KVM image fails to resume

2024-07-16 Thread libvirt 
I upgraded f38->f40 but left the vm saved rather than shutdown (my bad but here 
we are)

Attempting to restore the vm with 'virsh restore 
/data1/VMs/libvirt/images/e4.saved'  I get:

error: Failed to restore domain from /data1/VMs/libvirt/images/e4.saved
error: operation failed: guest CPU doesn't match specification: extra features: 
vmx-ins-outs,vmx-true-ctls,vmx-store-lma,vmx-activity-hlt,vmx-vmwrite-vmexit-fields,vmx-apicv-xapic,vmx-ept,vmx-desc-exit,vmx-rdtscp-exit,vmx-vpid,vmx-wbinvd-exit,vmx-unrestricted-guest,vmx-rdrand-exit,vmx-invpcid-exit,vmx-vmfunc,vmx-shadow-vmcs,vmx-rdseed-exit,vmx-pml,vmx-ept-execonly,vmx-page-walk-4,vmx-ept-2mb,vmx-ept-1gb,vmx-invept,vmx-eptad,vmx-invept-single-context,vmx-invept-all-context,vmx-invvpid,vmx-invvpid-single-addr,vmx-invvpid-all-context,vmx-intr-exit,vmx-nmi-exit,vmx-vnmi,vmx-preemption-timer,vmx-vintr-pending,vmx-tsc-offset,vmx-hlt-exit,vmx-invlpg-exit,vmx-mwait-exit,vmx-rdpmc-exit,vmx-rdtsc-exit,vmx-cr3-load-noexit,vmx-cr3-store-noexit,vmx-cr8-load-exit,vmx-cr8-store-exit,vmx-flexpriority,vmx-vnmi-pending,vmx-movdr-exit,vmx-io-exit,vmx-io-bitmap,vmx-mtf,vmx-msr-bitmap,vmx-monitor-exit,vmx-pause-exit,vmx-secondary-ctls,vmx-exit-nosave-debugctl,vmx-exit-load-perf-global-ctrl,vmx-exit-ack-i
 
ntr,vmx-exit-save-pat,vmx-exit-load-pat,vmx-exit-save-efer,vmx-exit-load-efer,vmx-exit-save-preemption-timer,vmx-entry-noload-debugctl,vmx-entry-ia32e-mode,vmx-entry-load-perf-global-ctrl,vmx-entry-load-pat,vmx-entry-load-efer,vmx-eptp-switching

Then, trying to resume from the "virtual Machine Manager" UI gets the message:
=
Error unpausing domain: Requested
operation is not valid: domain is not
running

Error unpausing domain: Requested operation is not valid: domain is not running

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 72, in cb_wrapper
callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 108, in tmpcb
callback(*args, **kwargs)
  File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 57, 
in newfn
ret = fn(self, *args, **kwargs)
  ^
  File "/usr/share/virt-manager/virtManager/object/domain.py", line 1437, in 
resume
self._backend.resume()
  File "/usr/lib64/python3.12/site-packages/libvirt.py", line 2425, in resume
raise libvirtError('virDomainResume() failed')
libvirt.libvirtError: Requested operation is not valid: domain is not running

I searched for a solution and most say to fiddle with some settings and reboot. 
I cannot reboot, I want to resume (unpause).

How can I restore the vm without crashing it (throwing away the saved memory), 
if it even boots this way?

TIA

Re: KVM image fails to resume

2024-08-25 Thread libvirt 

Sadly, no solution was found so I decided to cold boot and move on.

I tried to boot with a number of command line options to no avail.
dis_ucode_ldr
mitigations=off
kvm-intel.nested=1

Regards,
Eyal

--
Eyal at Home (libv...@eyal.emu.id.au)

AMD SEV-SNP encryption at rest

2024-10-11 Thread me+libvirt 
Hello folks,
I’m exploring the capabilities of the AMD SEV-SNP platform for a TEE 
implementation that will handle and store secret data. 

This data should be tied to a single guest, that is no other guest that boots 
with the same kernel/initrd/cmdline - in the form of a UKI - should be able to 
decrypt it.

I have a prototype that encrypts the boot disk with a key derived from the 
VCEK, but a different guest is able to derive the same key provided it boots 
either the same UKI. 

The key has been derived with the snpguest tool developed by the virtee 
project. 

Does anybody have experience with encryption at rest with the AMD SEV SNP 
platform?

I understand that it’s possible to inject secrets into a SEV VM at creation 
time, but documentation is scarce on that front. 

Thank you

Can't connect to libvirt

2023-12-11 Thread list-libvirt-users 

Hi folks!

I'm trying to connect to a self-compiled libvirt 9.10.0 from python, but 
get the following error:


Python 3.12.0 (main, Oct  3 2023, 19:47:47) [GCC 11.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirt as lv
>>> conn = lv.openReadOnly(None)
libvirt: DBus Utils error : error from service: 
GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action 
org.libvirt.unix.monitor is not registered

Traceback (most recent call last):
 File "", line 1, in 
 File "/home/user/sw/python3/lib/python3.12/site-packages/libvirt.py", 
line 349, in openReadOnly

   raise libvirtError('virConnectOpenReadOnly() failed')
libvirt.libvirtError: error from service: 
GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action 
org.libvirt.unix.monitor is not registered


What is the issue here? Also, I've grepped the error in any source but 
found nothing!


Greetings,
Fabiano
___
Users mailing list -- users@lists.libvirt.org
To unsubscribe send an email to users-le...@lists.libvirt.org