From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id C3A991FF16E
	for <inbox@lore.proxmox.com>; Mon, 17 Feb 2025 15:07:50 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 6E71629386;
	Mon, 17 Feb 2025 15:07:47 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1739801265;
 x=1740406065; d=canarybit.eu; s=rsa2;
 h=content-transfer-encoding:mime-version:references:in-reply-to:message-id:date:
 subject:cc:to:from:from;
 bh=7+LEkatwmXLpfGi7dG0B0Jbsyp5ptEmVzMT62Nkag70=;
 b=NgwWJO/qzsEsdmbKiy02932ytH3oRKzRY7+Q/z1ZJ/xU2aS1Y41dUbzAHzWgjRTU9+qN8TiTzrIaP
 oFBqVddu8kS0QhyhSnsvCbQIZA6BIKKAbhW3+P9oahd//JjN+TgsTQOiNo2G+/8eEO5xXdgBOVuB3a
 BJOFZqiqwDRTTwB3/D3vYLQ5w+LKJUJj0Vbr/XQ/cuE+nxX0rdtmAsUDp+X9L1XTNitmCGgJSfb/OH
 mOhL5BI8SGGlQ20ge0Yybyvm3T2eGw9jCex4W/jk9ph2tcWCkPN5Pu023q73Lkj70ySNUZup4hvU7k
 KxC36roWuWqrLhElbYtQjWLZI6LwFLg==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1739801265;
 x=1740406065; d=canarybit.eu; s=ed2;
 h=content-transfer-encoding:mime-version:references:in-reply-to:message-id:date:
 subject:cc:to:from:from;
 bh=7+LEkatwmXLpfGi7dG0B0Jbsyp5ptEmVzMT62Nkag70=;
 b=g8pAXdBG2A93jti59RzfC8+cAcizBuK0Dc3PoYvLNGmZBwypMGgMg+FHOGFIzbz7CHgJxu7FYN+EL
 /F5mtj4Bw==
X-HalOne-ID: 8e550258-ed38-11ef-9e46-152d8afab6bc
From: Philipp Giersfeld <philipp.giersfeld@canarybit.eu>
To: pve-devel@lists.proxmox.com
Date: Mon, 17 Feb 2025 15:06:51 +0100
Message-Id: <20250217140705.271726-6-philipp.giersfeld@canarybit.eu>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250217140705.271726-1-philipp.giersfeld@canarybit.eu>
References: <20250217140705.271726-1-philipp.giersfeld@canarybit.eu>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.219 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
 domain
 DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from
 domain DMARC_MISSING             0.1 Missing DMARC policy
 RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/,
 no trust
 SPF_HELO_PASS          -0.001 SPF: HELO matches SPF record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
Subject: [pve-devel] [PATCH pve-manager v2 1/1] Add configuration options
 for AMD SEV-SNP
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Expand input panel with AMD SEV-SNP selection, and relevant optional
parameters similar to existing options for AMD SEV(-ES).

Further, upon selecting AMD SEV-SNP, issue a warning that EFI disks are
not included when using SEV-SNP.

Signed-off-by: Philipp Giersfeld <philipp.giersfeld@canarybit.eu>
Reviewed-by: Daniel Kral <d.kral at proxmox.com>
---

 changes since v1: https://lists.proxmox.com/pipermail/pve-devel/2025-February/068159.html
 * Fix formatting and code layout
 * Add note in WebUI for required host kernel version
 * Disable key-sharing option for SNP

Signed-off-by: Philipp Giersfeld <philipp.giersfeld@canarybit.eu>
---
 www/manager6/qemu/Options.js |  1 +
 www/manager6/qemu/SevEdit.js | 44 ++++++++++++++++++++++++++++++++----
 2 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/www/manager6/qemu/Options.js b/www/manager6/qemu/Options.js
index cbe9e52b..49a921cd 100644
--- a/www/manager6/qemu/Options.js
+++ b/www/manager6/qemu/Options.js
@@ -346,6 +346,7 @@ Ext.define('PVE.qemu.Options', {
 		    let amd_sev = PVE.Parser.parsePropertyString(value, "type");
 		    if (amd_sev.type === 'std') return 'AMD SEV (' + value + ')';
 		    if (amd_sev.type === 'es') return 'AMD SEV-ES (' + value + ')';
+		    if (amd_sev.type === 'snp') return 'AMD SEV-SNP (' + value + ')';
 		    return value;
 		},
 	    },
diff --git a/www/manager6/qemu/SevEdit.js b/www/manager6/qemu/SevEdit.js
index a2080f2d..5c14b90a 100644
--- a/www/manager6/qemu/SevEdit.js
+++ b/www/manager6/qemu/SevEdit.js
@@ -9,7 +9,8 @@ Ext.define('PVE.qemu.SevInputPanel', {
 	    type: '__default__',
 	},
 	formulas: {
-	    sevEnabled: get => get('type') !== '__default__',
+	    sevEnabled: get => get('type') === 'std' || get('type') === 'es' || get('type') === 'snp',
+	    snpEnabled: get => get('type') === 'snp',
 	},
     },
 
@@ -21,10 +22,14 @@ Ext.define('PVE.qemu.SevInputPanel', {
 	if (!values.debug) {
 	    values["no-debug"] = 1;
 	}
+	if (values.smt) {
+	    values["allow-smt"] = 1;
+	}
 	if (!values["key-sharing"]) {
 	    values["no-key-sharing"] = 1;
 	}
 	delete values.debug;
+	delete values.smt;
 	delete values["key-sharing"];
 	let ret = {};
 	ret['amd-sev'] = PVE.Parser.printPropertyString(values, 'type');
@@ -36,13 +41,16 @@ Ext.define('PVE.qemu.SevInputPanel', {
 	if (PVE.Parser.parseBoolean(values["no-debug"])) {
 	    values.debug = 0;
 	}
+	if (PVE.Parser.parseBoolean(values["allow-smt"])) {
+	    values.smt = 1;
+	}
 	if (PVE.Parser.parseBoolean(values["no-key-sharing"])) {
 	    values["key-sharing"] = 0;
 	}
 	this.callParent(arguments);
     },
 
-    items: {
+	items: [{
 	xtype: 'proxmoxKVComboBox',
 	fieldLabel: gettext('AMD SEV Type'),
 	labelWidth: 150,
@@ -52,11 +60,28 @@ Ext.define('PVE.qemu.SevInputPanel', {
 	    ['__default__', Proxmox.Utils.defaultText + ' (' + Proxmox.Utils.disabledText + ')'],
 	    ['std', 'AMD SEV'],
 	    ['es', 'AMD SEV-ES (highly experimental)'],
+	    ['snp', 'AMD SEV-SNP (highly experimental)'],
 	],
 	bind: {
 	    value: '{type}',
 	},
     },
+    {
+	xtype: 'displayfield',
+	userCls: 'pmx-hint',
+	value: gettext('WARNING: When using SEV-SNP no EFI disk is loaded as pflash.'),
+	bind: {
+	    hidden: '{!snpEnabled}',
+	},
+    },
+    {
+	xtype: 'displayfield',
+	userCls: 'pmx-hint',
+	value: gettext('Note: SEV-SNP requires host kernel version 6.11 or higher.'),
+	bind: {
+	    hidden: '{!snpEnabled}',
+	}
+    }],
 
     advancedItems: [
 	{
@@ -77,8 +102,19 @@ Ext.define('PVE.qemu.SevInputPanel', {
 	    name: 'key-sharing',
 	    value: 1,
 	    bind: {
-		hidden: '{!sevEnabled}',
-		disabled: '{!sevEnabled}',
+		hidden: '{!sevEnabled || snpEnabled}',
+		disabled: '{!sevEnabled || snpEnabled}',
+	    },
+	},
+	{
+	    xtype: 'proxmoxcheckbox',
+	    fieldLabel: gettext('Allow SMT'),
+	    labelWidth: 150,
+	    name: 'smt',
+	    value: 1,
+	    bind: {
+		hidden: '{!snpEnabled}',
+		disabled: '{!snpEnabled}',
 	    },
 	},
 	{
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel