Re: [PATCH v5 05/10] qemu: add support to launch SEV guest

Erik Skultety <eskultet@xxxxxxxxxx> · Fri, 13 Apr 2018 13:48:47 +0200

On Mon, Apr 02, 2018 at 07:04:25PM -0400, John Ferlan wrote:
>
>
> On 04/02/2018 10:18 AM, Brijesh Singh wrote:
> > QEMU >= 2.12 provides 'sev-guest' object which is used to launch encrypted
> > VMs on AMD platform using SEV feature. The various inputs required to
> > launch SEV guest is provided through the <launch-security> tag. A typical
> > SEV guest launch command line looks like this:
> >
> > # $QEMU ...\
> >   -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 ...\
> >   -machine memory-encryption=sev0 \
> >
> > Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> > ---
> >  src/qemu/qemu_command.c | 35 +++++++++++++++++++++++++++++
> >  src/qemu/qemu_process.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++
> >  2 files changed, 93 insertions(+)
> >
>
> (slight delay for next part of review - today was rocket launch day and
> then we headed out for a bit ;-))
>
> > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> > index 682d714..55bbfa2 100644
> > --- a/src/qemu/qemu_command.c
> > +++ b/src/qemu/qemu_command.c
> > @@ -7405,6 +7405,9 @@ qemuBuildMachineCommandLine(virCommandPtr cmd,
> >              virQEMUCapsGet(qemuCaps, QEMU_CAPS_LOADPARM))
> >              qemuAppendLoadparmMachineParm(&buf, def);
> >
> > +        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev)
>
> Since we already checked sev-guest at prepare host storage (mostly
> unconditionally), I don't think we have to make the check here as well -
> although I could be wrong...

I guess you surely meant qemuProcessPrepareSevGuestInput, but you're right, we
don't need it.

...
> >  static int
> >  qemuBuildVMCoreInfoCommandLine(virCommandPtr cmd,
> > @@ -10195,6 +10227,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver,
> >      if (qemuBuildVMCoreInfoCommandLine(cmd, def, qemuCaps) < 0)
> >          goto error;
> >
> > +    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev)
> > +        qemuBuildSevCommandLine(vm, cmd, def->sev);
> > +
>
> I think we're save to change this to:

Yep.

Erik

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list