From nobody Wed May 1 08:58:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1522678797854991.3081207628409; Mon, 2 Apr 2018 07:19:57 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 846EA80471; Mon, 2 Apr 2018 14:19:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1EEEB60BE3; Mon, 2 Apr 2018 14:19:56 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 97E844CA97; Mon, 2 Apr 2018 14:19:55 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w32EJtqC024211 for ; Mon, 2 Apr 2018 10:19:55 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3BF355F7F7; Mon, 2 Apr 2018 14:19:55 +0000 (UTC) Received: from mx1.redhat.com (ext-mx02.extmail.prod.ext.phx2.redhat.com [10.5.110.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0B888608EF; Mon, 2 Apr 2018 14:19:53 +0000 (UTC) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0087.outbound.protection.outlook.com [104.47.32.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 99B2A883AB; Mon, 2 Apr 2018 14:19:51 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0145.namprd12.prod.outlook.com (2a01:111:e400:585a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.631.10; Mon, 2 Apr 2018 14:19:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=yLpu265qvoxD6T+rFwb/nnNJyOAZRDLfXWMM13Dm5a4=; b=jKGWaAgG5pcpIs5bPfue4nd+izp+r7dDc2b8OqrI9KFHgyLlYZ4PECdNABnf7ExCjJCGMLVzWZUU9cSFuozGtR3A0WEKPVxtNAqetPhlF8Payj6Y3kgTFbQ+VY9SHrkRhbPC1snlTc/HOcp6Bkl7eo4yKBAenKb9B5fSVMMhKYA= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Mon, 2 Apr 2018 09:18:47 -0500 Message-Id: <20180402141856.4596-2-brijesh.singh@amd.com> In-Reply-To: <20180402141856.4596-1-brijesh.singh@amd.com> References: <20180402141856.4596-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0001.namprd05.prod.outlook.com (2603:10b6:803:40::14) To BY2PR12MB0145.namprd12.prod.outlook.com (2a01:111:e400:585a::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: c2de78e6-096a-40af-f1d2-08d598a4c957 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BY2PR12MB0145; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 3:y3dcYFnulHcoIBeVYd503/55TifS5HNjiZOOPYbl5Z1CYyZIcwb4sfWakMTi6UQz92aPUG3HwzagotBxTF/vV6vzzqV2fsUW+ZouMHxYmYDLH7lGXl1k7FepDkEIYhsUwPc8AUAfUvrF0R8cDgvIn06pdqEGKl4sMBytHuF5Y13PEXaB6ao9sjKX718ynKAs85Uipd8muowDbFzGOIk68LMsZekSpQyJ2txG6WtFSo7MT4pePTKGhmLydBkpYrYz; 25:6gu4luaQwVBT5ViKLF9UH6ytkyYmW/8WgU4fKxfowlp+K3PFLb77dX3o/lwNOLTiTfTLXvrF2hyqcbB5gY5gS1DeXDtkHRu2VLFvhgBIjshVFcFfSjwzp1mQwq3VmDqPxoK86InJ9p2K4PWC4ETGxwci6y89p6SdzDRuUfO6mD1kts4RpoBBg7tTjpeLdjWieG0EOYKTiJTR12htdsOInxw4jq5st+OF5qXjV38P7iorzEFfyiEUQ3QPSDOImGqPDBluxiMdGljDG64V8SWOh3YwYBNEwTs8r9TNdS0KtUR92WQxzUtXfnkqk9iNozImY5vk+u+pHG4kQ4b6t2Iwxg==; 31:vJMiT3Cd2I0Vd3L5UYNBu4gelHpma7ZTInqvg1ncVcUYutp9M1OqYVDtKlAiZWm7l33PPl40uCuigvhqdXzP05Dz5lT0ewmoBv/x810a57tulAzsltiMvXepX9A8xbQt4QnlL72ArrteHwElnV2gSuawrGuSy/XmD5gsZ+nZWrvYPUdDW8jXBXtwEOWYU65wwGNe5AH6LiHqYniF2iJe5qJ5+2FOjT+R/Lg7XTrPigw= X-MS-TrafficTypeDiagnostic: BY2PR12MB0145: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 20:sEAEQ6l+7Y/vD/GUtrJiaRDL6R/owDqdErdyD6jFQb5W8WiBya2zXnyX3p4H4MTSj45ShTjI0ezPrCR7hVQgbe6HzeyiJG6D5YYX5SXnbguMeSqkTN9UcN9V4ATqdUBeNc7MoZTAV9vv0WrevWn5BYWGiFjq907dDENvp9QmJOnI+vgzym0kwrqzpcF+D5fsiLn7RzdQ342ah8Duvx58C1wNowom1k8CCh16N3OCxdtA7Jw/2QD+XOgxJ4OQoaM0JDXXiViGYfyURlisKA/bDCrtjsMB+jxBBQ0g8Upsrf6XSTj54ISLKQDfhE4n+TharL4FjQizisbEe3U6AM4ICGgf0JSXT5xLGgA1DguatkwnKgxqsQUykQx7wG833tKyMP7QNBnoPp67PlCrgdcqxgMl2Y10NFcPS1OJ5kSD8JbcbGz9EuvupXMKKDd7RihOmz5OOnF+psM0YZ1vO9RqigEtACfYqm/w7GtlOVHULOABUIg2rXx9ZDmClqTzej8l; 4:2V/vtkAgWrpxnsRAiGQrEvHjbvN2wiL90d1PrPH6uEuG9eVa+O85tTBigz5gT6eL1ZEQN8TZTwWtkeMxWnhcjnio093OfH/d5sdu9Rc3+7tTH0hNn+8lLrK83T6kmvyL0kMBlerFsuMtO3Z7K3huhjPECJp4loVHLJhCZe1MMWSSc4eIJmEh9PCzqGdoVki6AhzIdMVktlZICGa8mPm7tW3F+8cXgofQ1bPocISe6QIPFg6A5JTNeWJFVS1xcv5ctEyBpFDUgvxt6ROXo9oNr8L+3tiyaRj2mZP6sNonTIDu+toN9BX+FCcbbScGaaXl X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231221)(944501327)(52105095)(6055026)(6041310)(20161123564045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(6072148)(201708071742011); SRVR:BY2PR12MB0145; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0145; X-Forefront-PRVS: 0630013541 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(396003)(366004)(346002)(376002)(39860400002)(39380400002)(199004)(189003)(25786009)(956004)(486005)(6916009)(36756003)(81166006)(50226002)(186003)(2870700001)(23676004)(97736004)(54906003)(316002)(478600001)(26005)(1076002)(8676002)(6486002)(2351001)(50466002)(8936002)(16526019)(106356001)(47776003)(66066001)(53936002)(4326008)(81156014)(2616005)(2361001)(486005)(476003)(7736002)(446003)(53416004)(59450400001)(6116002)(11346002)(5660300001)(551544002)(68736007)(86362001)(76176011)(105586002)(7696005)(2906002)(52116002)(305945005)(3846002)(386003); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0145; H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJQUjEyTUIwMTQ1OzIzOmFRelZXMUFZdXVPVExMRDB0ak5Gbjkwdk9Q?= =?utf-8?B?Y2xLTThMeG9ndFNVblhZSTdWMDRGV2dDUW5TSGJiN3QvLzRacVI5UmhvaFVW?= =?utf-8?B?c3ZkVG5PdWtoeTJ1U3FHWFA1U2QySER0bWVtMUl2OFd2M2VqbWhSdlIzSlZn?= =?utf-8?B?OCtNejgxakNMR2x0WmxYNlE0elgwZWpFM1FpYlRrUVBlYWZjT2FIK2dkT2hs?= =?utf-8?B?a3lFK1lXQ2VLb2l0YkNxekcyNlNURUdTRlZDQ2NwZjdXbFg0dGtxRElIRGJB?= =?utf-8?B?S0t2R20rbU9zYzVNSjlLNm84UlNLOGY0MVgwTGZudzhTWGQ5SzRCa3k1c29D?= =?utf-8?B?NDl4ZUNTamVpaGRaWU5LRm9ZSG1VSlo1M205MGtkWVhjOHZTUWhyMnhPVWwv?= =?utf-8?B?b083d2dEWnlNVXZuUldzZVFOQUFjaUtnbmNFMW02aWlFZzRIcjRTRnhYYjR5?= =?utf-8?B?cFpUSFFSNzNUcWFjdmVtdmJBSmZhKzJ4REU2ck5lT1VhcUVua1hjZEgybjMv?= =?utf-8?B?WDRXWjVVWkYyTzVGTDNEYU5PYWFibXgxb0lXZmFIc05VQ2tTOWdMUFhIeWRN?= =?utf-8?B?MTVxZTVNc05nS1UzNkJWRG9ONnhlN0VKa2hSeDhjNUNpNW5iODhMWjdNL21s?= =?utf-8?B?WStJQ1hmOGJnWnJPYjNFdUNGQ2dJYjRmUnQwL0loQmY3aTY5Qkl4RldrcmNZ?= =?utf-8?B?S1pra20ydEhNaXRlRW5nV21rSDVyMVlTeC9hTVNwejdKUmRlTVVDdXVWejBF?= =?utf-8?B?Y01IRy9yWis5dDAyVzRXdUtQaWtoMWUyRGNuUTdoaVhDcENadWZEUHI5UFJP?= =?utf-8?B?SEM1cHJNV3MzRVVENVlPbHgvSFVTWmFKd3JMTEdDY0prZG9jRmVlSDFVY0Vl?= =?utf-8?B?MHlXZWd6blgzcEIrRlBCRWd1clpRTDNuckcvVkJ0bG0xWGM5ckpqRWd2MERm?= =?utf-8?B?K2VnUmxZdExOZlRFSDk3L2tCVDVycm4zNFlhdUc3c0dtcmVxY3N5dldGTThF?= =?utf-8?B?Nk15dVhSSXpLSDhJcXR4cWlaMWRHWUZFeEdCRXN5NnJEbXFzaVg5Y1RuWThu?= =?utf-8?B?QmZoNmUrMDdNd2FYUU1NNVJvYkcxY1h2WWVzaWlqWkhhYzI3MFN3NmFzaU1x?= =?utf-8?B?WHJ2NlFwKzA4ZlN3c1U4MVN5ZlhPd0UxMEtQREo1dWNJRjFqaGF3QmNGQzUr?= =?utf-8?B?VnZOYmNYemtveVo1TFcxMHRQU2J3UkpDSTZlcnFpbGZ3VzNzS3dFN1hXR2ov?= =?utf-8?B?OURqcTFZZ2E1ZGdKWG9RQlZWaVNlb0JSZmNEOCt4YzlBZGF6MmNXZnVZTjZT?= =?utf-8?B?U0pZQ2s0OGNpUmNCS1NpWlljN0Rzb3B0VzFYMllKNGJKSGxqWkdlNXJSc2px?= =?utf-8?B?STlUa0JuMC90ZHhCRFFUY096aW03OHFqZUFnTHQvUGdpUlE1UzFzMk9qOGQ4?= =?utf-8?B?dGJuY001RThyRmJ3WHpOM3F3cjNKTUNGU0x1ZWZWb2xzc3NZL1p6MlFWR2FM?= =?utf-8?B?VUd5OEtzNlhzWXk3VE40ZDFHWlZ2WVNBbFljVG1peXpzQ1hkSEJicTQrTDZx?= =?utf-8?B?NjVyLzROMVNaVU5HbUJwcGtBVllXYk5jN2Yza0w3SGgrUlA1UWZRSmJCSEdW?= =?utf-8?B?aTBHSkxkWnN5dlF2Z3A0d3BFM0d1UVdxK0RlaEUxT1Z4Rlo3SjZGYmpvcUZQ?= =?utf-8?B?V1lJOTU5MDNLK3Q5aUdJaWdreHBmMmtPYnFpQTQ0V3RlQ2FsTUR0TmJCMWRC?= =?utf-8?B?aGJEK1J0MHlFU0RtRG1TQT09?= X-Microsoft-Antispam-Message-Info: kux/oudBbKyorqlUOq2vfwEPYxF8yXR3pabGxNxVk3REUVHKe9PCYDoJpKPIBxPoUX3QJiWo6pnggio3ouDl/egU2AR/CJm+r2sZS2fkyvVBXwxdhNkCHK0XJNSPR9oCzgayVgFJfOInh04NZFuj9RJ3ISgeY19tIKZ36Fbri1yik5r5dhhzNNkumPNp8R/2 X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 6:AxyvoG/nSmoHhm+gynVyGlQ5U80ygswhZY9V+CNbgdy1sAzevhwJb2pbHHc1aYW3cgKJk/vqv3wG/i6oaxyV2gqVgKkqj7mDUX2QCnxEYM/oAcLMeUNZsiLsBXEK3uyg9PJs58ZtOaz9gCHNkIcSYCa2nD9lLXPQEPg3eWoAYUxZEXn9ULUyKvUx7FRr8i7uWN9vijMVs4mC+ryE8C4Y+b88hSwvb51kn97yt7f+ly4shEjEE4qB5LZYYM38WOa3Xp4gp74dPbcT7I7g5Kz//w/7cTFE0VuhmD5YP/8C+tT1ceV6fjj9rgffalRSG8RVIXe4tPZBMNXI5tZd0htwbQWDuZYlIplXlQiCiplt30qIJfvaA5RVmsDmNLES0GcnajTc7YVpsT51GTyYmtxtHTZ+gnUgWizaFiDPCFBZlI/qca9IKGjpnJrrXUVj9c3mBeAEMc5jrNPRHrYHYseNgg==; 5:NTcfwnul9Sxy60q0yAmW2Vh9jhl9GG1UhFiweluLgvz3fM1hV7RRzhwYwDbrmL2y1LKq0Z982dpAB9tgPz8Yoh3Nf/WavYQz+33HPytTcLEPnGtB7mhV61iuHWK++CnT9hWf+WFGrvkWTd16c0dfrEdV6kEIqy/do3KJtKa1/Ak=; 24:gqsz34kE+K1e44HPT4ah0k7Um5VJASTCTRKQmE2gyyWz+jAS9Egvx1fvn5vzfAyng1/QcyjlB0PcohKVmp3fHaSw3OUHZmpr3IIztb6OJzI= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 7:uQOUWULdUZDDQSNp2IdGPM6Er9T1dvHxP2ObdQ+ZH3SZdtlJXwr+sRbV2qB+edRN4kVXZiRf2h4aHfD4CNzYW+mQn2qBR4UkGU/mZndnmv2/de7xOL6bXnm4OKxt3B2QDZ3yqA+20Cu8N9URFE9sKuwRUcISmuqqGvLPQKgYFVj7vr/v2Xbqv7auSX41fEp9UG41obvM9O632rOo08FY3QhyKaOt8pPjCxuBjVL7Eq+Dk3mns42GeK/gLlIOV2Sc; 20:s0NMKAWpEScmTuPSafCKfU+rJqq53M6jrz2I+XNe/TeJiZmtnQ6ZJ2HHVDWHXUoQOkGfxw4P3o+0xDhaxZIcvQ+oNbBUgI+DBzQjF2wI6zrLyqcQyS3sFs4uk/azX9pZ4b5I1Jeriwodc6m+FN9L7AsY6fuwVQQ8Mcf3zju8qsZ1vwzMYAv2q6KYr4prcRQ5Cx5iUFP3aO2eqd/cfgGl4kmhTZoWCGmtfvRCWOeisFT1WYephachFo8rEV94yb9A X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2018 14:19:45.5804 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c2de78e6-096a-40af-f1d2-08d598a4c957 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0145 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 02 Apr 2018 14:19:51 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 02 Apr 2018 14:19:51 +0000 (UTC) for IP:'104.47.32.87' DOMAIN:'mail-sn1nam01on0087.outbound.protection.outlook.com' HELO:'NAM01-SN1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.011 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS) 104.47.32.87 mail-sn1nam01on0087.outbound.protection.outlook.com 104.47.32.87 mail-sn1nam01on0087.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.26 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Peter Krempa , Jon Grimm , Andrea Bolognani , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v5 01/10] qemu: provide support to query the SEV capability X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 02 Apr 2018 14:19:57 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 QEMU version >=3D 2.12 provides support for launching an encrypted VMs on AMD x86 platform using Secure Encrypted Virtualization (SEV) feature. This patch adds support to query the SEV capability from the qemu. Reviewed-by: "Daniel P. Berrang=C3=A9" Signed-off-by: Brijesh Singh --- src/conf/domain_capabilities.h | 13 ++++ src/qemu/qemu_capabilities.c | 38 +++++++++++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_capspriv.h | 4 ++ src/qemu/qemu_monitor.c | 9 +++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 73 ++++++++++++++++++= ++++ src/qemu/qemu_monitor_json.h | 3 + .../caps_2.12.0.x86_64.replies | 10 +++ tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 3 +- 10 files changed, 156 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index fa4c1e4..72e9daf 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -137,6 +137,19 @@ struct _virDomainCapsCPU { virDomainCapsCPUModelsPtr custom; }; =20 +/* + * SEV capabilities + */ +typedef struct _virSEVCapability virSEVCapability; +typedef virSEVCapability *virSEVCapabilityPtr; +struct _virSEVCapability { + char *pdh; + char *cert_chain; + unsigned int cbitpos; + unsigned int reduced_phys_bits; +}; + + struct _virDomainCaps { virObjectLockable parent; =20 diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index e54dde6..0f6e6fb 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -466,6 +466,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST, /* 285 */ "virtio-mouse-ccw", "virtio-tablet-ccw", + "sev-guest", ); =20 =20 @@ -532,6 +533,8 @@ struct _virQEMUCaps { size_t ngicCapabilities; virGICCapability *gicCapabilities; =20 + virSEVCapability *sevCapabilities; + virQEMUCapsHostCPUData kvmCPU; virQEMUCapsHostCPUData tcgCPU; }; @@ -1705,6 +1708,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[= ] =3D { { "virtio-keyboard-ccw", QEMU_CAPS_DEVICE_VIRTIO_KEYBOARD_CCW }, { "virtio-mouse-ccw", QEMU_CAPS_DEVICE_VIRTIO_MOUSE_CCW }, { "virtio-tablet-ccw", QEMU_CAPS_DEVICE_VIRTIO_TABLET_CCW }, + { "sev-guest", QEMU_CAPS_SEV_GUEST }, }; =20 static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsVirtioBalloon[]= =3D { @@ -2784,6 +2788,21 @@ virQEMUCapsSetGICCapabilities(virQEMUCapsPtr qemuCap= s, qemuCaps->ngicCapabilities =3D ncapabilities; } =20 +void +virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps, + virSEVCapability *capabilities) +{ + virSEVCapability *cap =3D qemuCaps->sevCapabilities; + + if (cap) { + VIR_FREE(cap->pdh); + VIR_FREE(cap->cert_chain); + } + + VIR_FREE(qemuCaps->sevCapabilities); + + qemuCaps->sevCapabilities =3D capabilities; +} =20 static int virQEMUCapsProbeQMPCommands(virQEMUCapsPtr qemuCaps, @@ -3287,6 +3306,19 @@ virQEMUCapsProbeQMPGICCapabilities(virQEMUCapsPtr qe= muCaps, return 0; } =20 +static int +virQEMUCapsProbeQMPSEVCapabilities(virQEMUCapsPtr qemuCaps, + qemuMonitorPtr mon) +{ + virSEVCapability *caps =3D NULL; + + if (qemuMonitorGetSEVCapabilities(mon, &caps) < 0) + return -1; + + virQEMUCapsSetSEVCapabilities(qemuCaps, caps); + + return 0; +} =20 bool virQEMUCapsCPUFilterFeatures(const char *name, @@ -4768,6 +4800,12 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps, virQEMUCapsGet(qemuCaps, QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION)) virQEMUCapsSet(qemuCaps, QEMU_CAPS_CPU_CACHE); =20 + /* Probe for SEV capabilities */ + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) { + if (virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon) < 0) + virQEMUCapsClear(qemuCaps, QEMU_CAPS_SEV_GUEST); + } + ret =3D 0; cleanup: return ret; diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 3f3c29f..9b51cc2 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -450,6 +450,7 @@ typedef enum { /* 285 */ QEMU_CAPS_DEVICE_VIRTIO_MOUSE_CCW, /* -device virtio-mouse-ccw */ QEMU_CAPS_DEVICE_VIRTIO_TABLET_CCW, /* -device virtio-tablet-ccw */ + QEMU_CAPS_SEV_GUEST, /* -object sev-guest,... */ =20 QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/src/qemu/qemu_capspriv.h b/src/qemu/qemu_capspriv.h index 222f336..1fa85cc 100644 --- a/src/qemu/qemu_capspriv.h +++ b/src/qemu/qemu_capspriv.h @@ -86,6 +86,10 @@ virQEMUCapsSetGICCapabilities(virQEMUCapsPtr qemuCaps, virGICCapability *capabilities, size_t ncapabilities); =20 +void +virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps, + virSEVCapability *capabilities); + int virQEMUCapsParseHelpStr(const char *qemu, const char *str, diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index e169553..44c2dff 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -4007,6 +4007,15 @@ qemuMonitorGetGICCapabilities(qemuMonitorPtr mon, return qemuMonitorJSONGetGICCapabilities(mon, capabilities); } =20 +int +qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon, + virSEVCapability **capabilities) +{ + QEMU_CHECK_MONITOR_JSON(mon); + + return qemuMonitorJSONGetSEVCapabilities(mon, capabilities); +} + =20 int qemuMonitorNBDServerStart(qemuMonitorPtr mon, diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index 7a22323..efd3427 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -767,6 +767,9 @@ int qemuMonitorSetMigrationCapability(qemuMonitorPtr mo= n, int qemuMonitorGetGICCapabilities(qemuMonitorPtr mon, virGICCapability **capabilities); =20 +int qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon, + virSEVCapability **capabilities); + typedef enum { QEMU_MONITOR_MIGRATE_BACKGROUND =3D 1 << 0, QEMU_MONITOR_MIGRATE_NON_SHARED_DISK =3D 1 << 1, /* migration with non-= shared storage with full disk copy */ diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index d80c4f1..e67f7b7 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6398,6 +6398,79 @@ qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon, return ret; } =20 +int +qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon, + virSEVCapability **capabilities) +{ + int ret =3D -1; + virJSONValuePtr cmd; + virJSONValuePtr reply =3D NULL; + virJSONValuePtr caps; + virSEVCapability *capability =3D NULL; + const char *pdh =3D NULL, *cert_chain =3D NULL; + int cbitpos, reduced_phys_bits; + + *capabilities =3D NULL; + + if (!(cmd =3D qemuMonitorJSONMakeCommand("query-sev-capabilities", + NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + goto cleanup; + + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + goto cleanup; + + caps =3D virJSONValueObjectGetObject(reply, "return"); + + if (virJSONValueObjectGetNumberInt(caps, "cbitpos", &cbitpos) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("'cbitpos' field is missing")); + goto cleanup; + } + + if (virJSONValueObjectGetNumberInt(caps, "reduced-phys-bits", + &reduced_phys_bits) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("'reduced-phys-bits' field is missing")); + goto cleanup; + } + + if (!(pdh =3D virJSONValueObjectGetString(caps, "pdh"))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("'pdh' field is missing")); + goto cleanup; + } + + if (!