Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-50779

can't enable VBS on AMD EPYC 7301 and AMD EPYC 7413

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • rhel-9.5
    • qemu-kvm
    • No
    • Important
    • rhel-sst-virtualization
    • ssg_virtualization
    • None
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • x86_64
    • Windows
    • None

      What were you trying to do that didn't work?
      QE attempted to enable Virtualization-Based Security (VBS) on a virtual machine running on an "AMD EPYC 7301" using QEMU-KVM, but it failed to open VBS.

      Please provide the package NVR for which bug is seen:

      • CPU=AMD EPYC 7301 16-Core Processor and CPU=AMD EPYC 7413 24-Core Processor
      • kernel-5.14.0-478.el9.x86_64
      • seabios-bin-1.16.3-2.el9.noarch
      • edk2-ovmf-20240524-1.el9.noarch
      • swtpm-0.8.0-1.el9.x86_64
      • qemu-kvm-core-9.0.0-7.el9.x86_64

      How reproducible:
      100%

      Steps to reproduce
      1. Launch a VM on a host with an "AMD EPYC 7301" CPU using the provided QEMU command line.
      2. Inside the VM, open the "Device security" application, select "Core isolation," go to "Core isolation details," and turn "Memory integrity" to "On."
      3. Restart the VM.

      Expected results
      VBS opened

      Actual results
      VBS closed

      Additional notes:
      These steps work on "Intel(R) Xeon(R) Silver 4316" CPUs but do not work on "AMD EPYC 7301" CPUs. In addition, VBS is enabled without intel-iommu on the Intel CPU.

              rh-ee-wji Wenkang Ji
              rh-ee-wji Wenkang Ji
              virt-maint virt-maint
              Yumei Huang Yumei Huang
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated:
                Resolved: