On 10/18/22 13:15, Nico Boehr wrote:
Currently, dump support is always enabled by setting the respective
plaintext control flag (PCF). Unfortunately, older machines without
support for PV dump will not start the guest when this PCF is set. This
will result in an error message like this:
qemu-system-s390x: KVM PV command 2 (KVM_PV_SET_SEC_PARMS) failed: header rc 106 rrc 30 IOCTL rc: -22
Hence, by default, disable dump support to preserve compatibility with
older machines. Users can enable dumping support by passing
--enable-dump to the configure script.
The patch is fine, some nits below.
But I'm wondering when the core maintainers will start complaining about
excessive argument usage. :)
@@ -387,6 +397,7 @@ U32_LONG_FMT=$u32_long
WA_DIVIDE=$wa_divide
GENPROTIMG=${GENPROTIMG-genprotimg}
HOST_KEY_DOCUMENT=$host_key_document
+CONFIG_DUMP=$enable_dump
CONFIG_EFI=$efi
CONFIG_WERROR=$werror
GEN_SE_HEADER=$gen_se_header
diff --git a/s390x/Makefile b/s390x/Makefile
index 649486f2d4a0..5b4aff5e57ef 100644
--- a/s390x/Makefile
+++ b/s390x/Makefile
@@ -173,6 +173,11 @@ $(comm-key):
%.bin: %.elf
$(OBJCOPY) -O binary $< $@
+GENPROTIMG_COMM_KEY =
This should have a comment:
Will only be filled when dump has been enabled
+# allow PCKMO
+genprotimg_pcf = 0x000000e0
+
+ifeq ($(CONFIG_DUMP),yes)
I'd appreciate indents here
# The genprotimg arguments for the cck changed over time so we need to
# figure out which argument to use in order to set the cck
GENPROTIMG_HAS_COMM_KEY = $(shell $(GENPROTIMG) --help | grep -q -- --comm-key && echo yes)
@@ -182,9 +187,11 @@ else
GENPROTIMG_COMM_KEY = --x-comm-key $(comm-key)
endif
-# use x-pcf to be compatible with old genprotimg versions
# allow dumping + PCKMO
genprotimg_pcf = 0x200000e0
+endif
+
+# use x-pcf to be compatible with old genprotimg versions
genprotimg_args = --host-key-document $(HOST_KEY_DOCUMENT) --no-verify $(GENPROTIMG_COMM_KEY) --x-pcf $(genprotimg_pcf)
%selftest.pv.bin: %selftest.bin $(HOST_KEY_DOCUMENT) $(patsubst %.pv.bin,%.parmfile,$@) $(comm-key)
