File 2c3ffa37-update-amd-doc.patch of Package libvirt.22291
commit 2c3ffa37284b9fa3d1e6c369fa2bb71c6f6dd92a
Author: Boris Fiuczynski <fiuczy@linux.ibm.com>
Date: Mon Jun 15 10:28:11 2020 +0200
docs: Update AMD launch secure description
Update document with changes in qemu capability caching and the added
secure guest support checking for AMD SEV in virt-host-validate.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Index: libvirt-6.0.0/docs/kbase/launch_security_sev.rst
===================================================================
--- libvirt-6.0.0.orig/docs/kbase/launch_security_sev.rst
+++ libvirt-6.0.0/docs/kbase/launch_security_sev.rst
@@ -30,8 +30,11 @@ Enabling SEV on the host
========================
Before VMs can make use of the SEV feature you need to make sure your
-AMD CPU does support SEV. You can check whether SEV is among the CPU
-flags with:
+AMD CPU does support SEV. You can run ``libvirt-host-validate``
+(libvirt >= 6.5.0) to check if your host supports secure guests or you
+can follow the manual checks below.
+
+You can manually check whether SEV is among the CPU flags with:
::
@@ -109,7 +112,7 @@ following:
</features>
</domainCapabilities>
-Note that if libvirt was already installed and libvirtd running before
+Note that if libvirt (<6.5.0) was already installed and libvirtd running before
enabling SEV in the kernel followed by the host reboot you need to force
libvirtd to re-probe both the host and QEMU capabilities. First stop
libvirtd: