Honor amd-sev(-es) feature flag to determine the OVMF firmware
edk2 introduced the dedicated OVMF firmware file for AMD SEV since 202102.
https:/
edk2 package in recent distributions provides firmware descriptor files for it, with the new "amd-sev" feature (and also "amd-sev-es" feature) added, to reflect availability of features required for SEV guest.
libvirt leverages this feature flag (at least from 7.2.0) as part of its auto firmware detection logic.
https:/
This blueprint aims to import that logic to make sure that the firmware being selected is compatible with the memory encryption mechaism being requested.
=== note ===
At the time of writing
* firmware definition files installed in CentOS Stream 9 (as well as 10 ) contain both amd-sev and amd-sev-es.
* firmware definition files installed in Ubuntu Noble 24.04 contain only amd-sev
A bug will be reported against Ubuntu Noble to fix the lack of amd-sev-es.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Takashi Kajinami
- Direction:
- Needs approval
- Assignee:
- Takashi Kajinami
- Definition:
- Superseded
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
- Takashi Kajinami
