On 10/07/2021 0:55, Brijesh Singh wrote: > To launch the SEV-SNP guest, a user can specify up to 8 parameters. > Passing all parameters through command line can be difficult. To simplify > the launch parameter passing, introduce a .ini-like config file that can be > used for passing the parameters to the launch flow. > > The contents of the config file will look like this: > > $ cat snp-launch.init > > # SNP launch parameters > [SEV-SNP] > init_flags = 0 > policy = 0x1000 > id_block = "YWFhYWFhYWFhYWFhYWFhCg==" > > > Add 'snp' property that can be used to indicate that SEV guest launch > should enable the SNP support. > > SEV-SNP guest launch examples: > > 1) launch without additional parameters > > $(QEMU_CLI) \ > -object sev-guest,id=sev0,snp=on > > 2) launch with optional parameters > $(QEMU_CLI) \ > -object sev-guest,id=sev0,snp=on,launch-config=<file> > Not directly SNP-related, but in an internal communication Connor told me he wants to allow the SEV configuration (like dh-cert-file etc.) to be set using QMP commands when the machine launches instead (or in addition to) setting them via QEMU command-line parameters. Whatever the configuration solution decided for the SEV parameters should also apply to these new SNP settings (policy, id_block, etc.). -Dov