Update SEV trait docs to avoid misleading people
Since the AMD SEV spec was approved for Stein, it was subsequently realised that a trait would not be sufficient for tracking SEV-capable compute hosts. A resource class is also needed to track the inventory of "slots" available on these hosts, since the number of slots limits how many guests with encrypted memory can run concurrently. Therefore the design pivoted somewhat, and now trait:HW_CPU_AMD_SEV=required will not be the correct way to request SEV functionality: https://specs.openstack.org/openstack/nova-specs/specs/train/approved/amd-sev-libvirt-support.html For reference, the previous spec is here: https://specs.openstack.org/openstack/nova-specs/specs/stein/approved/amd-sev-libvirt-support.html Another lesson learnt from the Stein cycle was that it is not safe to assume that the work targeted for one cycle will actually land in that cycle, therefore it's safer for documentation of an in-progress feature to be transparent that it's in progress and not yet usable. Change-Id: I6b652c20ba4f5ec775829a45939d708066dc3011 blueprint: amd-sev-libvirt-support
This commit is contained in:
parent
50ca62cfbd
commit
3b9116739d
|
@ -80,11 +80,7 @@ correctly by the firmware. SEV is particularly applicable to cloud
|
||||||
computing since it can reduce the amount of trust VMs need to place in
|
computing since it can reduce the amount of trust VMs need to place in
|
||||||
the hypervisor and administrator of their host system.
|
the hypervisor and administrator of their host system.
|
||||||
|
|
||||||
The ``os_traits.hw.cpu.amd.SEV`` trait can be used to indicate that a
|
The ``os_traits.hw.cpu.amd.SEV`` trait is reserved in order to
|
||||||
compute host contains support for SEV not only on-CPU, but also in all
|
indicate that a compute host contains support for SEV not only on-CPU,
|
||||||
other layers of the hypervisor stack required in order to take
|
but also in all other layers of the hypervisor stack required in order
|
||||||
advantage of this feature: the kernel, QEMU, and libvirt. This trait
|
to take advantage of this feature.
|
||||||
can be specified as required by a flavor extra spec or image property
|
|
||||||
``trait:HW_CPU_AMD_SEV=required`` in order to indicate that VMs with
|
|
||||||
that flavor or image must only be booted on SEV-capable hosts with the
|
|
||||||
SEV functionality enabled.
|
|
||||||
|
|
Loading…
Reference in New Issue