28 May
2020
28 May
'20
4:48 p.m.
Hi Lucia,
the cluster is set to use the secure variant of the CPU type but your host does not support all the necessary flags.
For my deployments the system is auto-detecting and using the 'Secure AMD EPYC' CPU type. Note that the HostedEngineLocal VM does run with 'amd-ssbd' and works fine (amd-ssbd is supposed to be faster/preferred over virt-ssbd according to another thread I found with a comment from Tom Landsky at AMD). So the CPUs can definitely run in a a secure configuration, they just need the 'amd-ssbd' flag instead of 'virt-ssbd'. I don't know why the local HE VM runs with the correct flag, but then the final one does not... If I can figure that out I'll be much further along towards a resolution. Thanks! Mark