On 03/12/2018 08:52 AM, Peter Krempa wrote:
On Mon, Mar 12, 2018 at 13:31:23 +0000, Daniel Berrange wrote:
On Thu, Mar 08, 2018 at 11:12:00AM -0600, Brijesh Singh wrote:
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.
Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
---
src/conf/domain_capabilities.h | 13 ++++++++
src/qemu/qemu_capabilities.c | 43 +++++++++++++++++++++++++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_capspriv.h | 4 +++
src/qemu/qemu_monitor.c | 9 ++++++
src/qemu/qemu_monitor.h | 3 ++
src/qemu/qemu_monitor_json.c | 73 ++++++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_monitor_json.h | 3 ++
8 files changed, 149 insertions(+)
[...]
@@ -4896,6 +4927,12 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps,
virQEMUCapsSet(qemuCaps, QEMU_CAPS_MACHINE_PSERIES_MAX_CPU_COMPAT);
}
+ /* no way to query -object sev-guest */
+ if (ARCH_IS_X86(qemuCaps->arch) &&
+ qemuCaps->version >= 2012000) {
+ virQEMUCapsSet(qemuCaps, QEMU_CAPS_SEV);
+ }
Sigh, we really need to fix introspection of -object types one day...
Quick grep-ing found that we are able to probe for 'memory-backend-ram'
or 'secret' objects so the 'sev' object should be possible to probe too.
thanks for suggestions I will investigate this.
You should add test data with the qemu patches applied so that we can
verify it.
the patch [1] adds support to test the sev specific tags.
[1] https://www.redhat.com/archives/libvir-list/2018-March/msg00452.html
Anyways, we should not push this until it's in upstream qemu.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
