[PATCH 00/12] Introduce SEV-SNP support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

SEV-SNP support just landed in QEMU. Here is the first round of patches
to incorporate support into libvirt.

TODOs (aka problems of future me):

- Teach tools/virt-qemu-sev-validate how to deal with SEV-SNP
- Try to find a SEV-SNP machine a test these patches in real worl
- Write a kbase article on attestation with SEV-SNP

Michal Prívozník (12):
  qemu_monitor_json: Report error in error paths in SEV related code
  conf: Move some members of virDomainSEVDef into virDomainSEVCommonDef
  conf: Separate SEV formatting into a function
  Drop needless typecast to virDomainLaunchSecurity
  src: Convert some _virDomainSecDef::sectype checks to switch()
  qemu_monitor: Allow querying SEV-SNP state in 'query-sev'
  qemu: Report snp-policy in virDomainGetLaunchSecurityInfo()
  qemu_capabilities: Introduce QEMU_CAPS_SEV_SNP_GUEST
  conf: Introduce SEV-SNP support
  qemu: Build cmd line for SEV-SNP
  qemu: Allow setting launch security for SEV-SNP
  qemu_firmware: Pick the right firmware for SEV-SNP guests

 docs/formatdomain.rst                         | 108 ++++++++++++
 include/libvirt/libvirt-domain.h              |  10 ++
 src/conf/domain_conf.c                        | 156 ++++++++++++++----
 src/conf/domain_conf.h                        |  28 +++-
 src/conf/domain_validate.c                    |  44 +++++
 src/conf/schemas/domaincommon.rng             |  73 ++++++--
 src/conf/virconftypes.h                       |   4 +
 src/qemu/qemu_capabilities.c                  |   4 +
 src/qemu/qemu_capabilities.h                  |   3 +
 src/qemu/qemu_cgroup.c                        |  19 ++-
 src/qemu/qemu_command.c                       |  56 ++++++-
 src/qemu/qemu_driver.c                        |  60 +++++--
 src/qemu/qemu_firmware.c                      |  20 ++-
 src/qemu/qemu_monitor.c                       |   7 +-
 src/qemu/qemu_monitor.h                       |  41 ++++-
 src/qemu/qemu_monitor_json.c                  |  67 ++++++--
 src/qemu/qemu_monitor_json.h                  |   8 +-
 src/qemu/qemu_namespace.c                     |   3 +-
 src/qemu/qemu_process.c                       |  34 ++--
 src/qemu/qemu_validate.c                      |  13 +-
 src/security/security_dac.c                   |  34 +++-
 .../caps_9.1.0_x86_64.xml                     |   1 +
 .../firmware/60-edk2-ovmf-x64-amdsev.json     |   1 +
 tests/qemumonitorjsontest.c                   |  65 +++++++-
 ...launch-security-sev-snp.x86_64-latest.args |  35 ++++
 .../launch-security-sev-snp.x86_64-latest.xml |   1 +
 .../launch-security-sev-snp.xml               |  47 ++++++
 tests/qemuxmlconftest.c                       |   2 +
 28 files changed, 817 insertions(+), 127 deletions(-)
 create mode 100644 tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args
 create mode 120000 tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml
 create mode 100644 tests/qemuxmlconfdata/launch-security-sev-snp.xml

-- 
2.44.2
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux