[pve-devel] [PATCH manager v13 5/5] ui: add AMD SEV configuration to Options

Shannon Sterz s.sterz at proxmox.com
Mon Nov 18 15:38:12 CET 2024 

On Mon Nov 18, 2024 at 12:17 PM CET, Markus Frank wrote:
> By adding a new input panel with an AMD SEV technology selection combo
> box and checkboxes for the optional parameters in an advanced section,
> the user can configure the amd_sev option via the WebUI's Options tab.
>
> Signed-off-by: Markus Frank <m.frank at proxmox.com>
> ---
>  www/manager6/Makefile        |   1 +
>  www/manager6/qemu/Options.js |  11 ++++
>  www/manager6/qemu/SevEdit.js | 121 +++++++++++++++++++++++++++++++++++
>  3 files changed, 133 insertions(+)
>  create mode 100644 www/manager6/qemu/SevEdit.js
>
> diff --git a/www/manager6/Makefile b/www/manager6/Makefile
> index d623dfb9..cb6ee47f 100644
> --- a/www/manager6/Makefile
> +++ b/www/manager6/Makefile
> @@ -264,6 +264,7 @@ JSSRC= 							\
>  	qemu/SSHKey.js					\
>  	qemu/ScsiHwEdit.js				\
>  	qemu/SerialEdit.js				\
> +	qemu/SevEdit.js					\
>  	qemu/Smbios1Edit.js				\
>  	qemu/SystemEdit.js				\
>  	qemu/USBEdit.js					\
> diff --git a/www/manager6/qemu/Options.js b/www/manager6/qemu/Options.js
> index 7b112400..cbe9e52b 100644
> --- a/www/manager6/qemu/Options.js
> +++ b/www/manager6/qemu/Options.js
> @@ -338,6 +338,17 @@ Ext.define('PVE.qemu.Options', {
>  		    },
>  		} : undefined,
>  	    },
> +	    'amd-sev': {
> +		header: gettext('AMD SEV'),
> +		editor: caps.vms['VM.Config.HWType'] ? 'PVE.qemu.SevEdit' : undefined,
> +		defaultValue: Proxmox.Utils.defaultText + ' (' + Proxmox.Utils.disabledText + ')',
> +		renderer: function(value, metaData, record, ri, ci, store, pending) {
> +		    let amd_sev = PVE.Parser.parsePropertyString(value, "type");
> +		    if (amd_sev.type === 'std') return 'AMD SEV (' + value + ')';
> +		    if (amd_sev.type === 'es') return 'AMD SEV-ES (' + value + ')';
> +		    return value;
> +		},
> +	    },
>  	    hookscript: {
>  		header: gettext('Hookscript'),
>  	    },
> diff --git a/www/manager6/qemu/SevEdit.js b/www/manager6/qemu/SevEdit.js
> new file mode 100644
> index 00000000..a3c2cdac
> --- /dev/null
> +++ b/www/manager6/qemu/SevEdit.js
> @@ -0,0 +1,121 @@
> +Ext.define('PVE.qemu.SevInputPanel', {
> +    extend: 'Proxmox.panel.InputPanel',
> +    xtype: 'pveSevInputPanel',
> +    onlineHelp: 'qm_memory_encryption',
> +
> +    viewModel: {
> +	data: {
> +	    type: '__default__',
> +	},
> +	formulas: {
> +	    sevEnabled: get => get('type') !== '__default__',
> +	},
> +    },
> +
> +    onGetValues: function(values) {
> +	if (values.delete === 'type') {
> +	    values.delete = 'amd-sev';
> +	    return values;
> +	}
> +	if (!values.debug) {
> +	    values["no-debug"] = 1;
> +	}
> +	if (!values["key-sharing"]) {
> +	    values["no-key-sharing"] = 1;
> +	}
> +	delete values.debug;
> +	delete values["key-sharing"];
> +	let ret = {};
> +	ret['amd-sev'] = PVE.Parser.printPropertyString(values, 'type');
> +	return ret;
> +    },
> +
> +
> +    setValues: function(values) {
> +	if (PVE.Parser.parseBoolean(values["no-debug"])) {
> +	    values.debug = 0;
> +	}
> +	if (PVE.Parser.parseBoolean(values["no-key-sharing"])) {
> +	    values["key-sharing"] = 0;
> +	}
> +	this.callParent(arguments);
> +    },
> +
> +    items: {
> +	xtype: 'proxmoxKVComboBox',
> +	fieldLabel: gettext('AMD Secure Encrypted Virtualization (SEV)'),
> +	labelWidth: 150,
> +	name: 'type',
> +	value: '__default__',
> +	comboItems: [
> +	    ['__default__', Proxmox.Utils.defaultText + ' (' + Proxmox.Utils.disabledText + ')'],
> +	    ['std', 'AMD SEV'],
> +	    ['es', 'AMD SEV-ES (highly experimental)'],
> +	],
> +	bind: {
> +	    value: '{type}',
> +	},
> +    },
> +
> +    advancedItems: [
> +	{
> +	    xtype: 'proxmoxcheckbox',
> +	    fieldLabel: gettext('Allow Debugging'),
> +	    labelWidth: 150,
> +	    name: 'debug',
> +	    value: 1,
> +	    bind: {
> +		hidden: '{!sevEnabled}',
> +		disabled: '{!sevEnabled}',
> +	    },
> +	},
> +	{
> +	    xtype: 'proxmoxcheckbox',
> +	    fieldLabel: gettext('Allow Key-Sharing'),
> +	    labelWidth: 150,
> +	    name: 'key-sharing',
> +	    value: 1,
> +	    bind: {
> +		hidden: '{!sevEnabled}',
> +		disabled: '{!sevEnabled}',
> +	    },
> +	},
> +	{
> +	    xtype: 'proxmoxcheckbox',
> +	    fieldLabel: gettext('Enable Kernel Hashes'),
> +	    labelWidth: 150,
> +	    name: 'kernel-hashes',
> +	    deleteDefaultValue: false,
> +	    bind: {
> +		hidden: '{!sevEnabled}',
> +		disabled: '{!sevEnabled}',
> +	    },
> +	},
> +    ],
> +});
> +
> +Ext.define('PVE.qemu.SevEdit', {
> +    extend: 'Proxmox.window.Edit',
> +
> +    subject: gettext('SEV'),

tiny nit: i think this falls into the same category as TFA and if we
don't translate that, we probably shouldn't translate SEV here either. i
also couldn't find any translations of this term on the internet, but
that's probably due to this feature being much more niche than TFA

> +
> +    items: {
> +	xtype: 'pveSevInputPanel',
> +    },
> +
> +    width: 400,
> +
> +    initComponent: function() {
> +	let me = this;
> +
> +	me.callParent();
> +
> +	me.load({
> +	    success: function(response) {
> +		let conf = response.result.data;
> +		let amd_sev = conf['amd-sev'] || '__default__';
> +		me.setValues(PVE.Parser.parsePropertyString(amd_sev, 'type'));
> +	    },
> +	});
> +    },
> +});

With the two tiny nits, consider this:

Reviewed-by: Shannon Sterz <s.sterz at proxmox.com>

More information about the pve-devel mailing list