Takashi Kajinami
4f5a3f3c00
This is the last piece to allow users to request AMD SEV-ES for memory encryption instead of AMD SEV. The CPU feature for memory encryption can now be requested via the hw:mem_encryption_model flavor extra spec or via the hw_mem_encryption_model image property. Implements: blueprint amd-sev-es-libvirt-support Change-Id: Ifc9b86ad7db887cc22b2cd252fe8adc81fdc29c6 Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
13 lines
579 B
YAML
13 lines
579 B
YAML
---
|
|
features:
|
|
- |
|
|
The libvirt driver can now support requests for guest RAM to be encrypted
|
|
using the AMD SEV-ES(Secure Encrypted Virtualization-Encrypted State),
|
|
instead of AMD SEV.
|
|
|
|
Usage of AMD SEV-ES for memory encryption can be required either via
|
|
a flavor which has the ``hw:mem_encryption_model`` extra spec set to
|
|
``amd-sev-es``, or via an image which has the ``hw_mem_encryption_model``
|
|
property set to ``amd-sev-es``. In case the extra spec and the property are
|
|
unset or set to ``amd-sev``, then AMD SEV is used for memory encryption.
|