libvirt driver launching SEV-ES-encrypted instances

Registered by Takashi Kajinami

This work follows what was already done in https://blueprints.launchpad.net/nova/+spec/amd-sev-libvirt-support, to support SEV-enctypted instances.

AMD released new CPUs which supports new versions of SEV feature. One of them is SEV-ES which is already supported by underlying components such as kernel/qemu/libvirt/ovmf.
This work aim to extend the existing feature to allow users to select using AMD SEV-ES instead of AMD SEV as encryption mechanism to protect their instances from its hypervisor more strictly.

Blueprint information

Status:
Started
Approver:
Balazs Gibizer
Priority:
Undefined
Drafter:
Takashi Kajinami
Direction:
Approved
Assignee:
Takashi Kajinami
Definition:
Approved
Series goal:
Accepted for 2024.2
Implementation:
Good progress
Milestone target:
None
Started by
Sylvain Bauza

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.opendev.org/#/q/topic:bp/amd-sev-es-libvirt-support

Addressed by: https://review.opendev.org/c/openstack/nova-specs/+/907702
    libvirt: AMD SEV-ES support

Addressed by: https://review.opendev.org/c/openstack/nova/+/921814
    Migrate MEM_ENCRYPTION_CONTEXT from root provider

[20240719 bauzas] Spec approved for the Dalmatian cycle

Addressed by: https://review.opendev.org/c/openstack/nova-specs/+/924563
    Follow up for "libvirt: AMD SEV-ES support"

Addressed by: https://review.opendev.org/c/openstack/nova/+/925685
    Detect AMD SEV-ES support

Addressed by: https://review.opendev.org/c/openstack/nova/+/926106
    libvirt: Launch instances with SEV-ES memory encryption

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.