines":[{"line_number":223,"context_line":""},{"line_number":224,"context_line":"Also, the specific QEMU firmware descriptor file, which tells libvirt to use"},{"line_number":225,"context_line":"rom type firmware is required. The content should contain the following"},{"line_number":226,"context_line":"content::"},{"line_number":227,"context_line":""},{"line_number":228,"context_line":"    {"},{"line_number":229,"context_line":"      \"description\": \"UEFI firmware for x86_64, with SEV-SNP support\","}],"source_content_type":"text/x-rst","patch_set":10,"id":"2239cc84_04d488be","line":226,"range":{"start_line":226,"start_character":0,"end_line":226,"end_character":7},"in_reply_to":"946264f6_fd018dcd","updated":"2026-04-22 15:19:56.000000000","message":"Done","commit_id":"301829e11b96ecfc244c5a34015125a71dc7d4d3"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"f07d846e59f9375020c939062004122d48bca7b7","unresolved":true,"context_lines":[{"line_number":79,"context_line":"  - Check QEMU version and libvirt version to determine whether the available"},{"line_number":80,"context_line":"    QEMU binary and libvirt binary support SEV-SNP."},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"- Add the new ``HW_CPU_AMD_SEV_SNP`` trait to os-traits."},{"line_number":83,"context_line":""},{"line_number":84,"context_line":"- Make the libvirt driver `update the ProviderTree object"},{"line_number":85,"context_line":"  \u003chttps://docs.openstack.org/nova/latest/reference/update-provider-tree.html\u003e`_"}],"source_content_type":"text/x-rst","patch_set":12,"id":"5422a841_8e4f9fb8","line":82,"updated":"2026-04-23 08:48:17.000000000","message":"With recent SEV firmware versions, you cannot start SEV-ES VMs on an SEV-SNP-capable host anymore. In early firmware versions you used to be able to start either SEV, SEV-ES or SEV-SNP VMs but that behavior has changed in more recent firmware versions and limits this to SEV and SEV-SNP on SNP-capable hosts (removing the SEV-ES capability).\n\nAccording to AMD, this is by design: https://github.com/AMDESE/AMDSEV/issues/282#issuecomment-3554492101\n\nAs a result, if we detect an SNP-capable host, I think we should *replace* the `HW_CPU_AMD_SEV_ES` trait by `HW_CPU_AMD_SEV_SNP`, instead of just adding the latter.\n\nOtherwise, depending on the firmware version on the host, SEV-ES VMs might get scheduled on such host but fail to start.","commit_id":"cdcde8f3e6cf8f601fd09c1590d19637cb1020cf"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b88873317aeac84344b0af9f346584a029a86313","unresolved":true,"context_lines":[{"line_number":79,"context_line":"  - Check QEMU version and libvirt version to determine whether the available"},{"line_number":80,"context_line":"    QEMU binary and libvirt binary support SEV-SNP."},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"- Add the new ``HW_CPU_AMD_SEV_SNP`` trait to os-traits."},{"line_number":83,"context_line":""},{"line_number":84,"context_line":"- Make the libvirt driver `update the ProviderTree object"},{"line_number":85,"context_line":"  \u003chttps://docs.openstack.org/nova/latest/reference/update-provider-tree.html\u003e`_"}],"source_content_type":"text/x-rst","patch_set":12,"id":"6567c46b_26768f10","line":82,"in_reply_to":"22548fbb_13987d0b","updated":"2026-04-23 13:57:10.000000000","message":"I\u0027ve decided to change the structure of RP to detect any instance on the host using SEV-ES during RP update.","commit_id":"cdcde8f3e6cf8f601fd09c1590d19637cb1020cf"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"697a98d597f540f2c2785eb285b3122784e932c5","unresolved":true,"context_lines":[{"line_number":79,"context_line":"  - Check QEMU version and libvirt version to determine whether the available"},{"line_number":80,"context_line":"    QEMU binary and libvirt binary support SEV-SNP."},{"line_number":81,"context_line":""},{"line_number":82,"context_line":"- Add the new ``HW_CPU_AMD_SEV_SNP`` trait to os-traits."},{"line_number":83,"context_line":""},{"line_number":84,"context_line":"- Make the libvirt driver `update the ProviderTree object"},{"line_number":85,"context_line":"  \u003chttps://docs.openstack.org/nova/latest/reference/update-provider-tree.html\u003e`_"}],"source_content_type":"text/x-rst","patch_set":12,"id":"22548fbb_13987d0b","line":82,"in_reply_to":"5422a841_8e4f9fb8","updated":"2026-04-23 13:26:31.000000000","message":"OK so they changed the behavior due to https://nvd.nist.gov/vuln/detail/CVE-2025-48514 .\n\nI\u0027m not too sure if removing the trait works properly to detect any existing vms using SEV-ES here. Maybe we should not update the existing RP but create a separate one, and avoid adding the SEV-ES RP(which makes the nova-compute to purge ES RP which causes hard failure in case the node has instances with SEV-ES.","commit_id":"cdcde8f3e6cf8f601fd09c1590d19637cb1020cf"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"3e14bb408c42706d54e75c44c92f00bb5e1bb7d1","unresolved":true,"context_lines":[{"line_number":149,"context_line":"     these options are out of the current scope."},{"line_number":150,"context_line":""},{"line_number":151,"context_line":"  .. note::"},{"line_number":152,"context_line":"     The locked attribue doesn\u0027t have to be set for SEV-SNP."},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"Alternatives"},{"line_number":155,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":12,"id":"dcc0bfa8_16b0df2c","line":152,"updated":"2026-04-23 08:37:41.000000000","message":"```suggestion\n     The locked attribute doesn\u0027t have to be set for SEV-SNP.\n```\n\nnit: typo","commit_id":"cdcde8f3e6cf8f601fd09c1590d19637cb1020cf"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b88873317aeac84344b0af9f346584a029a86313","unresolved":false,"context_lines":[{"line_number":149,"context_line":"     these options are out of the current scope."},{"line_number":150,"context_line":""},{"line_number":151,"context_line":"  .. note::"},{"line_number":152,"context_line":"     The locked attribue doesn\u0027t have to be set for SEV-SNP."},{"line_number":153,"context_line":""},{"line_number":154,"context_line":"Alternatives"},{"line_number":155,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":12,"id":"20fba7c6_ed28843b","line":152,"in_reply_to":"dcc0bfa8_16b0df2c","updated":"2026-04-23 13:57:10.000000000","message":"Done","commit_id":"cdcde8f3e6cf8f601fd09c1590d19637cb1020cf"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"3e14bb408c42706d54e75c44c92f00bb5e1bb7d1","unresolved":true,"context_lines":[{"line_number":200,"context_line":"In order for users to be able to use SEV-SNP, the operator will need to"},{"line_number":201,"context_line":"perform the following steps:"},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"- Deploy SEV-SNP-capable hardware as nova compute hosts."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"  - AMD EPYC 7003 (Milan) or later"},{"line_number":206,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"9eefb77e_f94308ec","line":203,"updated":"2026-04-23 08:37:41.000000000","message":"Do we also want to add another bullet point here that a deployer has to set `cpu_mode` and `cpu_models` in the `[libvirt]` section of `nova.conf` appropriately?\n\nFrom our experience, there are two choices:\n\n1. Set `cpu_mode \u003d host-passthrough` or `cpu_mode \u003d host-model`, effectively mirroring the phyiscal CPU\u0027s specs.\n2. Set `cpu_mode \u003d custom` and set the CPU model(s) in `cpu_models` to SEV-SNP-capable models to simulate those.\n\nFor no. 2 the models are usually found in `/usr/share/libvirt/cpu_map/*.xml`, where the `model name` attribute must be looked up and used.","commit_id":"cdcde8f3e6cf8f601fd09c1590d19637cb1020cf"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"b88873317aeac84344b0af9f346584a029a86313","unresolved":true,"context_lines":[{"line_number":200,"context_line":"In order for users to be able to use SEV-SNP, the operator will need to"},{"line_number":201,"context_line":"perform the following steps:"},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"- Deploy SEV-SNP-capable hardware as nova compute hosts."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"  - AMD EPYC 7003 (Milan) or later"},{"line_number":206,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"3af6e615_15257242","line":203,"in_reply_to":"2864d123_cbedaddf","updated":"2026-04-23 13:57:10.000000000","message":"I think this is too much detail in the spec and I\u0027d rather suggest explaining it in the documentation once the feature implementation is completed.","commit_id":"cdcde8f3e6cf8f601fd09c1590d19637cb1020cf"},{"author":{"_account_id":35587,"name":"Hiroki Narukawa","email":"hnarukaw@lycorp.co.jp","username":"nhirokinet"},"change_message_id":"73ecb486bc272a50fa58ed0feb94aa0af0fbeb9f","unresolved":true,"context_lines":[{"line_number":200,"context_line":"In order for users to be able to use SEV-SNP, the operator will need to"},{"line_number":201,"context_line":"perform the following steps:"},{"line_number":202,"context_line":""},{"line_number":203,"context_line":"- Deploy SEV-SNP-capable hardware as nova compute hosts."},{"line_number":204,"context_line":""},{"line_number":205,"context_line":"  - AMD EPYC 7003 (Milan) or later"},{"line_number":206,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"2864d123_cbedaddf","line":203,"in_reply_to":"9eefb77e_f94308ec","updated":"2026-04-23 09:01:48.000000000","message":"When I tried with vCPU model set as EPYC-Rome, the VM still worked and had Attestation Report issued.\n    \u003cmodel fallback\u003d\u0027forbid\u0027\u003eEPYC-Rome\u003c/model\u003e\n\n\nHost CPU must be capable of SEV-SNP, but I think guest vCPU model can be older one without SEV-SNP feature like EPYC-Rome and thus it might not be needed to place notes to set newer model here.\n\n\nWe might have to note that if no.1 host-passthrough is selected, the measurement on the Attestation Report might be effected by precise CPU model of the hypervisor. CPUID (model number) of vCPU is folded into the measurement, and if no.2, the vCPU model is determined by the selected model, but if no.1, the CPUID of vCPU is copied from the physical CPU.\nBut it might be difficult to keep full document about how to guarantee measurement here.","commit_id":"cdcde8f3e6cf8f601fd09c1590d19637cb1020cf"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"f8371becb8ecf894208ae5abcaee7a80ad394100","unresolved":true,"context_lines":[{"line_number":211,"context_line":"  that the various layers are all SEV-SNP ready:"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"  - kernel \u003e\u003d 6.11"},{"line_number":214,"context_line":"  - QEMU \u003e\u003d 9.1.0"},{"line_number":215,"context_line":"  - libvirt \u003e\u003d 10.5.0"},{"line_number":216,"context_line":"  - ovmf \u003e\u003d edk2-stable202202"},{"line_number":217,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"d4c3a7c6_1f2ebfe3","line":214,"updated":"2026-04-23 11:46:45.000000000","message":"This is a minor detail and based on the official 9.1.0 release notes, the SNP support starts with 9.1.0 but do we have any actual positive test results with QEMU 9.1.0 and SNP?\n\nBased on our own testing, with QEMU 9.1.0 SNP VMs would fail to correctly boot because libvirt would crash with an \"invalid argument\" error, regardless of the libvirt version used. Only with 9.2.0+ this was fixed as reported during the 2026.1 PTG [1].\n\nSadly, the release notes for QEMU 9.2.0 do not mention anything related, so I cannot offer an official reference for this.\nHowever, I do recall that during the PTG session from October 2025, another community member also confirmed that they needed to use 9.2.0 due to this issue but unfortunately this statement was not recorded in the etherpad.\n\nThe only other reference is this statement by Ubuntu [2]:\n\n\u003e Ubuntu now supports AMD SEV-SNP on virtualization hosts, thanks to its kernel 6.14 and QEMU 9.2\n\nDo we want to play it safe here and demand 9.2.0?\n\n[1] https://etherpad.opendev.org/p/nova-2026.1-ptg#L641\n\n[2] https://ubuntu.com/confidential-computing","commit_id":"cdcde8f3e6cf8f601fd09c1590d19637cb1020cf"},{"author":{"_account_id":27665,"name":"Markus Hentsch","email":"markus.hentsch@cloudandheat.com","username":"mhen"},"change_message_id":"cc49aea81c8c7daeb93f2751a89be8edd9503fb0","unresolved":false,"context_lines":[{"line_number":211,"context_line":"  that the various layers are all SEV-SNP ready:"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"  - kernel \u003e\u003d 6.11"},{"line_number":214,"context_line":"  - QEMU \u003e\u003d 9.1.0"},{"line_number":215,"context_line":"  - libvirt \u003e\u003d 10.5.0"},{"line_number":216,"context_line":"  - ovmf \u003e\u003d edk2-stable202202"},{"line_number":217,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"4f9dd497_5c5dd0e6","line":214,"in_reply_to":"2cbcdd03_ecd57ae9","updated":"2026-04-23 13:12:49.000000000","message":"Thank you for checking, Hiroki.\n\nI guess it might be an Ubuntu-specific quirk then. In this case, I am fine with keeping the current version boundaries.","commit_id":"cdcde8f3e6cf8f601fd09c1590d19637cb1020cf"},{"author":{"_account_id":35587,"name":"Hiroki Narukawa","email":"hnarukaw@lycorp.co.jp","username":"nhirokinet"},"change_message_id":"c8e4773d55e526dc39c81fa01e3a30e4c5af090d","unresolved":true,"context_lines":[{"line_number":211,"context_line":"  that the various layers are all SEV-SNP ready:"},{"line_number":212,"context_line":""},{"line_number":213,"context_line":"  - kernel \u003e\u003d 6.11"},{"line_number":214,"context_line":"  - QEMU \u003e\u003d 9.1.0"},{"line_number":215,"context_line":"  - libvirt \u003e\u003d 10.5.0"},{"line_number":216,"context_line":"  - ovmf \u003e\u003d edk2-stable202202"},{"line_number":217,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"2cbcdd03_ecd57ae9","line":214,"in_reply_to":"d4c3a7c6_1f2ebfe3","updated":"2026-04-23 11:50:41.000000000","message":"In our environment, we use packages like qemu-kvm-core-9.1.0-15.el9_6.9.x86_64 and SEV-SNP works well.","commit_id":"cdcde8f3e6cf8f601fd09c1590d19637cb1020cf"},{"author":{"_account_id":16207,"name":"ribaudr","display_name":"uggla","email":"rene.ribaud@gmail.com","username":"uggla","status":"Red Hat"},"change_message_id":"548ad51ef40c4284724762b3b1b76fa662380201","unresolved":true,"context_lines":[{"line_number":8,"context_line":"libvirt driver launching instances with memory encryption by AMD SEV-SNP"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://blueprints.launchpad.net/nova/+spec/amd-sev-es-libvirt-support"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"This spec proposes work required in order to extend the existing libvirt driver"},{"line_number":14,"context_line":"feature to launch AMD SEV-encrypted instances, to support also using AMD"}],"source_content_type":"text/x-rst","patch_set":13,"id":"7b3ac155_da35848d","line":11,"range":{"start_line":11,"start_character":0,"end_line":11,"end_character":70},"updated":"2026-05-04 13:32:40.000000000","message":"The BP link is wrong, I guess it should be https://blueprints.launchpad.net/nova/+spec/amd-sev-snp-libvirt-support","commit_id":"aa7d9ededafc2779ead25c9cbd5501817b97f557"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"53062eb87bad64acd25080feadc6583787c4bd1e","unresolved":false,"context_lines":[{"line_number":8,"context_line":"libvirt driver launching instances with memory encryption by AMD SEV-SNP"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"https://blueprints.launchpad.net/nova/+spec/amd-sev-es-libvirt-support"},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"This spec proposes work required in order to extend the existing libvirt driver"},{"line_number":14,"context_line":"feature to launch AMD SEV-encrypted instances, to support also using AMD"}],"source_content_type":"text/x-rst","patch_set":13,"id":"49bd5264_9e479075","line":11,"range":{"start_line":11,"start_character":0,"end_line":11,"end_character":70},"in_reply_to":"7b3ac155_da35848d","updated":"2026-05-04 13:41:16.000000000","message":"Oh yes. This is my wrong copy-paste...","commit_id":"aa7d9ededafc2779ead25c9cbd5501817b97f557"}]}