From nobody Wed Mar 12 17:32:12 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1741092239364543.9075700095096;
 Tue, 4 Mar 2025 04:43:59 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 385DD1353; Tue,  4 Mar 2025 07:43:58 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id CA9921452;
	Tue,  4 Mar 2025 07:39:26 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 5348713D5; Tue,  4 Mar 2025 07:39:22 -0500 (EST)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 8832E14BA
	for <devel@lists.libvirt.org>; Tue,  4 Mar 2025 07:39:07 -0500 (EST)
Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-652-6mhdS3B8OkWyy0oVgdRXkQ-1; Tue,
 04 Mar 2025 07:38:50 -0500
Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id DF450193585F
	for <devel@lists.libvirt.org>; Tue,  4 Mar 2025 12:38:49 +0000 (UTC)
Received: from speedmetal.lan (unknown [10.44.22.15])
	by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 1B4A219560AB
	for <devel@lists.libvirt.org>; Tue,  4 Mar 2025 12:38:48 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1741091947;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=4bb1yA2ACCKMnAXDQQiQxTlr4FRZXLE3NKZ7h2xIIWo=;
	b=Y8c01X1HZP5SgyUiW+QhMLa4SJWZ+48MmEG0OZyoQ+3pDK5pCyxF0yPif5ijYdn5ymhzbP
	/JZQ8QJnO/GXAIHxgLot+OApRGvZb1P/Qf9TZFEdYt0UV0pcds8WZ020Z9oFfZsPwUu/6t
	5kXc0R26arv0mcwNx3szkMrj6vFqlYA=
X-MC-Unique: 6mhdS3B8OkWyy0oVgdRXkQ-1
X-Mimecast-MFC-AGG-ID: 6mhdS3B8OkWyy0oVgdRXkQ_1741091930
From: Peter Krempa <pkrempa@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH 7/8] qemuxmlconftest: Add 'latest' version of
 'launch-security-sev*' originally using 6.0.0
Date: Tue,  4 Mar 2025 13:38:32 +0100
Message-ID: 
 <06c1070232087d86f712b1e48b422a84cc35fb75.1741091571.git.pkrempa@redhat.com>
In-Reply-To: <cover.1741091571.git.pkrempa@redhat.com>
References: <cover.1741091571.git.pkrempa@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: cxGelORTOnf6S13ky5PsU_6o6t6sABy9_FVpXyyvQFs_1741091930
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: UY2VUL6RXMEQHQC3XOUNWXAAZP6M7MUI
X-Message-ID-Hash: UY2VUL6RXMEQHQC3XOUNWXAAZP6M7MUI
X-MailFrom: pkrempa@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/UY2VUL6RXMEQHQC3XOUNWXAAZP6M7MUI/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1741092241625019100
Content-Type: text/plain; charset="utf-8"

The 'launch-security-sev' and
'launch-security-sev-missing-platform-info' tests run agains the
qemu-6.0.0 caps which were manually doctored to support SEV.

Since we now have the '+amdsev' variant dumped from a more modern qemu
add another invocation of the tests.

The only relevant difference in the output data is 'cbitpos' being '51'
on the new platform, for the test case which explicitly doesn't
configure it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 ...ng-platform-info.x86_64-latest+amdsev.args | 35 +++++++++++++++
 ...ing-platform-info.x86_64-latest+amdsev.xml | 43 ++++++++++++++++++
 ...nch-security-sev.x86_64-latest+amdsev.args | 35 +++++++++++++++
 ...unch-security-sev.x86_64-latest+amdsev.xml | 45 +++++++++++++++++++
 tests/qemuxmlconftest.c                       |  9 ++++
 5 files changed, 167 insertions(+)
 create mode 100644 tests/qemuxmlconfdata/launch-security-sev-missing-platf=
orm-info.x86_64-latest+amdsev.args
 create mode 100644 tests/qemuxmlconfdata/launch-security-sev-missing-platf=
orm-info.x86_64-latest+amdsev.xml
 create mode 100644 tests/qemuxmlconfdata/launch-security-sev.x86_64-latest=
+amdsev.args
 create mode 100644 tests/qemuxmlconfdata/launch-security-sev.x86_64-latest=
+amdsev.xml