(cert_chain =3D virJSONValueObjectGetString(caps, "cert-chain")))= { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("'cert-chain' field is missing")); + goto cleanup; + } + + if (VIR_ALLOC(capability) < 0) + goto cleanup; + + if (VIR_STRDUP(capability->pdh, pdh) < 0) + goto cleanup; + + if (VIR_STRDUP(capability->cert_chain, cert_chain) < 0) + goto cleanup; + + capability->cbitpos =3D cbitpos; + capability->reduced_phys_bits =3D reduced_phys_bits; + *capabilities =3D capability; + ret =3D 0; + + cleanup: + virJSONValueFree(cmd); + virJSONValueFree(reply); + + return ret; +} + static virJSONValuePtr qemuMonitorJSONBuildInetSocketAddress(const char *host, const char *port) diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index 846d366..f30ff1f 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -152,6 +152,9 @@ int qemuMonitorJSONSetMigrationCapability(qemuMonitorPt= r mon, int qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon, virGICCapability **capabilities); =20 +int qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon, + virSEVCapability **capabilities); + int qemuMonitorJSONMigrate(qemuMonitorPtr mon, unsigned int flags, const char *uri); diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies b/tests/= qemucapabilitiesdata/caps_2.12.0.x86_64.replies index c086e04..8287bb7 100644 --- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies +++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies @@ -18942,6 +18942,16 @@ } =20 { + "return" : { + "reduced-phys-bits": 1, + "cbitpos": 47, + "cert-chain": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA", + "pdh": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAO= AAA" + }, + "id": "libvirt-51" +} + +{ "return": { }, "id": "libvirt-1" diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml b/tests/qemu= capabilitiesdata/caps_2.12.0.x86_64.xml index 334296e..43eeef5 100644 --- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml @@ -225,9 +225,10 @@ + 2011090 0 - 390060 + 390306 v2.12.0-rc0 x86_64 --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 1 08:58:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1522678801622633.82042982449; Mon, 2 Apr 2018 07:20:01 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2D891804ED; Mon, 2 Apr 2018 14:20:00 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F31475D753; Mon, 2 Apr 2018 14:19:59 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B5C074CA9C; Mon, 2 Apr 2018 14:19:59 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w32EJw9U024229 for ; Mon, 2 Apr 2018 10:19:58 -0400 Received: by smtp.corp.redhat.com (Postfix) id D7E39764FA; Mon, 2 Apr 2018 14:19:58 +0000 (UTC) Received: from mx1.redhat.com (ext-mx02.extmail.prod.ext.phx2.redhat.com [10.5.110.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B5448789AF; Mon, 2 Apr 2018 14:19:54 +0000 (UTC) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0087.outbound.protection.outlook.com [104.47.32.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 14C13883A5; Mon, 2 Apr 2018 14:19:53 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0145.namprd12.prod.outlook.com (2a01:111:e400:585a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.631.10; Mon, 2 Apr 2018 14:19:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Yb3N1n9rVrdDBaNdJHo8rX3rpy6ladk/xdn/INTg7eI=; b=i/mxhg08lUi/KCKWX5ruVLRx43qWVOeih7YMUf8QJVM1VV+G3MlpI1hnJofV0y9MJilshP0H7XHZDTUaVQeUuFLPiUK0F6UBe+QbOQ/RAiDn4FDoNiUUD7tqVonGX4Doss2MypJdHIGQL9Yp4rRaXpfpUnsgz3Le6QIj5gYg5tc= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Mon, 2 Apr 2018 09:18:48 -0500 Message-Id: <20180402141856.4596-3-brijesh.singh@amd.com> In-Reply-To: <20180402141856.4596-1-brijesh.singh@amd.com> References: <20180402141856.4596-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0001.namprd05.prod.outlook.com (2603:10b6:803:40::14) To BY2PR12MB0145.namprd12.prod.outlook.com (2a01:111:e400:585a::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 3a64b330-34bb-4b2c-d6b2-08d598a4c9fe X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BY2PR12MB0145; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 3:8lNMyFXUkEV81F+O+7QMykE9+MMiZ4hPMKZfsUFcgtRySWX49PDqwgBaclGyaImceZ2fY7HYW5HIKHRV8yZfjTzbIPTSZaU42vReNqrZs2BM8zokTS7T8c5kjKVspPcpKSPFJdVMkMHA6ZbQlfu8utAFsIW2dmK4L8WoWm1dOjYmjpbAJEskBI9pBmsu3E6vXjxNCUMrHoq1eqnM06/Q6RlcDG4Yice1CCQ27Je4BZ5vPx/L7fhfcJ9/N5LXC20h; 25:lP5Iz3CNoPrcRojWWRTJGGTYqzbvpb6wdLqhcHXsuFJzmRNxKe+0a7mmktDL1RP7v7CHNq8jHTHZX28rpKoFrlZSkV4sAE2D/PSpIlVzy6a0YQSbsNVLkmQKvJpCLReMG6vmFwNsyrWxsDrioARxgQxiskXDDoqPzPtLQxCUiEjOAFZlvCM/uU3zPMnk4l6Hm7br/gJygz5kcZR/2pCVNQaV2zhkvG6ogsfwNVav0u2/QnUs0+bUZntCcweZTU95FPfy74vl8gBSOsRt2gfg3WJuopQ0rIIi2ln+5lX0AyICGavdmSObek5+5BeqyQP6CSXIwgynmmMlBPL0WaKaMQ==; 31:WKAL5YN9kv9OJzZd0D1ydSYwy6bVAHhD2Ge4vlQz47dSwoCJ+zlx8XG1kTIrY/EQHtiL++sCHZ0LrDMtsJ/mKJOXU5cz0yGhzr3+vyet3jmOb8ARc9Ghx6ZSKH0Bz6E30PMzqeRm7lx1d4tpQgV+rfmh0kjqSYPLMbOF5dUEPrZIBNozOCqN0o+OADUlJ5RTEN7dnuR7JnCtu5ZQuLCJIPwiTutRyTcHPQYbu9t5Ieg= X-MS-TrafficTypeDiagnostic: BY2PR12MB0145: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 20:bLmRWGkbk7In2jCFuUXwHoEiCXw38MD7qjtIlEAPhrRdqkWMp6pXBFTwUyjL5gXiazP4r12+qL+AA4pc4pUP10euneaHSHBVP+yeVpEQPbvjxGjmA2eDAGDko6mXPU67cplA89LnpZsO8w8lrGenYJuHJo0jblV7ryf+TK9e5N/Pey/JAp0UPbLCc7JN6OO1XbiLMuA6WHMHFWFcDIKKA6c71Vz0D/zDL8Ja3YaiUJcnUjFRh2lk7kdWpGbedM7GCiEVC60GY5B8/r6fICnd3BwLHJCD8nZmqvgjtiNIc989oK1QFx55uuF/zsHItf64T927TTlJk3DbDIkds9O7IoqWFBN+hbAoUMgKdW4T7NMJSt7KEZBRmECiLHu/wUxI//JLS5RxlfFH6b+D9qVAes4xvv8PjY/J2C+tMi6BbYOdIsQWQtBqnxBLBk+ZeQMTCv02x8qmlr454KqItv9vZnCWqY5hXrkM6hoUMR3hxWOfSJ7zphLN830SPxq/6iQn; 4:ZfhYGfeueqRmthMt2HlhCVrXJSoblvTmsn7vLegbDMdaZr/CZ4kCfFCX3L9scJ7+tp5RogptKgpN2Ghn+Yl2Rmi01FjI+/2F/pMK2a5/vSHhrDsDeUSD2cgY+RHaC6PI5wWRxOAkdHf8yaUTAgBRJvamspDlRwSnreS1XBZtMW2deMWhRzP5rffHiCUra1jLaoD5JyPUL0hnOjrATCWP5puSszKfJDdl+25xbqrSax55a8ug95pWUI6yWgBC1v+5hPRGQfTouo2IYcEA9gp7lUX1zVtufVPe+DJfUhwuOGvM0NobFxPR35kUfmKh22iH X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231221)(944501327)(52105095)(6055026)(6041310)(20161123564045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(6072148)(201708071742011); SRVR:BY2PR12MB0145; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0145; X-Forefront-PRVS: 0630013541 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(396003)(366004)(346002)(376002)(39860400002)(39380400002)(199004)(189003)(25786009)(956004)(486005)(6916009)(36756003)(81166006)(50226002)(186003)(606006)(2870700001)(23676004)(97736004)(54906003)(316002)(478600001)(26005)(1076002)(8676002)(6486002)(2351001)(50466002)(8936002)(16526019)(106356001)(47776003)(66066001)(53936002)(4326008)(81156014)(2616005)(2361001)(486005)(476003)(7736002)(446003)(53416004)(59450400001)(298455003)(6306002)(6116002)(11346002)(5660300001)(68736007)(86362001)(76176011)(105586002)(7696005)(2906002)(236005)(52116002)(3846002)(386003); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0145; H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJQUjEyTUIwMTQ1OzIzOk5tKzBZS0VtaDRJNlhnZXdzUG9YRkRHdExB?