[pve-devel] [PATCH pve-manager v5 4/4] Add configuration options for AMD SEV-SNP

2025-03-31 Thread Philipp Giersfeld
Expand input panel with AMD SEV-SNP selection, and relevant optional parameters similar to existing options for AMD SEV(-ES). Further, upon selecting AMD SEV-SNP, issue a warning that EFI disks are not included when using SEV-SNP. Signed-off-by: Philipp Giersfeld --- changes since v4: https

[pve-devel] [PATCH qemu-server v5 3/4] config: add AMD SEV-SNP support.

2025-03-31 Thread Philipp Giersfeld
respective feature. Signed-off-by: Philipp Giersfeld Tested-by: Markus Frank --- no changes since last version PVE/API2/Qemu.pm| 7 +++- PVE/QemuServer.pm | 52 + PVE/QemuServer/CPUConfig.pm | 66 - 3 files

[pve-devel] [PATCH qemu-server v5 2/4] Convert policy calculation

2025-03-31 Thread Philipp Giersfeld
Convert policy calculation to use shift operators and OR operation instead of binary numbers and addition. Signed-off-by: Philipp Giersfeld Reviewed-by: Fiona Ebner --- no changes since last version PVE/QemuServer/CPUConfig.pm | 10 +- 1 file changed, 5 insertions(+), 5 deletions

[pve-devel] [PATCH edk2-firmware v5 1/4] Add OVMF targets for AMD SEV-ES and SEV-SNP

2025-03-31 Thread Philipp Giersfeld
. [1] https://www.qemu.org/docs/master/system/i386/amd-memory-encryption. [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf Signed-off-by: Philipp Giersfeld Tested-by: Markus Frank --- no changes since last version debian/pve-edk2-firmware

[pve-devel] [PATCH edk2-firmware/qemu-server/manager v5 0/4] AMD SEV-SNP

2025-03-31 Thread Philipp Giersfeld
This patch series adds support for AMD SEV-SNP. Where possible it mimics the existing support for AMD SEV(-ES). Running SEV-SNP VMs requires a specific OVMF firmware image. Contrary to other setups, SEV-SNP does not support loading the firmware via pflash. Instead, the firmware image is loaded v

[pve-devel] [PATCH edk2-firmware v4 1/4] Add OVMF targets for AMD SEV-ES and SEV-SNP

2025-03-11 Thread Philipp Giersfeld
. [1] https://www.qemu.org/docs/master/system/i386/amd-memory-encryption. [2] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf Signed-off-by: Philipp Giersfeld Tested-by: Markus Frank --- changes since v3: https://lists.proxmox.com/pipermail/pve-devel

Re: [pve-devel] [PATCH qemu-server v3 4/5] config: add AMD SEV-SNP support.

2025-03-11 Thread Philipp Giersfeld
On 25/03/05 04:35PM, Fiona Ebner wrote: > Am 24.02.25 um 13:37 schrieb Philipp Giersfeld: > > This patch is for enabling AMD SEV-SNP support. > > > > Where applicable, it extends support for existing SEV(-ES) variables > > to SEV-SNP. This means that it retains

[pve-devel] [PATCH edk2-firmware/qemu-server/manager v3 0/4] AMD SEV-SNP

2025-03-11 Thread Philipp Giersfeld
This patch series adds support for AMD SEV-SNP. Where possible it mimics the existing support for AMD SEV(-ES). Running SEV-SNP VMs requires a more recent version of edk2 and OVMF firmware image. Contrary to other setups, SEV-SNP does not support loading the firmware via pflash. Instead, the fir

[pve-devel] [PATCH pve-manager v4 4/4] Add configuration options for AMD SEV-SNP

2025-03-11 Thread Philipp Giersfeld
Expand input panel with AMD SEV-SNP selection, and relevant optional parameters similar to existing options for AMD SEV(-ES). Further, upon selecting AMD SEV-SNP, issue a warning that EFI disks are not included when using SEV-SNP. Signed-off-by: Philipp Giersfeld Reviewed-by: Daniel Kral

[pve-devel] [PATCH qemu-server v4 3/4] config: add AMD SEV-SNP support.

2025-03-11 Thread Philipp Giersfeld
respective feature. Signed-off-by: Philipp Giersfeld Reviewed-by: Daniel Kral Tested-by: Markus Frank --- changes since v3: https://lists.proxmox.com/pipermail/pve-devel/2025-February/068578.html * Add and clarify logging statements and descriptions * Add additional safeguards PVE/API2/Qemu.pm

[pve-devel] [PATCH qemu-server v4 2/4] Convert policy calculation

2025-03-11 Thread Philipp Giersfeld
Convert policy calculation to use shift operators and OR operation instead of binary numbers and addition. Signed-off-by: Philipp Giersfeld Reviewed-by: Daniel Kral Reviewed-by: Fiona Ebner Tested-by: Markus Frank --- changes since v3: https://lists.proxmox.com/pipermail/pve-devel/2025

Re: [pve-devel] [PATCH edk2-firmware v3 2/5] Add OVMF targets for AMD SEV-ES and SEV-SNP

2025-03-11 Thread Philipp Giersfeld
On 25/03/05 03:18PM, Fiona Ebner wrote: > Am 24.02.25 um 13:37 schrieb Philipp Giersfeld: > > AMD SEV-SNP boots with a single volatile firmware image OVMF.fd via the > > -bios option. > > > > Currently, an SEV-enabled VM will not boot with an OVMF > >

Re: [pve-devel] [PATCH edk2-firmware/qemu-server/manager v3 0/5] AMD SEV-SNP

2025-03-05 Thread Philipp Giersfeld
On 25/02/24 01:37PM, Philipp Giersfeld wrote: > This patch series adds support for AMD SEV-SNP. > Where possible it mimics the existing support for AMD SEV(-ES). > > Running SEV-SNP VMs requires a more recent version of edk2 > and OVMF firmware image. Contrary to other setups, S

[pve-devel] [PATCH pve-manager v3 5/5] Add configuration options for AMD SEV-SNP

2025-02-24 Thread Philipp Giersfeld
Expand input panel with AMD SEV-SNP selection, and relevant optional parameters similar to existing options for AMD SEV(-ES). Further, upon selecting AMD SEV-SNP, issue a warning that EFI disks are not included when using SEV-SNP. Signed-off-by: Philipp Giersfeld Reviewed-by: Daniel Kral

[pve-devel] [PATCH qemu-server v3 4/5] config: add AMD SEV-SNP support.

2025-02-24 Thread Philipp Giersfeld
respective feature. Signed-off-by: Philipp Giersfeld Reviewed-by: Daniel Kral Tested-by: Markus Frank --- no changes since last version PVE/API2/Qemu.pm| 7 +++- PVE/QemuServer.pm | 49 +++ PVE/QemuServer/CPUConfig.pm | 66

[pve-devel] [PATCH edk2-firmware v3 2/5] Add OVMF targets for AMD SEV-ES and SEV-SNP

2025-02-24 Thread Philipp Giersfeld
, introduce a new target build-ovmf-cvm that builds OVMF firmware suitable for AMD SEV. [1] https://github.com/tianocore/edk2/pull/6285 Signed-off-by: Philipp Giersfeld Tested-by: Markus Frank --- no changes since last version debian/pve-edk2-firmware-ovmf.install | 3 +++ debian/rules

[pve-devel] [PATCH edk2-firmware v3 1/5] Update edk2 to edkstable202411

2025-02-24 Thread Philipp Giersfeld
Signed-off-by: Philipp Giersfeld Tested-by: Markus Frank --- no changes since last version debian/binary-check.remove | 4 ++-- debian/rules | 6 +++--- edk2 | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/debian/binary-check.remove

[pve-devel] [PATCH qemu-server v3 3/5] Convert policy calculation

2025-02-24 Thread Philipp Giersfeld
Convert policy calcucalation to use shift operators and OR operation instead of binary numbers and addition. Signed-off-by: Philipp Giersfeld Reviewed-by: Daniel Kral Tested-by: Markus Frank --- no changes since last version PVE/QemuServer/CPUConfig.pm | 10 +- 1 file changed, 5

[pve-devel] [PATCH edk2-firmware/qemu-server/manager v3 0/5] AMD SEV-SNP

2025-02-24 Thread Philipp Giersfeld
This patch series adds support for AMD SEV-SNP. Where possible it mimics the existing support for AMD SEV(-ES). Running SEV-SNP VMs requires a more recent version of edk2 and OVMF firmware image. Contrary to other setups, SEV-SNP does not support loading the firmware via pflash. Instead, the fi

[pve-devel] [PATCH qemu-server v2 2/2] config: add AMD SEV-SNP support.

2025-02-17 Thread Philipp Giersfeld
respective feature. Signed-off-by: Philipp Giersfeld Reviewed-by: Daniel Kral --- changes since v1: https://lists.proxmox.com/pipermail/pve-devel/2025-February/068159.html * Fix formatting and code layout * Fix bug in policy calculation Signed-off-by: Philipp Giersfeld --- PVE/API2/Qemu.pm

[pve-devel] [PATCH edk2-firmware v2 1/2] Update edk2 to edkstable202411

2025-02-17 Thread Philipp Giersfeld
Signed-off-by: Philipp Giersfeld --- no changes since last version Signed-off-by: Philipp Giersfeld --- debian/binary-check.remove | 4 ++-- debian/rules | 6 +++--- edk2 | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/debian/binary

[pve-devel] [PATCH edk2-firmware v2 2/2] Add OVMF targets for AMD SEV-ES and SEV-SNP

2025-02-17 Thread Philipp Giersfeld
, introduce a new target build-ovmf-cvm that builds OVMF firmware suitable for AMD SEV. [1] https://github.com/tianocore/edk2/pull/6285 Signed-off-by: Philipp Giersfeld --- no changes since last version Signed-off-by: Philipp Giersfeld --- debian/pve-edk2-firmware-ovmf.install | 3 +++ debian

[pve-devel] [PATCH pve-manager v2 1/1] Add configuration options for AMD SEV-SNP

2025-02-17 Thread Philipp Giersfeld
Expand input panel with AMD SEV-SNP selection, and relevant optional parameters similar to existing options for AMD SEV(-ES). Further, upon selecting AMD SEV-SNP, issue a warning that EFI disks are not included when using SEV-SNP. Signed-off-by: Philipp Giersfeld Reviewed-by: Daniel Kral

[pve-devel] [PATCH qemu-server v2 1/2] Convert policy calculation

2025-02-17 Thread Philipp Giersfeld
Convert policy calcucalation to use shift operators and OR operation instead of binary numbers and addition. Signed-off-by: Philipp Giersfeld --- PVE/QemuServer/CPUConfig.pm | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/PVE/QemuServer/CPUConfig.pm b/PVE

[pve-devel] [PATCH edk2-firmware/qemu-server/manager 0/5] AMD SEV-SNP

2025-02-17 Thread Philipp Giersfeld
This patch series adds support for AMD SEV-SNP. Where possible it mimics the existing support for AMD SEV(-ES). Running SEV-SNP VMs requires a more recent version of edk2 and OVMF firmware image. Contrary to other setups, SEV-SNP does not support loading the firmware via pflash. Instead, the fi

[pve-devel] [PATCH qemu-server 3/4] config: add AMD SEV-SNP support.

2025-02-07 Thread Philipp Giersfeld
without SEV, with SEV, SEV-ES, SEV-SNP. Each configuration was tested with and without an EFI disk attached. For SEV-enabled configurations it was also verified that the kernel actually used the respective feature. Signed-off-by: Philipp Giersfeld --- PVE/API2/Qemu.pm| 9 +++-- PVE

[pve-devel] [PATCH pve-edk2-firmware 2/4] Add OVMF targets for AMD SEV-ES and SEV-SNP

2025-02-07 Thread Philipp Giersfeld
, introduce a new target build-ovmf-cvm that builds OVMF firmware suitable for AMD SEV. [1] https://github.com/tianocore/edk2/pull/6285 Signed-off-by: Philipp Giersfeld --- debian/pve-edk2-firmware-ovmf.install | 3 +++ debian/rules | 35 +++ 2

[pve-devel] [PATCH pve-edk2-firmware 1/4] Update edk2 to edkstable202411

2025-02-07 Thread Philipp Giersfeld
Signed-off-by: Philipp Giersfeld --- debian/binary-check.remove | 4 ++-- debian/rules | 6 +++--- edk2 | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/debian/binary-check.remove b/debian/binary-check.remove index 7651301..e5f352a 100644

[pve-devel] [PATCH pve-manager 4/4] Add configuration options for AMD SEV-SNP

2025-02-07 Thread Philipp Giersfeld
Expand input panel with AMD SEV-SNP selection, and relevant optional parameters similar to existing options for AMD SEV(-ES). Further, upon selecting AMD SEV-SNP, issue a warning that EFI disks are not included when using SEV-SNP. Signed-off-by: Philipp Giersfeld --- www/manager6/qemu

[pve-devel] [PATCH edk2-firmware/qemu-server/manager 0/4] AMD SEV-SNP

2025-02-07 Thread Philipp Giersfeld
This patch series adds support for AMD SEV-SNP. Where possible it maintains the existing support for AMD SEV(-ES). Running SEV-SNP VMs requires a more recent version of edk2 and OVMF firmware image. Contrary to other setups, SEV-SNP does not support loading the firmware via pflash. Instead, the