diff --git a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-inf=
o.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/launch-security-sev-mis=
sing-platform-info.x86_64-latest+amdsev.args
new file mode 100644
index 0000000000..cbbda6345f
--- /dev/null
+++ b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_6=
4-latest+amdsev.args
@@ -0,0 +1,35 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/var/lib/libvirt/qemu/domain--1-QEMUGuest1 \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=3D/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=3D/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3DQEMUGuest1,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/va=
r/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
+-machine pc,usb=3Doff,dump-guest-core=3Doff,memory-backend=3Dpc.ram,confid=
ential-guest-support=3Dlsec0,acpi=3Doff \
+-accel kvm \
+-cpu qemu64 \
+-m size=3D219136k \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}'=
 \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-boot strict=3Don \
+-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0=
x2"}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","no=
de-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-stor=
age","id":"ide0-0-0","bootindex":1}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":51,"reduced-phys-b=
its":1,"policy":1,"dh-cert-file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest=
1/dh_cert.base64","session-file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest=
1/session.base64"}' \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxmlconfdata/launch-security-sev-missing-platform-inf=
o.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/launch-security-sev-miss=
ing-platform-info.x86_64-latest+amdsev.xml
new file mode 100644
index 0000000000..6a0048aeae
--- /dev/null
+++ b/tests/qemuxmlconfdata/launch-security-sev-missing-platform-info.x86_6=
4-latest+amdsev.xml
@@ -0,0 +1,43 @@
+<domain type=3D'kvm'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit=3D'KiB'>219100</memory>
+  <currentMemory unit=3D'KiB'>219100</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
+    <model fallback=3D'forbid'>qemu64</model>
+  </cpu>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'block' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source dev=3D'/dev/HostVG/QEMUGuest1'/>
+      <target dev=3D'hda' bus=3D'ide'/>
+      <address type=3D'drive' controller=3D'0' bus=3D'0' target=3D'0' unit=
=3D'0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0' model=3D'piix3-uhci'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'ide' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x1'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+  <launchSecurity type=3D'sev'>
+    <policy>0x0001</policy>
+    <dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCer=
t>
+    <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
+  </launchSecurity>
+</domain>
diff --git a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev=
.args b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args
new file mode 100644
index 0000000000..a71b08e4da
--- /dev/null
+++ b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.args
@@ -0,0 +1,35 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/var/lib/libvirt/qemu/domain--1-QEMUGuest1 \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=3D/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=3D/var/lib/libvirt/qemu/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3DQEMUGuest1,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/va=
r/lib/libvirt/qemu/domain--1-QEMUGuest1/master-key.aes"}' \
+-machine pc,usb=3Doff,dump-guest-core=3Doff,memory-backend=3Dpc.ram,confid=
ential-guest-support=3Dlsec0,acpi=3Doff \
+-accel kvm \
+-cpu qemu64 \
+-m size=3D219136k \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}'=
 \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-boot strict=3Don \
+-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0=
x2"}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","no=
de-name":"libvirt-1-storage","read-only":false}' \
+-device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-stor=
age","id":"ide0-0-0","bootindex":1}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":47,"reduced-phys-b=
its":1,"policy":1,"dh-cert-file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest=
1/dh_cert.base64","session-file":"/var/lib/libvirt/qemu/domain--1-QEMUGuest=
1/session.base64"}' \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev=
.xml b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml
new file mode 100644
index 0000000000..a3ee54ed44
--- /dev/null
+++ b/tests/qemuxmlconfdata/launch-security-sev.x86_64-latest+amdsev.xml
@@ -0,0 +1,45 @@
+<domain type=3D'kvm'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit=3D'KiB'>219100</memory>
+  <currentMemory unit=3D'KiB'>219100</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
+    <model fallback=3D'forbid'>qemu64</model>
+  </cpu>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'block' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source dev=3D'/dev/HostVG/QEMUGuest1'/>
+      <target dev=3D'hda' bus=3D'ide'/>
+      <address type=3D'drive' controller=3D'0' bus=3D'0' target=3D'0' unit=
=3D'0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0' model=3D'piix3-uhci'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'ide' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x1'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+  <launchSecurity type=3D'sev'>
+    <cbitpos>47</cbitpos>
+    <reducedPhysBits>1</reducedPhysBits>
+    <policy>0x0001</policy>
+    <dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCer=
t>
+    <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
+  </launchSecurity>
+</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 84eea4967a..9b9733e4dd 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2876,8 +2876,17 @@ mymain(void)
     DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw-auto", "s390x");
     DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw-iommu", "s390x");

+    /* The 'caps_6.0.0_x86_64' test data was doctored to add SEV support p=
rior
+     * to the time when capability variants existed */
     DO_TEST_CAPS_VER("launch-security-sev", "6.0.0");
+    DO_TEST_CAPS_ARCH_LATEST_FULL("launch-security-sev", "x86_64",
+                                  ARG_CAPS_VARIANT, "+amdsev", ARG_END);
+
     DO_TEST_CAPS_VER("launch-security-sev-missing-platform-info", "6.0.0");
+    DO_TEST_CAPS_ARCH_LATEST_FULL("launch-security-sev-missing-platform-in=
fo", "x86_64",
+                                  ARG_CAPS_VARIANT, "+amdsev", ARG_END);
+
+
     DO_TEST_CAPS_ARCH_LATEST_FULL("launch-security-sev-direct",
                                   "x86_64",
                                   ARG_QEMU_CAPS,
--=20
2.48.1