1. Patchew
  2. QEMU
  3. [PATCH 0/8] target/i386: SEV: Add support for enabling VMSA SEV features
  4. View patch

[PATCH 2/8] target/i386: SEV: Ensure SEV features are only set through qemu cli or IGVM

Naveen N Rao (AMD) posted 8 patches 1 month, 3 weeks ago
Maintainers: Eric Blake <eblake@redhat.com>, Markus Armbruster <armbru@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, "Daniel P. Berrangé" <berrange@redhat.com>, Eduardo Habkost <eduardo@habkost.net>, Marcelo Tosatti <mtosatti@redhat.com>, Zhao Liu <zhao1.liu@intel.com>
There is a newer version of this series
[PATCH 2/8] target/i386: SEV: Ensure SEV features are only set through qemu cli or IGVM
Posted by Naveen N Rao (AMD) 1 month, 3 weeks ago 
In preparation for qemu being able to set SEV features through the cli,
add a check to ensure that SEV features are not also set if using IGVM
files.

Signed-off-by: Naveen N Rao (AMD) <naveen@kernel.org>
---
 target/i386/sev.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 2fb1268ed788..c4011a6f2ef7 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -1901,6 +1901,11 @@ static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
          * as SEV_STATE_UNINIT.
          */
         if (x86machine->igvm) {
+            if (sev_common->sev_features & ~SVM_SEV_FEAT_SNP_ACTIVE) {
+                error_setg(errp, "%s: SEV features can't be specified when using IGVM files",
+                           __func__);
+                return -1;
+            }
             if (IGVM_CFG_GET_CLASS(x86machine->igvm)
                     ->process(x86machine->igvm, machine->cgs, true, errp) ==
                 -1) {
-- 
2.51.0
Re: [PATCH 2/8] target/i386: SEV: Ensure SEV features are only set through qemu cli or IGVM
Posted by Tom Lendacky 1 month, 3 weeks ago 
On 9/18/25 05:27, Naveen N Rao (AMD) wrote:
> In preparation for qemu being able to set SEV features through the cli,
> add a check to ensure that SEV features are not also set if using IGVM
> files.
> 
> Signed-off-by: Naveen N Rao (AMD) <naveen@kernel.org>

One minor comment below, otherwise:

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>

> ---
>  target/i386/sev.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index 2fb1268ed788..c4011a6f2ef7 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -1901,6 +1901,11 @@ static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
>           * as SEV_STATE_UNINIT.
>           */
>          if (x86machine->igvm) {

A comment here about SVM_SEV_FEAT_SNP_ACTIVE being set by default being
the reason it needs to be factored out, would be good to have.

> +            if (sev_common->sev_features & ~SVM_SEV_FEAT_SNP_ACTIVE) {
> +                error_setg(errp, "%s: SEV features can't be specified when using IGVM files",
> +                           __func__);
> +                return -1;
> +            }
>              if (IGVM_CFG_GET_CLASS(x86machine->igvm)
>                      ->process(x86machine->igvm, machine->cgs, true, errp) ==
>                  -1) {

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.