Re: [pve-devel] [PATCH pve-manager v2 1/1] Add configuration options for AMD SEV-SNP

Tue, 18 Feb 2025 01:20:09 -0800 

Thank you for your effort to make amd sev snp support possible.

For this patch I have some comments inline below.

For the rest of the patch series, it is still working fine.
If the qemu-server and edk2-firmware patches do not change, you can add this 
there:
Tested-by: Markus Frank <m.fr...@proxmox.com>

On  2025-02-17 15:06, Philipp Giersfeld wrote:

Expand input panel with AMD SEV-SNP selection, and relevant optional
parameters similar to existing options for AMD SEV(-ES).

Further, upon selecting AMD SEV-SNP, issue a warning that EFI disks are
not included when using SEV-SNP.

Signed-off-by: Philipp Giersfeld <philipp.giersf...@canarybit.eu>
Reviewed-by: Daniel Kral <d.kral at proxmox.com>
---

  changes since v1: 
https://lists.proxmox.com/pipermail/pve-devel/2025-February/068159.html
  * Fix formatting and code layout
  * Add note in WebUI for required host kernel version
  * Disable key-sharing option for SNP

Signed-off-by: Philipp Giersfeld <philipp.giersf...@canarybit.eu>
---

The two lines above are too much. You do not need another signoff after the 
comment.


  www/manager6/qemu/Options.js |  1 +
  www/manager6/qemu/SevEdit.js | 44 ++++++++++++++++++++++++++++++++----
  2 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/www/manager6/qemu/Options.js b/www/manager6/qemu/Options.js
index cbe9e52b..49a921cd 100644
--- a/www/manager6/qemu/Options.js
+++ b/www/manager6/qemu/Options.js
@@ -346,6 +346,7 @@ Ext.define('PVE.qemu.Options', {
                    let amd_sev = PVE.Parser.parsePropertyString(value, "type");
                    if (amd_sev.type === 'std') return 'AMD SEV (' + value + 
')';
                    if (amd_sev.type === 'es') return 'AMD SEV-ES (' + value + 
')';
+                   if (amd_sev.type === 'snp') return 'AMD SEV-SNP (' + value 
+ ')';
                    return value;
                },
            },
diff --git a/www/manager6/qemu/SevEdit.js b/www/manager6/qemu/SevEdit.js
index a2080f2d..5c14b90a 100644
--- a/www/manager6/qemu/SevEdit.js
+++ b/www/manager6/qemu/SevEdit.js
@@ -9,7 +9,8 @@ Ext.define('PVE.qemu.SevInputPanel', {
            type: '__default__',
        },
        formulas: {
-           sevEnabled: get => get('type') !== '__default__',
+           sevEnabled: get => get('type') === 'std' || get('type') === 'es' || 
get('type') === 'snp',
+           snpEnabled: get => get('type') === 'snp',
        },
      },
@@ -21,10 +22,14 @@ Ext.define('PVE.qemu.SevInputPanel', { 
        if (!values.debug) {
            values["no-debug"] = 1;
        }
+       if (values.smt) {
+           values["allow-smt"] = 1;
+       }
        if (!values["key-sharing"]) {
            values["no-key-sharing"] = 1;
        }

if (!values["key-sharing"] && values.type !== 'snp') {

Otherwise, it sets no-key-sharing, which is not possible with sev-snp.


        delete values.debug;
+       delete values.smt;
        delete values["key-sharing"];
        let ret = {};
        ret['amd-sev'] = PVE.Parser.printPropertyString(values, 'type');
@@ -36,13 +41,16 @@ Ext.define('PVE.qemu.SevInputPanel', {
        if (PVE.Parser.parseBoolean(values["no-debug"])) {
            values.debug = 0;
        }
+       if (PVE.Parser.parseBoolean(values["allow-smt"])) {
+           values.smt = 1;
+       }
        if (PVE.Parser.parseBoolean(values["no-key-sharing"])) {
            values["key-sharing"] = 0;
        }
        this.callParent(arguments);
      },
- items: { 
+       items: [{
        xtype: 'proxmoxKVComboBox',
        fieldLabel: gettext('AMD SEV Type'),
        labelWidth: 150,
@@ -52,11 +60,28 @@ Ext.define('PVE.qemu.SevInputPanel', {
            ['__default__', Proxmox.Utils.defaultText + ' (' + 
Proxmox.Utils.disabledText + ')'],
            ['std', 'AMD SEV'],
            ['es', 'AMD SEV-ES (highly experimental)'],
+           ['snp', 'AMD SEV-SNP (highly experimental)'],
        ],
        bind: {
            value: '{type}',
        },
      },
+    {
+       xtype: 'displayfield',
+       userCls: 'pmx-hint',
+       value: gettext('WARNING: When using SEV-SNP no EFI disk is loaded as 
pflash.'),
+       bind: {
+           hidden: '{!snpEnabled}',
+       },
+    },
+    {
+       xtype: 'displayfield',
+       userCls: 'pmx-hint',
+       value: gettext('Note: SEV-SNP requires host kernel version 6.11 or 
higher.'),
+       bind: {
+           hidden: '{!snpEnabled}',
+       }

Yes, this is what I meant. Looks good.
Here is just a comma ',' missing after the curly brackets '}' from bind.

+    }],
advancedItems: [ 
        {
@@ -77,8 +102,19 @@ Ext.define('PVE.qemu.SevInputPanel', {
            name: 'key-sharing',
            value: 1,
            bind: {
-               hidden: '{!sevEnabled}',
-               disabled: '{!sevEnabled}',
+               hidden: '{!sevEnabled || snpEnabled}',
+               disabled: '{!sevEnabled || snpEnabled}',
+           },
+       },
+       {
+           xtype: 'proxmoxcheckbox',
+           fieldLabel: gettext('Allow SMT'),
+           labelWidth: 150,
+           name: 'smt',
+           value: 1,
+           bind: {
+               hidden: '{!snpEnabled}',
+               disabled: '{!snpEnabled}',
            },
        },
        {




_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to