= =?utf-8?B?U1I5bTU4bm9yRFRqUDFuNFROeUZBQkVST01laVprN05pQkwrRmtlSFZYU1Aw?= =?utf-8?B?SzZOSW4xSkE5c3NUSEJXYXRoQXJEQloweVZXb3ZQMlJwRWdXL3dSai92c2Jz?= =?utf-8?B?Smc2S1l2K1NDc1lJVWg4YzZ4L0p0czE1WjhNWXVteFRoeDNlcUF1RGFVU1ZZ?= =?utf-8?B?Z0Q2MkZWV2JXRlczdTZ5SXc2dVJzTWdhZDdMdjVzSysvUERQU1NLc1ZOUnhP?= =?utf-8?B?dDNHZWhTUThTcVZOaHR2eS9qRUJOdmdRc2RVZXdhaGxQSEFXZzNubG9BV3g1?= =?utf-8?B?dldvSFF1WkUrUGFPSGx0VWJmQWlobHlDdDU2ZHI1S2lHOWhESkpFemcyemlL?= =?utf-8?B?YmFKRkV2NndxY2U2TVlNbWhybjh2RmczSU9obDZlbkhrU2IxdFc2NkdRYmRn?= =?utf-8?B?MkpRMHRRUlFaSHppUk5RYStTY3lCNHZUYUM2ZXYyNkJkVzN5UHQyZnA4QzVh?= =?utf-8?B?QzFkZGpDU2kvNFZWbVhsNGh5YlMwNkRoVDdyTFhKZys5S085VGZQcmpnZ2hF?= =?utf-8?B?Z1dsVUkvWjlYZ2h0SVJRbklzTVdobndkbHZkRzhXSFBHSWc3MFdCU29yQ2JC?= =?utf-8?B?NTFwa3lvdW0rSDVXWDNuQjlTdFJMNktudDhET2h4L0UwZVQ2SDM2WEljbktr?= =?utf-8?B?RjkzOUdkWEtsS0xTM0JHbFk5MVZJZnoyWW1zd0pLRTdaWlE4cWhaNEhHQnov?= =?utf-8?B?YzRTZmlQS0FUR3NRbDlJYzl3TFVzNFBPU2RFbW9oQ0VsUndodU5nUDJVN29n?= =?utf-8?B?YWhrODl5TElGS3BBRDVHSHo0RWIzMkg0dFlwSk5jZ1ZMV2dkcm1vTTYzOHp1?= =?utf-8?B?SUJiejdYNEFURHNOYlpvemx3d1I4S0lVUGhlVTNnT0xUbktDM1V0MDhibWh3?= =?utf-8?B?WFhGZmlBK1VOV1NHeXJaOEFHTEJzOWtBczVEaXNBMWNrYTlVN242dmlhTnI4?= =?utf-8?B?eGRQMlFQK2lGbFg3S2hUU3hvMXFucnFUOUY4aUhML3lJNm9scDUzWmNndUNG?= =?utf-8?B?dU9melMyT3RCeWpmajVtYjZMOVgzeVRMSXlXNGo5SUtrM1J2NFlhY0NzYTNW?= =?utf-8?B?WWdZam5tcm5LUEYzZklnOEh5U2NVSk0rVFVGRlFmTEtldENGTVI4cGJUVVVj?= =?utf-8?B?SDdTR25SVktNTVovb3p3K3RHRWhGQjdia0RENDdKM0NWenhsdHlRNFAvTVlO?= =?utf-8?B?M2Z3OTN6ZnFJZVM5Q2cxYm9IYUZVM2s1RjVPSTJXUVVRUjk1TS9mZjlsRnBp?= =?utf-8?B?Zmp6V1hTeDdZbHdHTWJxRytzc3JqWXFJcmRMS1NJTmdCbXY5ejEzeGJHak42?= =?utf-8?B?MitJTUpEU1JjZVhtMWd2TDBFbkRFQjBxQWQvUGRRZWFXVDUxTGtKYTNpbzMy?= =?utf-8?B?TnJ1TGJ1NkI2OEJsZUJ1eFlqTjU1Qm5Xc3A1K1E1cTVyWU5EZmoxR0pEdFAr?= =?utf-8?B?MTl4OFZFMnFzdjNPb1pDQ1hQS3oza0daT0J0YS9HNE4vejhYZzVaV3RHUElt?= =?utf-8?B?TEViMVBxVEFDRVg1YnU3RmJGbWpnejZhZlhpa3Vjd05MTEhaaVhOQkE4S09U?= =?utf-8?B?SWtsbjlYVDhiVXdxaFU1cmpVeWVRSFR6MmlnQ3ZpWmhETk92bnhlL1pocEhD?= =?utf-8?B?UmtpWk9IbzJwQ2xrUEUya2NVRmJ1YTZyRjBHTXNzVzk5UzJLaHJvUXRLYkFP?= =?utf-8?Q?b6isxan9RZ+7vysssXx7Yh/MdYcQ4RxImLQHo=3D?= X-Microsoft-Antispam-Message-Info: iQoHenWo6HmtccjvtdJ8pyqgsIOfVDU/IjrY2y0SH/lpwuG5Fj2ewwgbOWXiFQnBbXB3/W92wc4WUqF9e4UnyByRaAyEfDMjVb6TkaC0+vHxgePeI+OfO9Vjv1igA/JZrgBruHa2Uioeeb1lheFqXzpdfkQHKxLEqpnn1a90qjyLSRHtbOHHYsWDigHI8znn X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 6:EudPUFBEKXNqJvL/A2LO1bffD27bfhmgH00gyYG+X6WUy47dCiztkKGLMtdpp6X96n9GGM0tBfUkmXXVWNtBSoZgTljYUzi/GFIzhQdxHWmzwA81wJNno8E94YSX8JslwVSUGIw6Xv0ySy9Zn/n6Z7iUFIRKAQ3cMuhV25xt9BNmoZcJenX8HhjsQDIW6b8yxXCaISm+KFPpxuoMVsld+3TxTn80Slscx00B2FCpOMKBlK4kG//aEIWXJOl6aF6angIVA+Ayeo2tKt1sK6Ms2lh8RPew5dTdhGeMSnaNfe/2xH0BX85a9wnZmkhDrfveQ87HicuMRkXQzvY6GN1O14jl//AqXdB5BXqX0pEs55ykIeqSnjwdznhcjuVmpbWm0QXiM5we7GmtRU/R2vDYYn3N2e9CmlR021rs3/oEq8OUIdD2OTwl36ucZ1PRfSZljo+HcYwd77rR6FVSNOjUQA==; 5:XI6PhgDAQ0qMVdRf1SWdyk5GumP601RqgkDvu41Np0NUK5kNG3nKjjqRTtp/g+7ztvK/hxLMErRqqTFETtJw1vQRvlKSiBwOLxSijlhJrBhQr4GmtKCLUY8MVIvlTlaTA80as3Z9O+QFeS01OKpt10BIKB/40L+RAL9sEccgRaA=; 24:g3TaPJXma0Mim7awqXnK7MrU01h6cSt2CTjGNtGAj1UOeay2HSi8MO5d+rMxT/CGSvFAiHPYrWbuP9ksjMlPXWT5uXuX7uPXU406pIKXxqo= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 7:VBjP0iXVnamn+jMDaOj8W335+GJfgM+6q8gvY1IsO31cp7QjHLA23CCnMCIEm87Yb63Mz4EfzV/CceStWfFYk0dIJk79HGqmCYDUWfMYdGOVUzBPwW4L8bYF2KZwgMWZ0BVrtS03rW/2OO5nWUl/EBB/u/n48FyHTfXC1dLqfzFetcAsEfA1lLBIt4omDAByM0r8rpNVR5h90nfQXNuH60c1kimUjCs9uHNfVtGIcvthA1ZpMJX7D3ismTCwv7He; 20:FT05bBtitLasokCk3tfEwWZYegLrBMYKz9C3cpSHWXeucPnvDordyj+xYj9kvFH97O7dyusn3967s9KWumxPWANMTHjxTyMZ3DAlAUWNeTXYBwHggOwcbKbarUUhIYg7sSDqdUV8PEIWiNxWfWiGV99FCziM8Uk3aqa5TxXMgn9GSXBMdP2dFY2JeuVmL8p8jIJvmFeE23/BQSDOCfKTWMB5OF5SydFpLZUc4x9DRwGxvfYtHN+qZ3/SXDGryWkE X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2018 14:19:46.6741 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3a64b330-34bb-4b2c-d6b2-08d598a4c9fe X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0145 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 02 Apr 2018 14:19:53 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 02 Apr 2018 14:19:53 +0000 (UTC) for IP:'104.47.32.87' DOMAIN:'mail-sn1nam01on0087.outbound.protection.outlook.com' HELO:'NAM01-SN1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.011 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS) 104.47.32.87 mail-sn1nam01on0087.outbound.protection.outlook.com 104.47.32.87 mail-sn1nam01on0087.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.26 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Peter Krempa , Jon Grimm , Andrea Bolognani , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v5 02/10] qemu: introduce SEV feature in hypervisor capabilities X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Mon, 02 Apr 2018 14:20:00 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Extend hypervisor capabilities to include sev feature. When available, hypervisor supports launching an encrypted VM on AMD platform. The sev feature tag provides additional details like platform diffie-hellman key and certificate chain which can be used by the guest owner to establish a cryptographic session with the SEV firmware to negotiate keys used for attestation or to provide secret during launch. Reviewed-by: "Daniel P. Berrang=C3=A9" Signed-off-by: Brijesh Singh --- docs/formatdomaincaps.html.in | 40 ++++++++++++++++++++++++++++++++++++++= ++ docs/schemas/domaincaps.rng | 20 ++++++++++++++++++++ src/conf/domain_capabilities.c | 20 ++++++++++++++++++++ src/conf/domain_capabilities.h | 1 + src/qemu/qemu_capabilities.c | 2 ++ 5 files changed, 83 insertions(+) diff --git a/docs/formatdomaincaps.html.in b/docs/formatdomaincaps.html.in index 6bfcaf6..f383141 100644 --- a/docs/formatdomaincaps.html.in +++ b/docs/formatdomaincaps.html.in @@ -417,6 +417,12 @@ <value>3</value> </enum> </gic> + <sev> + <pdh> </pdh> + <cert-chain> </cert-chain> + <cbitpos> </cbitpos> + <reduced-phys-bits> </reduced-phys-bits> + </sev> </features> </domainCapabilities> @@ -441,5 +447,39 @@ gic element. =20 +

SEV capabilities

+ +

AMD Secure Encrypted Virtualization (SEV) capabilities are exposed = under + the sev element. + SEV is an extension to the AMD-V architecture which supports running + virtual machines (VMs) under the control of a hypervisor. When support= ed, + guest owner can create a VM whose memory contents will be transparently + encrypted with a key unique to that VM. + + For more details on SEV feature see: + + SEV API spec and \n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "%d\n", sev->cbitpos); + virBufferAsprintf(buf, "%d\n", + sev->reduced_phys_bits); + virBufferAsprintf(buf, "%s\n", sev->pdh); + virBufferAsprintf(buf, "%s\n", + sev->cert_chain); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "\n"); +} + =20 char * virDomainCapsFormat(virDomainCapsPtr const caps) @@ -587,6 +606,7 @@ virDomainCapsFormat(virDomainCapsPtr const caps) virBufferAdjustIndent(&buf, 2); =20 virDomainCapsFeatureGICFormat(&buf, &caps->gic); + virDomainCapsFeatureSEVFormat(&buf, caps->sev); =20 virBufferAdjustIndent(&buf, -2); virBufferAddLit(&buf, "\n"); diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 72e9daf..2e8596c 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -170,6 +170,7 @@ struct _virDomainCaps { /* add new domain devices here */ =20 virDomainCapsFeatureGIC gic; + virSEVCapabilityPtr sev; /* add new domain features here */ }; =20 diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 0f6e6fb..3fd4911 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -5787,6 +5787,8 @@ virQEMUCapsFillDomainCaps(virCapsPtr caps, virQEMUCapsFillDomainDeviceHostdevCaps(qemuCaps, hostdev) < 0 || virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps) < 0) return -1; + + domCaps->sev =3D qemuCaps->sevCapabilities; return 0; } =20 --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Wed May 1 08:58:27 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 152267880659820.75532619349292; Mon, 2 Apr 2018 07:20:06 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1FC4A883CE; Mon, 2 Apr 2018 14:20:05 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DC92E51DF2; Mon, 2 Apr 2018 14:20:04 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7DD1C4CAA5; Mon, 2 Apr 2018 14:20:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w32EJxQN024239 for ; Mon, 2 Apr 2018 10:19:59 -0400 Received: by smtp.corp.redhat.com (Postfix) id C37C960FAB; Mon, 2 Apr 2018 14:19:59 +0000 (UTC) Received: from mx1.redhat.com (ext-mx02.extmail.prod.ext.phx2.redhat.com [10.5.110.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4456760BEB; Mon, 2 Apr 2018 14:19:56 +0000 (UTC) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0087.outbound.protection.outlook.com [104.47.32.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 89DF6883B1; Mon, 2 Apr 2018 14:19:54 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0145.namprd12.prod.outlook.com (2a01:111:e400:585a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.631.10; Mon, 2 Apr 2018 14:19:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=K/dqgUFJ/3Jh+Fw8KyG38DxLuDUXqq4wWBjT1MiSEz0=; b=UzLaBOa3aT7J2zzbywp8FSVRwxwwDsFac42HVPabcu0SVl6ksd+0sVWn6WnFT7DlLdC2m9BzAyaXMg9Xggthu3TFzd9liGOaoAFT0CR7y/e641FZHaSuGt6sc7K+oMx6jc9bXbBzkhSDsZvv825xBeyOCoKcS4ZctRkhHwd3b74= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Mon, 2 Apr 2018 09:18:49 -0500 Message-Id: <20180402141856.4596-4-brijesh.singh@amd.com> In-Reply-To: <20180402141856.4596-1-brijesh.singh@amd.com> References: <20180402141856.4596-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0001.namprd05.prod.outlook.com (2603:10b6:803:40::14) To BY2PR12MB0145.namprd12.prod.outlook.com (2a01:111:e400:585a::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e97b10e5-5c98-4569-593b-08d598a4caa3 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BY2PR12MB0145; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 3:ouFHPpuD3ZHV6J6fNQOp2q4xxvb/7GBW4Ui+PpUw2pHeenpMEr6FqWXo5br7j8+jL/rq9Jy5MlvqaxODnM6ajCDXr9dZx3H8qipjVbg8l6WSbE4RwAFS1mPlPOMMduXl6huhFN+9UKY5gh+O9hR24vPJeCl1Dympo3AbMQ4yBX7me1VlHHTzZqXXkoiSUxDFjxU7X8QgveeWu8Dm+79YkcBgxYm7Ds/WwnxHUC4eY64IuHkWLJw9qfbsUQvi0qO5; 25:GZbleA4ZrH/fQKoa//wY3Tb1fhYVeG6KEHGQuMUNdGZ1J7WnwAtDilSJKG3GuFwAW9ibAH7LVg23xbadPFewSDQakm5tI3fRaMPyj+/wAmE73oUp2dEZwvyVYoq2v1y1S15GpmFrjPD2PHyzfBtoKF67XfBkdvPJUzjkBoJh0ga0qn7sNDbgsqDZJIJXaJBON+NX7WPd6fboEYk5Wq2bscKhdQj3n/qpGf0Il1eitnxXZIJTrROfEGLHvRh/HIlrwYvN3c3ohH9tAC89hnjmrW0Brw3YLyoaG+1Afe3NCNU0dIXUnDPIIGyqFUmX3g+4nTUjx8TFzxuBeXSbuw+RXw==; 31:PecmmRNocULufC5Gm9LFwFURQZlq28TAEr3jFC1SZlGtlJuarCOUjWu6XHj4GJYs+BGAuDYXFpioMt932ijHEInvFpA9IVYEIInoiBvHbvY1qve7KGAsmnqwpMe/qPqrjTxPkdKpT9ufDBYGEhGdeIZkLmaSph7ENyhL2XODeYGeBVf4H8ImT1VP4V/sBAMKrp0fwIMtjvoWg7Pz6F8o+j6dKstwv3Qgk+BQBXzSLpo= X-MS-TrafficTypeDiagnostic: BY2PR12MB0145: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 20:pgzfabostpvu85/OQnzlTLG0KKTmz43sekmz1+xVgXwlPX4LNhZ0W+5lTy1830ns+eNwRK8pJRQSbpel78uoi+5aplFUSvQ75ZuAsoWH9X7SIipaiXScAD0DEWxhTH44lq0tImiDDqyc/behQkOPQJsbwNGlB4RAMKVMDBfqTCnpl9xJMpK69FJM8ejgbPfvAp/+2hnEqIlnDR2kxGT5myjD8ocV4Oed1SQDRc28RYfz8XX3gcXRGRfKADM1Bqk2ebJrKBXvelE+tcRQbMxVrWF2uxCtsbhGsw7WMALh4a8C/ifHojLTjsiaGLLKKWQdq94FdzrFMbraNKoBfjsGadJbyj4R0OGEj1otdq00kc66oBlpBm/QlomxAZH4wdVB9rRAiO8U2jALkUfHgMqctPoDCZRfNRJ07Le2dg4TKGllkMsMylRKriTMOcFc75anra3rbKbUR+bimE9fFb87nQxJmTwgo0w/h+F7eQJqwdPRxsUu7+p6tlQprdaD773i; 4:uOU5lRWDorZriGulH7BWaucFeqLQ8IQZ9mN85WEo2oEnPgFKUtFHjChbXbBalpPIU/ybEl//dUKB9M8Qo73ZXf8j5lR3wxUjSR2uxBg/NftNjrTFsBx0iertEXIQRR6w5KuMToeSjdm1snjOVYPH5wT/Ol+HfSI8QBYpyZIwDapAHCWy9CIlMRdWuWv8VyoP2o7RiJnMZskcKurSP/6cRdIdLj8yWmoGAzo6RHM16nFnaQVipMTVfME7dfqPRfsfQtNTC7Yrx9zPlT2fknPPU4KmxwNDyN0VoBuH6GxL5WgkwFHqYOsAUv04A/oywQMHGEYJPjmFzUoxpUdKysUX1lIMcZtQqjoW0jHZTF8E5tQ= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231221)(944501327)(52105095)(6055026)(6041310)(20161123564045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(6072148)(201708071742011); SRVR:BY2PR12MB0145; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0145; X-Forefront-PRVS: 0630013541 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(396003)(366004)(346002)(376002)(39860400002)(39380400002)(199004)(189003)(25786009)(956004)(486005)(6916009)(36756003)(81166006)(50226002)(186003)(606006)(2870700001)(23676004)(97736004)(54906003)(316002)(478600001)(26005)(1076002)(8676002)(6486002)(2351001)(50466002)(8936002)(16526019)(106356001)(15650500001)(47776003)(66066001)(53936002)(4326008)(81156014)(2616005)(2361001)(486005)(476003)(7736002)(446003)(53416004)(59450400001)(6306002)(966005)(6116002)(11346002)(5660300001)(68736007)(86362001)(76176011)(105586002)(7696005)(2906002)(236005)(575784001)(52116002)(305945005)(3846002)(386003)(19607625011); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0145; H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJQUjEyTUIwMTQ1OzIzOndhUk1OSk54L25GOVpqVW1zUER4YzVtMy9r?= =?utf-8?B?bWl5K0hjN3JQVXZjekJKVzdkWDVQeFk3NEl0am1UdGVhTWhTY2ZrUnBlMm5B?= =?utf-8?B?UEF2TkE3TlVLNTI0Y3c3akxnVmUxcjJJWkVYa3o3emhLWmNkdFA4SkpHUUlZ?= =?utf-8?B?NWtGTzNOU0pGL094VEFUaTBjamZDbWpTWDYycnBqdVdnMmVGK1g5U0xvN2hm?= =?utf-8?B?U00vci9lOUNCbjR5QW1NY3BrWUxoVlRwVC9JQkd5UDYzdSt3TDNDZGw5aEtP?= =?utf-8?B?b21ZY0FJYnd3Kzh0TEtrTHArZFlJdUtaNTA1MTlpbU5Pd0hlNml1UGErZ3FW?= =?utf-8?B?R1RWbDFHNWZ0SG16REREWUdzUU1QWlVUZlc5MnowRVFjV0RQdmw0bWowK1Nh?= =?utf-8?B?SlRLWm5MNXV6Y05RN3lUWDV6UnoyWDZORzBXWElTL2g0TXIyRUZsQkVmVTlj?= =?utf-8?B?V24xNktOMytJMVVGVEdQZ29yQ2M0TldGUHR0QnVPdmxCNmsxYnhWNE1VMEhx?= =?utf-8?B?Ulh6ZEpOVUloVjlvUmhxSS9Sak9JdVlhQmxQTDJjZGVkS0FpN2plUUpuK1lk?= =?utf-8?B?YkQ3TlFlUE01VUIzeU1LWDJkdytSRDU0dmNqNGlFcGtvWDMvWHVVVzFLVWVv?= =?utf-8?B?WmRqdTN1OE5XYVc2WVo2dGZjL2dMV1FWQ0dLNDN1WEthVERLa2gveFJZam5L?= =?utf-8?B?ZXhiMVlsTm9XdnZUMkc0bmpyeU1vTGdWbFREKzdzVld5dHF1ZVFuak82SlBF?= =?utf-8?B?NXhaTjFEMWF6VjhtWTlZa0phMlBKMEFJNTM5QUlBK3h2VThMaWVENEFnU09t?= =?utf-8?B?V01BVFBpc2dQemlFRWJYQkRmRmtHamtaRGxMSi8zOXQ4cGlUcTFJOTJIUklC?= =?utf-8?B?WWRySmVONlA2dmR3dmhaNWVLdGVCVTZvendCWmdMQVI1T0grTW4wMGhWMFRz?= =?utf-8?B?K242SnBYUEE3eWErT3J2RkQ1RnFDTkN1a2JScnFlNmYyVFFqSFRzUVlnZ3Bl?= =?utf-8?B?TlpSR2pzYVFlTHpqTUxGQmhsUzF5ZlgxVSt6S1lxQkNYeTVTb3hwZmU1cWla?= =?utf-8?B?b2hjUzFXMkxnYkRzMzNqREZtQ2dkWXoyT29wMENUMmQwWkZPc3YyU0VtRmFl?= =?utf-8?B?cUNvbFpFZjk0ZUk4MTJoQUw2SlZPQWN4aEhucVN3RDN5VkhnREVDQ251S2NK?= =?utf-8?B?RlBieEJTSGY1UG1XMXQrc29CWS9pUGxKTHNBUi81REZCeDBOZzEwYUM0bWNh?= =?utf-8?B?U043cDRFWE9QTnFqcE90UWVvRFdVbnVyUDI4UmRKTEZSTkdHeW1Wd2U3N1Jv?= =?utf-8?B?aDZVVnM5TWtIcmw1NzlFSWR1bEtaYjZJeEtVeHhMMnpWM2paanJMajBZcGpt?= =?utf-8?B?MUtVZnNBR3AvNHNoTU82aUc5a1lEc3hQdERPWC9FZjhQeXZQS2krYjcxMTcv?= =?utf-8?B?VGRUOTNTWVc5STNDdHgySitiWllCbWExTjZjVFFYaHRmYWxObGRLZEJVaE56?= =?utf-8?B?NE92bkh4dll0K0Nxd0lQeHBqajZ5R1d0VmtRVm53RlhiY05CSTIzWkpRVkdO?= =?utf-8?B?QUFYQVc0OEliNkZrODBYUnFZZEtadFdFUVpHajEvcVBsU3IvTWY1ODlXVmpS?= =?utf-8?B?VTV6dnlsSEduSnZjNFZWdXZJTlVQUnJUY29iTjAyRmQwUWp4MmdqNytleXZx?= =?utf-8?B?cTUrMGg0T2tOWGd4UXBmcDFkNXhyWlVpTWZGRjJyeE1MbHBuTk1sd3VndzVa?= =?utf-8?B?N0ZWTWlpYTdpcHI2NFZKMUJHVHNhM25pMzNwM0JKdTZURnNWUWZQUFQ5NU1P?= =?utf-8?B?QllYVUZDeGcvSU1VTlE5SmJYa3JIcnlzVENWY0pmT0d2MTluUmxtcDVFcEtt?= =?utf-8?B?UlhtVWF0U2FlWUN6RUtQd2NvUEpoYlFQN1ZMaXFlNVBDaThFWGNVTFFpN2Fw?= =?utf-8?B?bmdtOHJQbVRRPT0=?= X-Microsoft-Antispam-Message-Info: +EJjRrOuT6qZETSoCn2po3k6xRUMgUELHvfJ1yOJzdX5H2iKHvCj3lhN0qNkG9+/Plvq4ktsnC3bDygb9ffHH2bB7vv1+9fsZxxHlwwf9xR55NwS9FfNBxkoNzKFDq94ko2xghjHgMPqIFnhQsKIJU9aU5H4/x4Z9Wy+Rdv8rHbw7lBGLwy/Jt/B7MT4jam8 X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 6:BnzyAXaPhWOsiZp9KQaX7hhWCo8jafWfVueFzqrq7xkbDs9p1g+0Y2ehlo5dCPJqzfkWsqcPfYZUjBdYtaJsaT44uI2OQ3BtmC0HB4O8lSIcBoUpRHUOMmMrMzT48ZCJ7fFwTW5vWhccnirNhWtppkKUosdKfFxr+dH/3oMGWKCZ6GyaRFHqsNtZReZMQnoSjaaDGE9phigeuDfc5guIqC4787XQO46YcZxhkSXOYjbplhNi1oBOPVro+UCM0XDh+j1EM0WIgWm7Qqd2q5Fjmlv1/aS56q0SlgxhKFMA1uc1bxfagc0+JzoqKbrgI0Kscy0ojhdcjyA8B0essiVMzr45H20UQVndmBIQ79t+A45pkxZs9uPaG6qyslUplyKRvE7sD8h8w+ld1axp1OUocOi6qq6Zg+wjwrKgIkVKxGnFbmp5yC/doedqGwBxZQ8pO4iOa8fKoyj99Nq4ZiJfAw==; 5:uiQs8qvvrV26Ds1wanmIMVOfi8C0t6HI3tIb137g2YqypywNaMWwxh3wxBZ98lEu8T1lz7Us6GhjnlAbb0tBXFTlv13w9m/nIKj3WluFjhzoDwfTZy/RDdnveQD6Z3M51E89pjVQ4N+qQMqF0tHLV1xW2hoCPeCdjlo7p316sKE=; 24:iwTMeq3V2vdfTcgXTrR4DnbQWK8kJz/34eUPGfGKE5+H1ucneoswO8GEwcKJBzyirncejL8kzo4lJCf/fZfzvWbB84qZGs6jjq+SruuGgtY= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 7:w42R0bQHoQ0Ka3OpbViBkGv3Y8ZyXUFvqC6vt1rsv3DaE4h6b0oHcD7Ci/LrRQZ0AXxUWee2RIKlJp5W9tduFsblHIZkb/DEKgspEEWaroUMXqWFj30vkA8USX7hZPy4Oukkfq/XbQw4//yMfRzAXLxiRga90MISKOmUiKzRQBil+hmBzcmY5EVIoTrLRyPOPDQIvP/E7XBjsb0VrFggpya66JE8RlZ2EmcovcR/xB6wih7F7I19ErBqiCKumY+t; 20:uWIdWmaXmhIdgl6GXxo5jPfu4Kg3DLyevt1SXnk4o3le2bvcBgQG9KDAuJ4RvBzCe546ZE+5lL6jEgIwHEh3YSCNWEcru3RgutibUr8j9SnVLI4FhFtjhI5whgzDvfwsHOB3iV9jg84VbxPw4Aq+gakYgWe7eqUMJhRGKUviwistTKDTVZ5fCYnx3km2yWjWHqy6RpmlzvciyCtpYUSLYLx//8xGdebRyd+DdNI0V3QqSrXTOmQRRsokaro4dJcM X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2018 14:19:47.7679 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e97b10e5-5c98-4569-593b-08d598a4caa3 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0145 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 02 Apr 2018 14:19:54 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 02 Apr 2018 14:19:54 +0000 (UTC) for IP:'104.47.32.87' DOMAIN:'mail-sn1nam01on0087.outbound.protection.outlook.com' HELO:'NAM01-SN1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.011 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS) 104.47.32.87 mail-sn1nam01on0087.outbound.protection.outlook.com 104.47.32.87 mail-sn1nam01on0087.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.26 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Peter Krempa , Jon Grimm , Andrea Bolognani , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v5 03/10] conf: introduce launch-security element in domain X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 02 Apr 2018 14:20:05 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 The launch-security element can be used to define the security model to use when launching a domain. Currently we support 'sev'. When 'sev' is used, the VM will be launched with AMD SEV feature enabled. SEV feature supports running encrypted VM under the control of KVM. Encrypted VMs have their pages (code and data) secured such that only the guest itself has access to the unencrypted version. Each encrypted VM is associated with a unique encryption key; if its data is accessed to a different entity using a different key the encrypted guests data will be incorrectly decrypted, leading to unintelligible data. Reviewed-by: "Daniel P. Berrang=C3=A9" Signed-off-by: Brijesh Singh --- docs/formatdomain.html.in | 120 ++++++++++++++++++++++++++++++++++++++= ++++ docs/schemas/domaincommon.rng | 39 ++++++++++++++ src/conf/domain_conf.c | 110 ++++++++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 26 +++++++++ 4 files changed, 295 insertions(+) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 82e7d7c..2a6bed7 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -8200,6 +8200,126 @@ qemu-kvm -net nic,model=3D? /dev/null =20

Note: DEA/TDEA is synonymous with DES/TDES.

=20 +

Secure Encrypted Virtualization (SEV)

+ +

+ The contents of the <launch-security type=3D'sev'> element + is used to provide the guest owners input used for creating an encr= ypted + VM using the AMD SEV feature. + + SEV is an extension to the AMD-V architecture which supports running + encrypted virtual machine (VMs) under the control of KVM. Encrypted + VMs have their pages (code and data) secured such that only the gue= st + itself has access to the unencrypted version. Each encrypted VM is + associated with a unique encryption key; if its data is accessed to= a + different entity using a different key the encrypted guests data wi= ll + be incorrectly decrypted, leading to unintelligible data. + + For more information see various input parameters and its format se= e SEV API spec + https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specifi= cation.pdf + Since 4.2.0 +

+ 
+<domain>
+  ...
+  <launch-security type=3D'sev'>
+    <policy> 0 </policy>
+    <cbitpos> 47 </cbitpos>
+    <reduced-phys-bits> 5 </reduced-phys-bits>
+    <session> ... </session>
+    <dh-cert> ... </dh>
+  </sev>
+  ...
+</domain>
+
+ +

+ A least cbitpos and reduced-phys-bits must be + nested within the launch-security element. +

+
+
cbitpos
+
The cbitpos element provides the C-bit (aka encrypt= ion bit) + location in guest page table entry. The value of cbitpos is + hypervisor dependent and can be obtained through the sev element + from domaincapabilities. +
+
reduced-phys-bits
+
The reduced-phys-bits element provides the physical + address bit reducation. Similar to cbitpos the value of= + reduced-phys-bit is hypervisor dependent and can be obtained + through the sev element from domaincapabilities. +
+
policy
+
The optional policy element provides the guest poli= cy + which must be maintained by the SEV firmware. This policy is enforce= d by + the firmware and restricts what configuration and operational comman= ds + can be performed on this guest by the hypervisor. The guest policy + provided during guest launch is bound to the guest and cannot be cha= nged + throughout the lifetime of the guest. The policy is also transmitted + during snapshot and migration flows and enforced on the destination = platform. + + The guest policy is a 4-byte structure with the fields shown in Tabl= e: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Bit(s) Description
0 Debugging of the guest is disallowed when set
1 Sharing keys with other guests is disallowed when set
2 SEV-ES is required when set
3 Sending the guest to another platform is disallowed when se= t
4 The guest must not be transmitted to another platform that = is + not in the domain when set.
5 The guest must not be transmitted to another platform that = is + not SEV capable when set.
15:6 reserved
16:32 The guest must not be transmitted to another platform with a + lower firmware version.
+ Default value is 0x1 + +
+
dh-cert
+
The optional dh-cert element provides the guest own= ers public + Diffie-Hellman (DH) key. The key is used to negotiate a master secret + key between the SEV firmware and guest owner. This master secret key= is + then used to establish a trusted channel between SEV firmware and gu= est + owner. The value must be encoded in base64. +
+
session
+
The optional session element provides the guest own= ers + session blob defined in SEV API spec. The value must be encoded in b= ase64. + + See SEV spec LAUNCH_START section for session blob format. +
+
+

Example configs

=20

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index a72c919..6a0e129 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -77,6 +77,9 @@ + + + @@ -436,6 +439,42 @@ =20 + + + + sev + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +