Re: [RFC 2/5] selftests: KVM: Decouple SEV ioctls from asserts

+int sev_vm_launch_update(struct kvm_vm *vm, uint32_t policy) +{

•   struct userspace_mem_region *region;
  

•   int ctr, ret;
  
  

•   hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) {
  

•           ret = encrypt_region(vm, region, 0);
  

•           if (ret)
  

•                   return ret;
  

•   }
    if (policy & SEV_POLICY_ES)
            vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL);
  

Adding the sev-es policy bit for negative testing is a bit confusing, but I guess it works. For negative testing should we be more explicit? Ditto for other usages of `policy` simply to toggle sev-es features.