lib/ipmi_backend_utils.pm

enable_sev_in_kernel

  enable_sev_in_kernel(dst_machine => $dst_machine, root_dir => $root_dir)

Enable SEV in the kernel, because it is disabled by default. This is done by putting the following onto the kernel command line: mem_encrypt=on kvm_amd.sev=1. To make the changes persistent, append the above to the variable holding parameters of the kernel command line in /etc/default/grub to preserve SEV settings across reboots: $ cat /etc/default/grub ... GRUB_CMDLINE_LINUX="... mem_encrypt=on kvm_amd.sev=1" ... mem_encrypt=on turns on the SME memory encryption feature on the host which protects against the physical attack on the hypervisor memory. The kvm_amd.sev parameter actually enables SEV in the kvm module. This subroutine receives only two arguments, the dst_machine is the host on which operations will be performed, the root_dir is the partition on which grub files reside. If these two arguments are not given any values, operations will be performed on localhost and '/' partition. This subroutine calls add_kernel_options to do the actual kernel options adding work.

add_kernel_options

  add_kernel_options(dst_machine => $dst_machine, root_dir => $root_dir, 
  kernel_opts => $options, grub_to_change => [1|2|3])

Adding additional kernel options onto kernel command line in grub config file and also GRUB_CMDLINE_LINUX_DEFAULT line in default grub config file. This subroutine receives only four arguments, dst_machine is the host on which operations will be performed, root_dir is the partition on which grub files reside, kernel_opts holds a text string this is composed of terminal types separated by spaces, timeout has the value of desired timeout of grub boot, and the grub_to_change indicates whether grub.cfg or default grub will be included to have these changes, including 1(Default value. Both grub.cfg and default grub will be changed), 2(Only the grub.cfg will be changed, 3(Only the default grub will be changed), and all the other values are invalid. If there are no values passed in to dst_machine and root_dir, operations will be performed on localhost and root '/' partition by default.

set_grub_terminal_and_timeout

  set_grub_terminal_and_timeou(dst_machine => $dst_machine, root_dir => $root_dir, 
  terminals => $terminals, timeout => $timeout, grub_to_change => [1|2|3])

Change grub boot terminal and timeout settings in grub configuration file and also GRUB_TERMINAL and GRUB_TIMEOUT in default grub configuration file. This subroutine receives only five arguments, dst_machine is the host on which operations will be performed, root_dir is the partition on which grub files reside, terminals holds a single text string this is composed of kernel options separated by spaces, and the grub_to_change indicates whether grub.cfg or default grub will be changed to have the kernel_opts, including 1(Default value. Both grub.cfg and default grub will be changed), 2(Only the grub.cfg will be changed, 3(Only the default grub will be changed), and all the other values are invalid. If there are no values passed in to dst_machine and root_dir, operations will be performed on localhost and root '/' partition by default. Almost all regular kernel options can be passed in directly without modification except for very extreme cases in which very special characters should be treated specially and even escaped before being used.