SEV-ES marked as SKIP for Snowy Owl (EPYC 3001) #203
Description
I'm having an EPYC Embedded 3151 CPU which is Snowy Owl generation (3001). Sevctl marks SEV-ES as SKIP.
$ sudo sevctl ok
[ PASS ] - AMD CPU
[ PASS ] - Microcode support
[ PASS ] - Secure Memory Encryption (SME)
[ PASS ] - Secure Encrypted Virtualization (SEV)
[ SKIP ] - Encrypted State (SEV-ES)
[ SKIP ] - Secure Nested Paging (SEV-SNP)
[ SKIP ] - VM Permission Levels
[ SKIP ] - Number of VMPLs
[ PASS ] - Physical address bit reduction: 5
[ PASS ] - C-bit location: 47
[ PASS ] - Number of encrypted guests supported simultaneously: 15
[ PASS ] - Minimum ASID value for SEV-enabled, SEV-ES disabled guest: 9
[ PASS ] - SEV enabled in KVM: enabled
[ SKIP ] - SEV-ES enabled in KVM
[ PASS ] - Reading /dev/sev: /dev/sev readable
[ PASS ] - Writing /dev/sev: /dev/sev writable
[ PASS ] - Page flush MSR: ENABLED
[ PASS ] - KVM supported: API version: 12
[ PASS ] - Memlock resource limit: Soft: 8388608 | Hard: 8388608
SEV-ES is enabled in KVM.
$ cat /sys/module/kvm_amd/parameters/sev_es
Y
Inside a VM launched with policy 0x0005 it is enabled:
$ dmesg | grep SEV
[ 0.308511] Memory Encryption Features active: AMD SEV SEV-ES
[ 0.308511] SEV: Status: SEV SEV-ES