OpenStack Compute (nova)

libvirt driver launching SEV-ES-encrypted instances

Registered by Takashi Kajinami on 2024-02-07

This work follows what was already done in https://blueprints.launchpad.net/nova/+spec/amd-sev-libvirt-support, to support SEV-enctypted instances.

AMD released new CPUs which supports new versions of SEV feature. One of them is SEV-ES which is already supported by underlying components such as kernel/qemu/libvirt/ovmf.
This work aim to extend the existing feature to allow users to select using AMD SEV-ES instead of AMD SEV as encryption mechanism to protect their instances from its hypervisor more strictly.

Blueprint information

Status:: Started

Approver:: Balazs Gibizer

Priority:: Undefined

Drafter:: Takashi Kajinami

Direction:: Approved

Assignee:: Takashi Kajinami

Definition:: Approved

Series goal:: Accepted for 2024.2

Implementation:: Good progress

Milestone target:: None

Started by: Sylvain Bauza on 2024-07-19

Related branches

Related bugs

Sprints

Whiteboard

Gerrit topic: https://review.opendev.org/#/q/topic:bp/amd-sev-es-libvirt-support

Addressed by: https://review.opendev.org/c/openstack/nova-specs/+/907702
libvirt: AMD SEV-ES support

Addressed by: https://review.opendev.org/c/openstack/nova/+/921814
Migrate MEM_ENCRYPTION_CONTEXT from root provider

[20240719 bauzas] Spec approved for the Dalmatian cycle

Addressed by: https://review.opendev.org/c/openstack/nova-specs/+/924563
Follow up for "libvirt: AMD SEV-ES support"

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.