Hello again,
Alternatively, can someone point me to a better place for this question?
Regards
Alex
Am 22.09.22 um 10:15 schrieb Alexander Lindner:
Hello everyone,
I'm trying to attest my SEV VM, but it fails. I started the VM with
this snippet:
<launchSecurity type="sev">
<cbitpos>47</cbitpos>
<reducedPhysBits>1</reducedPhysBits>
<policy>0x0003</policy>
</launchSecurity>
When I try to utilize qmp, it fails with a generic message:
echo '{ "execute": "qmp_capabilities"
}\n{"execute":"query-sev-attestation-report","arguments":{"mnonce":"ZBaOEOsVmenc5q34VJb9jw=="}}'
| socat - tcp:192.168.123.1:4444 | tail -1 | jq
{
"error": {
"class": "GenericError",
"desc": "SEV: Failed to query the attestation report length
ret=-22 fw_err=0 ()"
}
}
No syslog or similar logs are written. Can someone give me a hint what
went wrong?
Some other information:
echo '{ "execute": "qmp_capabilities" }\n{ "execute": "query-sev"
}' | socat - tcp:192.168.123.1:4444 | tail -1 | jq
{
"return": {
"enabled": true,
"api-minor": 22,
"handle": 1,
"state": "running",
"api-major": 0,
"build-id": 11,
"policy": 3
}
}
Inside the host:
dmesg | grep SEV
[ 0.160174] AMD Secure Encrypted Virtualization (SEV) active
Regards
Alex
