MEM_ENCRYPTION_CONTEXT trait is missing from the compute RP even if AMD SEV is enabled on the compute node

Compute nodes with amd-sev enabled are reporting that support is available but MEM_ENCRYPTION_CONTEXT is not present in the placement traits for the compute nodes.

# Domain capabilites report support
[heat-admin@computeamdsev-1 log]$ sudo podman exec -it -u root nova_virtqemud virsh domcapabilities | grep -A 12 features
  <features>
    <gic supported='no'/>
    <vmcoreinfo supported='yes'/>
    <genid supported='yes'/>
    <backingStoreInput supported='yes'/>
    <backup supported='yes'/>
    <sev supported='yes'>
      <cbitpos>47</cbitpos>
      <reducedPhysBits>1</reducedPhysBits>
      <maxGuests>509</maxGuests>
      <maxESGuests>0</maxESGuests>
    </sev>
  </features>
</domainCapabilities>

# It is active as well in /sys/module/kvm_amd
[heat-admin@computeamdsev-1 log]$ cat /sys/module/kvm_amd/parameters/sev
Y
[heat-admin@computeamdsev-1 log]$

# I do not see any errors with sev during startup
[heat-admin@computeamdsev-1 log]$ sudo dmesg | grep -i sev
[ 0.000000] Command line: BOOT_IMAGE=(lvmid/nZkWaZ-f6bk-Bfto-h9OG-k1Sc-Y6RB-1Q3yZV/t77pr1-3H2Y-ml4l-MMJh-bp3H-zk2j-6z4W6w)/boot/vmlinuz-5.14.0-70.5.1.el9_0.x86_64 root=LABEL=img-rootfs ro console=ttyS0 console=ttyS0,115200n81 no_timer_check crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M hugepagesz=1GB hugepages=32 default_hugepagesz=1GB mem_encrypt=on kvm_amd.sev=1 console=tty0 console=ttyS0,115200 no_timer_check nofb nomodeset vga=normal console=tty0 console=ttyS0,115200 audit=1 nousb
[ 0.000000] Kernel command line: BOOT_IMAGE=(lvmid/nZkWaZ-f6bk-Bfto-h9OG-k1Sc-Y6RB-1Q3yZV/t77pr1-3H2Y-ml4l-MMJh-bp3H-zk2j-6z4W6w)/boot/vmlinuz-5.14.0-70.5.1.el9_0.x86_64 root=LABEL=img-rootfs ro console=ttyS0 console=ttyS0,115200n81 no_timer_check crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M hugepagesz=1GB hugepages=32 default_hugepagesz=1GB mem_encrypt=on kvm_amd.sev=1 console=tty0 console=ttyS0,115200 no_timer_check nofb nomodeset vga=normal console=tty0 console=ttyS0,115200 audit=1 nousb
[ 0.000000] Any video related functionality will be severely degraded, and you may not even be able to suspend the system properly
[ 101.753478] ccp 0000:24:00.1: sev enabled
[ 101.769894] ccp 0000:24:00.1: SEV firmware update successful
[ 102.058746] ccp 0000:24:00.1: SEV API:0.24 build:14
[ 120.398153] systemd[1]: Hostname set to <computeamdsev-1>.
[ 149.487548] SEV supported: 509 ASIDs

# MEM_ENCRYPTION_CONTEXT is not present
(overcloud) [stack@undercloud-0 ~]$ !21
openstack --os-placement-api-version 1.17 resource provider trait list ba3bccf9-c283-4cb5-a14d-35ae7ba88533
/usr/lib/python3.9/site-packages/ansible/_vendor/__init__.py:42: UserWarning: One or more Python packages bundled by this ansible-core distribution were already loaded (pyparsing). This may result in undefined behavior.
  warnings.warn('One or more Python packages bundled by this ansible-core distribution were already '
+---------------------------------------+
| name |
+---------------------------------------+
| COMPUTE_GRAPHICS_MODEL_NONE |
| COMPUTE_ACCELERATORS |
| COMPUTE_NET_VIF_MODEL_VMXNET3 |
| COMPUTE_STORAGE_BUS_VIRTIO |
| COMPUTE_NET_VIF_MODEL_E1000E |
| COMPUTE_VOLUME_ATTACH_WITH_TAG |
| COMPUTE_NET_ATTACH_INTERFACE |
| HW_CPU_X86_BMI2 |
| COMPUTE_VOLUME_EXTEND |
| HW_CPU_X86_SSE |
| COMPUTE_NET_VIF_MODEL_RTL8139 |
| COMPUTE_GRAPHICS_MODEL_VIRTIO |
| COMPUTE_IMAGE_TYPE_RAW |
| COMPUTE_TRUSTED_CERTS |
| HW_CPU_X86_SSE42 |
| HW_CPU_X86_SSSE3 |
| HW_CPU_X86_SSE2 |
| COMPUTE_STORAGE_BUS_IDE |
| COMPUTE_SECURITY_UEFI_SECURE_BOOT |
| COMPUTE_SOCKET_PCI_NUMA_AFFINITY |
| COMPUTE_IMAGE_TYPE_AMI |
| COMPUTE_GRAPHICS_MODEL_CIRRUS |
| COMPUTE_VOLUME_MULTI_ATTACH |
| HW_CPU_X86_SSE4A |
| HW_CPU_X86_SSE41 |
| COMPUTE_IMAGE_TYPE_QCOW2 |
| COMPUTE_IMAGE_TYPE_AKI |
| HW_CPU_X86_AVX2 |
| HW_CPU_X86_FMA3 |
| HW_CPU_X86_MMX |
| HW_CPU_HYPERTHREADING |
| COMPUTE_NET_VIF_MODEL_NE2K_PCI |
| HW_CPU_X86_SVM |
| HW_CPU_X86_AVX |
| COMPUTE_IMAGE_TYPE_ISO |
| HW_CPU_X86_CLMUL |
| HW_CPU_X86_ABM |
| COMPUTE_NET_VIF_MODEL_SPAPR_VLAN |
| COMPUTE_STORAGE_BUS_SCSI |
| HW_CPU_X86_AMD_SVM |
| COMPUTE_NET_ATTACH_INTERFACE_WITH_TAG |
| COMPUTE_STORAGE_BUS_FDC |
| COMPUTE_NET_VIF_MODEL_VIRTIO |
| COMPUTE_NET_VIF_MODEL_PCNET |
| COMPUTE_STORAGE_BUS_SATA |
| HW_CPU_X86_F16C |
| COMPUTE_NET_VIF_MODEL_E1000 |
| COMPUTE_DEVICE_TAGGING |
| COMPUTE_NODE |
| COMPUTE_GRAPHICS_MODEL_VGA |
| COMPUTE_IMAGE_TYPE_ARI |
| HW_CPU_X86_SHA |
| HW_CPU_X86_AESNI |
| COMPUTE_RESCUE_BFV |
| COMPUTE_STORAGE_BUS_USB |
| HW_CPU_X86_BMI |
+---------------------------------------+

It is seen on stable/wallaby.

From the compute logs I see that:

2022-05-23 21:25:20.873 2 DEBUG nova.virt.libvirt.host [req-bc5c2030-5a68-4f5e-be8b-924f24962ef9 - - - - -] /sys/module/kvm_amd/parameters/sev contains [Y
] _kernel_supports_amd_sev /usr/lib/python3.9/site-packages/nova/virt/libvirt/host.py:1557
2022-05-23 21:25:20.873 2 INFO nova.virt.libvirt.host [req-bc5c2030-5a68-4f5e-be8b-924f24962ef9 - - - - -] kernel doesn't support AMD SEV

The nova code looks for the "1\n" [1] in the file but it contains "Y\n" instead

    def _kernel_supports_amd_sev(self) -> bool:
        if not os.path.exists(SEV_KERNEL_PARAM_FILE):
            LOG.debug("%s does not exist", SEV_KERNEL_PARAM_FILE)
            return False

        with open(SEV_KERNEL_PARAM_FILE) as f:
            contents = f.read()
            LOG.debug("%s contains [%s]", SEV_KERNEL_PARAM_FILE, contents)
            return contents == "1\n"

So it seems like a valid bug in nova.

[1] https://github.com/openstack/nova/blob/e44b1a940fdc45cc9dbb08e193a8c25052cf64e7/nova/virt/libvirt/host.py#L1696-L1704