Re: [PATCH v8 08/11] qemu: add support to launch SEV guest

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jun 06, 2018 at 12:50:14PM -0500, Brijesh Singh wrote:

QEMU >= 2.12 provides 'sev-guest' object which is used to launch encrypted
VMs on AMD platform using SEV feature. The various inputs required to
launch SEV guest is provided through the <launch-security> tag. A typical
SEV guest launch command line looks like this:

# $QEMU ...\
 -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 ...\
 -machine memory-encryption=sev0 \

Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
Reviewed-by: Erik Skultety <eskultet@xxxxxxxxxx>
---
src/qemu/qemu_command.c                         | 41 ++++++++++++++++
src/qemu/qemu_process.c                         | 62 +++++++++++++++++++++++++
tests/qemuxml2argvdata/launch-security-sev.args | 29 ++++++++++++
tests/qemuxml2argvdata/launch-security-sev.xml  | 37 +++++++++++++++
tests/qemuxml2argvtest.c                        |  4 ++
5 files changed, 173 insertions(+)
create mode 100644 tests/qemuxml2argvdata/launch-security-sev.args
create mode 100644 tests/qemuxml2argvdata/launch-security-sev.xml

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 1324c67..6ffdf63 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7295,6 +7295,9 @@ qemuBuildMachineCommandLine(virCommandPtr cmd,
        virQEMUCapsGet(qemuCaps, QEMU_CAPS_LOADPARM))
        qemuAppendLoadparmMachineParm(&buf, def);

+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev)


No need to check the capability again, it was checked while preparing
the host.

And a handy diff, per the custom in this thread:
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index cb6afd8c1c..8a71db9d2c 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7295,7 +7295,7 @@ qemuBuildMachineCommandLine(virCommandPtr cmd,
        virQEMUCapsGet(qemuCaps, QEMU_CAPS_LOADPARM))
        qemuAppendLoadparmMachineParm(&buf, def);

-    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev)
+    if (def->sev)
        virBufferAddLit(&buf, ",memory-encryption=sev0");

    virCommandAddArgBuffer(cmd, &buf);

Jano

Attachment: signature.asc
Description: Digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux