From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pve-devel-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id EE07E1FF173 for <inbox@lore.proxmox.com>; Mon, 24 Feb 2025 13:38:32 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 1B2BA1BFA; Mon, 24 Feb 2025 13:38:22 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1740400668; x=1741005468; d=canarybit.eu; s=rsa2; h=content-transfer-encoding:mime-version:references:in-reply-to:message-id:date: subject:cc:to:from:from; bh=eWmBbeGwphylpnmG6BcpKNKv8/9BdQnY1dG4pea6IVQ=; b=MCsN9P23UuI9Q9RlBg1augU0nLZ0tlkItDxL3FGHi+cj0nlOfkyX/xRFBbfvf+kKyw7x4mnZcoRrx AahRG52tSHb9N1R5aihojb2PJw3AsjXSOhl0MEaEbwFRptkFM5aNMuZmTcZZ587iXmeE7Qx3vs1ZEj NneTeeNti7ZODg7vlKV6bJDZGoJK7ebZ3G5kSYUYAbgHd1rqvKFz6I4HXmZnAkdTd13guNC81cNq+D l+FcNwZGTzZg+QI+i3e2oZNblSXCTazBJcfYrMQFCt0CvbjRlgrzX/JLgSuFZh2XASjB47m1sRa3+F z+kMNYEir6cLN+F8XvCyiMQsa5luXPA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; t=1740400668; x=1741005468; d=canarybit.eu; s=ed2; h=content-transfer-encoding:mime-version:references:in-reply-to:message-id:date: subject:cc:to:from:from; bh=eWmBbeGwphylpnmG6BcpKNKv8/9BdQnY1dG4pea6IVQ=; b=syia0HdEkrjRolijiV9cXhK+ji7sia+dgA2siEB5A0d34sCOF35/X6blbkNUxEZgNGPp/scAxGUuI 0vcOpmxCQ== X-HalOne-ID: 26d0c9f0-f2ac-11ef-ab26-29b2d794c87d From: Philipp Giersfeld <philipp.giersfeld@canarybit.eu> To: pve-devel@lists.proxmox.com Date: Mon, 24 Feb 2025 13:37:14 +0100 Message-Id: <20250224123714.2662460-6-philipp.giersfeld@canarybit.eu> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250224123714.2662460-1-philipp.giersfeld@canarybit.eu> References: <20250224123714.2662460-1-philipp.giersfeld@canarybit.eu> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.173 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_MISSING 0.1 Missing DMARC policy RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH pve-manager v3 5/5] Add configuration options for AMD SEV-SNP X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/> List-Post: <mailto:pve-devel@lists.proxmox.com> List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com> Expand input panel with AMD SEV-SNP selection, and relevant optional parameters similar to existing options for AMD SEV(-ES). Further, upon selecting AMD SEV-SNP, issue a warning that EFI disks are not included when using SEV-SNP. Signed-off-by: Philipp Giersfeld <philipp.giersfeld@canarybit.eu> Reviewed-by: Daniel Kral <d.kral@proxmox.com> --- changes since v2: https://lists.proxmox.com/pipermail/pve-devel/2025-February/068418.html * Only set no-key-sharing if SNP is not used * Fix formatting www/manager6/qemu/Options.js | 1 + www/manager6/qemu/SevEdit.js | 46 ++++++++++++++++++++++++++++++++---- 2 files changed, 42 insertions(+), 5 deletions(-) diff --git a/www/manager6/qemu/Options.js b/www/manager6/qemu/Options.js index cbe9e52b..49a921cd 100644 --- a/www/manager6/qemu/Options.js +++ b/www/manager6/qemu/Options.js @@ -346,6 +346,7 @@ Ext.define('PVE.qemu.Options', { let amd_sev = PVE.Parser.parsePropertyString(value, "type"); if (amd_sev.type === 'std') return 'AMD SEV (' + value + ')'; if (amd_sev.type === 'es') return 'AMD SEV-ES (' + value + ')'; + if (amd_sev.type === 'snp') return 'AMD SEV-SNP (' + value + ')'; return value; }, }, diff --git a/www/manager6/qemu/SevEdit.js b/www/manager6/qemu/SevEdit.js index a2080f2d..3e0d0cbb 100644 --- a/www/manager6/qemu/SevEdit.js +++ b/www/manager6/qemu/SevEdit.js @@ -9,7 +9,8 @@ Ext.define('PVE.qemu.SevInputPanel', { type: '__default__', }, formulas: { - sevEnabled: get => get('type') !== '__default__', + sevEnabled: get => get('type') === 'std' || get('type') === 'es' || get('type') === 'snp', + snpEnabled: get => get('type') === 'snp', }, }, @@ -21,10 +22,14 @@ Ext.define('PVE.qemu.SevInputPanel', { if (!values.debug) { values["no-debug"] = 1; } - if (!values["key-sharing"]) { + if (values.smt) { + values["allow-smt"] = 1; + } + if (!values["key-sharing"] && values.type !== 'snp') { values["no-key-sharing"] = 1; } delete values.debug; + delete values.smt; delete values["key-sharing"]; let ret = {}; ret['amd-sev'] = PVE.Parser.printPropertyString(values, 'type'); @@ -36,13 +41,16 @@ Ext.define('PVE.qemu.SevInputPanel', { if (PVE.Parser.parseBoolean(values["no-debug"])) { values.debug = 0; } + if (PVE.Parser.parseBoolean(values["allow-smt"])) { + values.smt = 1; + } if (PVE.Parser.parseBoolean(values["no-key-sharing"])) { values["key-sharing"] = 0; } this.callParent(arguments); }, - items: { + items: [{ xtype: 'proxmoxKVComboBox', fieldLabel: gettext('AMD SEV Type'), labelWidth: 150, @@ -52,11 +60,28 @@ Ext.define('PVE.qemu.SevInputPanel', { ['__default__', Proxmox.Utils.defaultText + ' (' + Proxmox.Utils.disabledText + ')'], ['std', 'AMD SEV'], ['es', 'AMD SEV-ES (highly experimental)'], + ['snp', 'AMD SEV-SNP (highly experimental)'], ], bind: { value: '{type}', }, }, + { + xtype: 'displayfield', + userCls: 'pmx-hint', + value: gettext('WARNING: When using SEV-SNP no EFI disk is loaded as pflash.'), + bind: { + hidden: '{!snpEnabled}', + }, + }, + { + xtype: 'displayfield', + userCls: 'pmx-hint', + value: gettext('Note: SEV-SNP requires host kernel version 6.11 or higher.'), + bind: { + hidden: '{!snpEnabled}', + }, + }], advancedItems: [ { @@ -77,8 +102,19 @@ Ext.define('PVE.qemu.SevInputPanel', { name: 'key-sharing', value: 1, bind: { - hidden: '{!sevEnabled}', - disabled: '{!sevEnabled}', + hidden: '{!sevEnabled || snpEnabled}', + disabled: '{!sevEnabled || snpEnabled}', + }, + }, + { + xtype: 'proxmoxcheckbox', + fieldLabel: gettext('Allow SMT'), + labelWidth: 150, + name: 'smt', + value: 1, + bind: { + hidden: '{!snpEnabled}', + disabled: '{!snpEnabled}', }, }, { -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel