Hi, thanks for picking this up - am really happy about that, since it will help us to make sure to move this into the proper direction. On 10 Jan 2024, at 14:06, smooney@redhat.com wrote:
The colleagues from OSISM (who work on the forward porting of the SGX patchset) are looking specifically at the SGX patchset. However that story is part of a larger epic[1] - that has a larger scope. As part of that we will also look at the current (existing[2]) support of SEV. have you considerd actuly working with the upstream community to supprot this
yes and to my knowledge the plan is to first update the out of tree patchset so that these work with current openstack and then to properly upstream them. The idea is not to maintain an out-of-tree patchset but instead making sure to get this into upstream.
intel has not reached out to the nova comumity to extned the SEV supprot. and the current supprot was intentially design so that it could be extend to intels multi key encypted memory features in the future. https://github.com/openstack/nova-specs/blob/c6b6eab6304203f6fca32dd3ce074b0... https://github.com/openstack/nova-specs/blob/c6b6eab6304203f6fca32dd3ce074b0...
thanks for the pointers!
if there is interest in enabling SGX i would suggest bringing it up at the next virtual PTG and propsoing it for next cycle. the spec freeze deadline for caracal is tomrrow so we wont have time to review it this cycle.
very good point, I’ll make sure we do this.
i have only skimed the nova patch but one thing that did jump out at me that would have to change is
https://github.com/intel/secured-cloud-management-stack/blob/main/nova-intel... we do not allwo raw qemu commands in nova upstream and in general they are not stabel across qemu release
ok. I’ll point the colleagues towards that. felix -- Felix Kronlage-Dammers Product Owner IaaS & Operations Sovereign Cloud Stack Sovereign Cloud Stack — standardized, built and operated by many Ein Projekt der Open Source Business Alliance - Bundesverband für digitale Souveränität e.V. Tel.: +49-30-206539-205 | Matrix: @fkronlage:matrix.org | fkr@osb-alliance.com