-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
rhel-9.5
-
No
-
Important
-
sst_virtualization
-
ssg_virtualization
-
None
-
QE ack
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
None
-
None
-
-
x86_64
-
Windows
-
None
What were you trying to do that didn't work?
QE attempted to enable Virtualization-Based Security (VBS) on a virtual machine running on an "AMD EPYC 7301" using QEMU-KVM, but it failed to open VBS.
Please provide the package NVR for which bug is seen:
- CPU=AMD EPYC 7301 16-Core Processor and CPU=AMD EPYC 7413 24-Core Processor
- kernel-5.14.0-478.el9.x86_64
- seabios-bin-1.16.3-2.el9.noarch
- edk2-ovmf-20240524-1.el9.noarch
- swtpm-0.8.0-1.el9.x86_64
- qemu-kvm-core-9.0.0-7.el9.x86_64
How reproducible:
100%
Steps to reproduce
1. Launch a VM on a host with an "AMD EPYC 7301" CPU using the provided QEMU command line.
2. Inside the VM, open the "Device security" application, select "Core isolation," go to "Core isolation details," and turn "Memory integrity" to "On."
3. Restart the VM.
Expected results
VBS opened
Actual results
VBS closed
Additional notes:
These steps work on "Intel(R) Xeon(R) Silver 4316" CPUs but do not work on "AMD EPYC 7301" CPUs. In addition, VBS is enabled without intel-iommu on the Intel CPU.
- duplicates
-
RHEL-46216 Server 2025 to function with VBS enabled and IOMMU (DeviceGuard)
- New
- is related to
-
RHEL-46216 Server 2025 to function with VBS enabled and IOMMU (DeviceGuard)
- New
- relates to
-
RHEL-26340 [RFE] Windows VBS can not be enabled properly on Win11
- New