Re: [PATCH] x86/CPU/AMD, mm: Extend with mem_encrypt=sme option

From: Paolo Bonzini
Date: Tue Oct 03 2017 - 06:50:25 EST

On 02/10/2017 17:07, Brijesh Singh wrote:
> Yep, that will work just fine. There are couple of ways we can limit
> hypervisor from creating the SEV guest 1) clear the X86_FEATURE_SEV bit
> when mem_encrypt=sme is passed or 2) parse the mem_encrypt=xxx in
> kvm-amd.ko
> and fail the KVM_SEV_INIT when mem_encrpt=sme or mem_encrypt=off.

Stupid question ahead: if it's just about guests, why bother with
mem_encrypt=xxx at all? kvm_amd should have a sev parameter anyway, you
can just do kvm_amd.sev=0 to disable it.