Re: [PATCH v8 06/11] conf: introduce launch-security element in domain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 06, 2018 at 12:50:12PM -0500, Brijesh Singh wrote:
> The launch-security element can be used to define the security
> model to use when launching a domain. Currently we support 'sev'.
>
> When 'sev' is used, the VM will be launched with AMD SEV feature enabled.
> SEV feature supports running encrypted VM under the control of KVM.
> Encrypted VMs have their pages (code and data) secured such that only the
> guest itself has access to the unencrypted version. Each encrypted VM is
> associated with a unique encryption key; if its data is accessed to a
> different entity using a different key the encrypted guests data will be
> incorrectly decrypted, leading to unintelligible data.
>
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> ---
>  docs/formatdomain.html.in                          | 115 ++++++++++++++++++
>  docs/schemas/domaincommon.rng                      |  37 ++++++
>  src/conf/domain_conf.c                             | 133 +++++++++++++++++++++
>  src/conf/domain_conf.h                             |  27 +++++
>  tests/genericxml2xmlindata/launch-security-sev.xml |  24 ++++
>  tests/genericxml2xmltest.c                         |   2 +
>  6 files changed, 338 insertions(+)
>  create mode 100644 tests/genericxml2xmlindata/launch-security-sev.xml

There were a few minor alignment issues, please squash in the diff below, with
that:

Reviewed-by: Erik Skultety <eskultet@xxxxxxxxxx>

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 05b3ffa689..051c54a609 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -15868,25 +15868,25 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,

     def->sectype = virDomainLaunchSecurityTypeFromString(type);
     switch ((virDomainLaunchSecurity) def->sectype) {
-        case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
-            break;
-        case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
-        case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
-        default:
-            virReportError(VIR_ERR_XML_ERROR,
-                            _("unsupported launch-security type '%s'"),
-                            type);
-            goto error;
+    case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
+        break;
+    case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+    case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+    default:
+        virReportError(VIR_ERR_XML_ERROR,
+                       _("unsupported launch-security type '%s'"),
+                       type);
+        goto error;
     }

     if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) {
         virReportError(VIR_ERR_XML_ERROR, "%s",
-                        _("failed to get launch-security cbitpos"));
+                       _("failed to get launch-security cbitpos"));
         goto error;
     }

     if (virXPathUInt("string(./reduced-phys-bits)", ctxt,
-                    &def->reduced_phys_bits) < 0) {
+                     &def->reduced_phys_bits) < 0) {
         virReportError(VIR_ERR_XML_ERROR, "%s",
                        _("failed to get launch-security reduced-phys-bits"));
         goto error;
@@ -15894,7 +15894,7 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,

     if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) {
         virReportError(VIR_ERR_XML_ERROR, "%s",
-                        _("failed to get launch-security policy"));
+                       _("failed to get launch-security policy"));
         goto error;
     }

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux