[PATCH 0/5] Support for launchSecurity type papr-pef

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

This is the implementation of ppc64 secure guest execution, known
as PAPR-PEF. This implementation is based on the new
confidential-guest-support machine option that is available in
QEMU 6.0.0.

The patches were done on top of Boris s390-pv patches that were
sent by review [1] given that Boris provided a common base for
new security launches there.

The series is also available in gitlab:
https://gitlab.com/danielhb/libvirt/-/tree/papr_pef_v1



Note: If someone wishes to give this series a try, considering that you
have a host with proper PowerPC PEF hardware, be aware that there is
a QEMU bug in which launching a PAPR-PEF guest will trigger an early
assert [2]. The fix is not merged upstream at the moment of this
posting, so you'll need to apply the patch yourself or build
QEMU using David Gibson's ppc-for-6.1 tree [3].

[1] https://listman.redhat.com/archives/libvir-list/2021-May/msg00570.html
[2] https://lists.gnu.org/archive/html/qemu-devel/2021-05/msg08491.html
[3] https://gitlab.com/dgibson/qemu/-/tree/ppc-for-6.1

Daniel Henrique Barboza (5):
  tests: Add QEMU and domain ppc64 capapbilities for qemu 6.1
  qemu: add 'pef-guest' capability
  conf, qemu: add 'papr-pef' launch security type
  tests: add tests for 'papr-pef' support
  docs/formatdomain.rst: add 'papr-pef' launchSecurity docs

 docs/formatdomain.rst                         |     4 +
 docs/schemas/domaincommon.rng                 |     1 +
 src/conf/domain_conf.c                        |     3 +
 src/conf/domain_conf.h                        |     1 +
 src/qemu/qemu_capabilities.c                  |     2 +
 src/qemu/qemu_capabilities.h                  |     1 +
 src/qemu/qemu_command.c                       |    26 +
 src/qemu/qemu_namespace.c                     |     1 +
 src/qemu/qemu_process.c                       |     1 +
 src/qemu/qemu_validate.c                      |     8 +
 tests/domaincapsdata/qemu_6.1.0.ppc64.xml     |   133 +
 .../launch-security-papr-pef.xml              |    22 +
 tests/genericxml2xmltest.c                    |     1 +
 .../caps_6.1.0.ppc64.replies                  | 30368 ++++++++++++++++
 .../qemucapabilitiesdata/caps_6.1.0.ppc64.xml |  1175 +
 ...default-video-type-ppc64.ppc64-latest.args |     5 +-
 ...y-papr-pef-ignore-policy.ppc64-latest.args |    30 +
 ...launch-security-papr-pef-ignore-policy.xml |    19 +
 ...launch-security-papr-pef.ppc64-latest.args |    30 +
 .../launch-security-papr-pef.xml              |    16 +
 ...ault-cpu-kvm-pseries-2.7.ppc64-latest.args |     5 +-
 ...ault-cpu-kvm-pseries-3.1.ppc64-latest.args |     5 +-
 ...ault-cpu-kvm-pseries-4.2.ppc64-latest.args |     5 +-
 ...ault-cpu-tcg-pseries-2.7.ppc64-latest.args |     5 +-
 ...ault-cpu-tcg-pseries-3.1.ppc64-latest.args |     5 +-
 ...ault-cpu-tcg-pseries-4.2.ppc64-latest.args |     5 +-
 .../ppc64-pseries-graphics.ppc64-latest.args  |     7 +-
 .../ppc64-pseries-headless.ppc64-latest.args  |     7 +-
 .../ppc64-tpmproxy-single.ppc64-latest.args   |     5 +-
 .../ppc64-tpmproxy-with-tpm.ppc64-latest.args |     5 +-
 .../tpm-emulator-spapr.ppc64-latest.args      |     5 +-
 tests/qemuxml2argvtest.c                      |     3 +
 32 files changed, 31871 insertions(+), 38 deletions(-)
 create mode 100644 tests/domaincapsdata/qemu_6.1.0.ppc64.xml
 create mode 100644 tests/genericxml2xmlindata/launch-security-papr-pef.xml
 create mode 100644 tests/qemucapabilitiesdata/caps_6.1.0.ppc64.replies
 create mode 100644 tests/qemucapabilitiesdata/caps_6.1.0.ppc64.xml
 create mode 100644 tests/qemuxml2argvdata/launch-security-papr-pef-ignore-policy.ppc64-latest.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-papr-pef-ignore-policy.xml
 create mode 100644 tests/qemuxml2argvdata/launch-security-papr-pef.ppc64-latest.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-papr-pef.xml

-- 
2.31.1




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux