From nobody Sat Feb 7 08:22:59 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 152830748231576.98837824202917; Wed, 6 Jun 2018 10:51:22 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5953681121; Wed, 6 Jun 2018 17:51:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E91D45D6A3; Wed, 6 Jun 2018 17:51:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 82EDB4CA83; Wed, 6 Jun 2018 17:51:19 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w56Hp6g3016164 for ; Wed, 6 Jun 2018 13:51:06 -0400 Received: by smtp.corp.redhat.com (Postfix) id CEAA5600CC; Wed, 6 Jun 2018 17:51:06 +0000 (UTC) Received: from mx1.redhat.com (ext-mx09.extmail.prod.ext.phx2.redhat.com [10.5.110.38]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BDFB26012A for ; Wed, 6 Jun 2018 17:51:03 +0000 (UTC) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0063.outbound.protection.outlook.com [104.47.42.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3272B1A9E5F for ; Wed, 6 Jun 2018 17:51:02 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by DM5PR12MB2456.namprd12.prod.outlook.com (2603:10b6:4:b4::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.820.15; Wed, 6 Jun 2018 17:50:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aMRsZ7TzZw+S41DTStzGtHZmf1NmxHgiAOZ50qZmI6k=; b=rnLfFDt7wui6C2K5nEzNVoYZE0+tq8mDqUtEnPm0CSRSpU0vhNmixwmD5iGzHIKeRPOa/ccfeASysubgbAWovu26FEnBwdbWfg8xjOXX9TEGgQkbkPNdy+ucpeOx/PAYlaF8NdWbNMtS0DT5fDBni5678hJUUeimUlxCWYpCNVU= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Wed, 6 Jun 2018 12:50:14 -0500 Message-Id: <20180606175017.104019-9-brijesh.singh@amd.com> In-Reply-To: <20180606175017.104019-1-brijesh.singh@amd.com> References: <20180606175017.104019-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0201CA0014.namprd02.prod.outlook.com (2603:10b6:803:2b::24) To DM5PR12MB2456.namprd12.prod.outlook.com (2603:10b6:4:b4::37) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM5PR12MB2456; X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB2456; 3:ozA687O8nL2Tq8A7d4Km+GldsTGqYvCM07R9UZfitaWnHEUnyPRYGNoQ9NsqxVhwfFnujLwwkGrQzEgq5XDfpf7IFLowpuG14klETrZ3bdsWflR0/bMuFPYSVP/iS5bGVrhDc4BlOApMa3vHNCgIA788Sj6kX7XKKPu0pATWEybSdYvbOpWyr6rMIsWkbf7Ed1P9qr5jaIGyvzXhBmPXFxPl3heXBkBs7+SgEEG58IVgn9jEJfwqsaWd2pMcekbd; 25:G7ROI6u/0Ll0fdDG81BRXw/PslSwqIxTTEATp4Ykfw6wb1VoFys11VOI7keuMudaoWOk69OQfq7SE47/sxzGntj6WITn4R7JDSdiy7E1k88NuGys/pRikY+xjrXNkeXbmXPwFXpWyvsdquAPMx09XADpkM2/Aj/AvRdtdU5cTkXKqSesugWklDJBrZiXCp2jv7U2uOLjEinwpXwGoABM6vLYxVR34p7F3G6pjDl8uoiKXEJ+J80o1wml1wsN35fTyQ6kJRUE5KyasGFTqikxLpLJX9zaTtjn5XW43zxr6o4mdWB+VrZv7tAwDlS96Wn4wCNSGWvKZL2T7fQ0ONAhKw==; 31:odz+2AsiAusk8h3GCRoqymAmHe4ojHF6ygKviBaiLhJwAf2Ya/vHmEJYQ+821Iu1QEbm1iNSwZsuJHhf59xMm+xGCopiPvARtplJa0YySbut3oaX+aPJCAzxeyTvOZbcl5fZCy5lA6GHenxjPad+oDRwd/tSdOkWgPj97I8Dt8v0we6YDjEDe05p0HNuu6J/fmVfwcW7ex6OVduZSBAlBVbZL6lMAeSulET6M3Z4tTk= X-MS-TrafficTypeDiagnostic: DM5PR12MB2456: X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB2456; 20:wCe9z+FxaYwOexoFuWZt24WCPbXFPkNsDrcxLVcuf7pT3Yqdm3rN3uwfX19RiV2tWQVStMakcZwfZ35NZ0GJOxPmQHLDtETLQSVwNPFcbbePNqw5PSKKaaquYtX/Hdp7Q2dbVrrxLivLvp5ZWvIErcbgFjvw0yfWysauG7YsEeGc1uYECD6du0eqd3nB80KR76XVv91Zyc2PPiktpYZQcfFwo/sy0Q8JEeM8A5cMaMhCz1CipcuXGIzFwVeIjBQKP3FVm6JYNivCF4HkWZmYSy46fEDlXBFlHgH0l1sgJ/WQnkTqkt3eiKoql3tGuqRdtyIWWSXK6tJys+w9wfNE+N3ua0V51KMZj4A4gC6bf0oYsOS9n+fvuyutRaKaILc7h9K43OIGoNTuTRU5Ys1v0jQtOeT6nnvvz4KsWhYAXMd8Ezn46+tQuziPWo9n8U1UP6j7+z0V1XTQyc21VQJ/POCvZW0VMvn7fnwzkMeTQa2+Ne6Yvm/pS7fJFQtGzgaO; 4:nb7IVkqCoX0SgBUH+XoMlQvOWdYq+e0o+wnXgZQFaJwPfKCmU6cQxznVwHL8HgmE/I47ZTMeG0iHczpfUm3SDdnlQIa60IHChZoXYvOYcrPMlB1JvHAUleRfn/kZEIoxnPwGiAwbuk8ccKxAt5CL3eWzAByYYX3V21SUftxudiWgTKM637IA2n1cqGW5wuKxqpcX8zD/cvmulG6fi9YjjFrWI1YKg328C29C4NxzNBggZaLtZQKIPUzVILXCy6hEmBGH0TrcbyTq+UcjRh/pQ9s85CSQoAgdrwFB+E+RM0+BuxnGvk9YMEyegCtc8B/g X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:DM5PR12MB2456; BCL:0; PCL:0; RULEID:; SRVR:DM5PR12MB2456; X-Forefront-PRVS: 06952FC175 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(366004)(346002)(376002)(39860400002)(39380400002)(396003)(199004)(189003)(2906002)(2351001)(305945005)(6116002)(3846002)(7736002)(59450400001)(1076002)(2361001)(7696005)(50226002)(8936002)(52116002)(51416003)(76176011)(5660300001)(48376002)(81156014)(8676002)(36756003)(81166006)(4326008)(386003)(53416004)(53936002)(26005)(106356001)(105586002)(186003)(97736004)(16526019)(50466002)(316002)(16586007)(54906003)(25786009)(47776003)(66066001)(68736007)(86362001)(6486002)(575784001)(6916009)(6666003)(956004)(476003)(11346002)(2616005)(44832011)(486006)(446003)(478600001)(44824005); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR12MB2456; H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR12MB2456; 23:2z/Cv0xeA+t0SrXgp0H8fp3yEyMMkEgGfRjOYYgZg?= =?us-ascii?Q?qRxT/B/UMuTNeIHdYMZuSm29O0dCKxrjutyzZTXVBktx0YlVpPrrLE2lLvAp?= =?us-ascii?Q?ySXSnZVq0tKqeFCUDyTVtSbr2ajtTYeKo7Y+DYhPj/i6LCvUcEV9dHAxyZ0p?= =?us-ascii?Q?ozwN3ooyNgZy790ou/4g7GfZ13In2gWXxoSnlLHcFCeXqgQJpvv0MKR3+Y+R?= =?us-ascii?Q?cfY+q/fxjRP3y1QJPBybvT3GdoX9TjkOBdW9gZ/Pam3C2sjoGTOS5xuQcSXv?= =?us-ascii?Q?q3Dgsb2nW5z/2RxsLwh1vDVTyZgv8Z58V1wDNNUd0lNUxg/ICnmk6idRfosT?= =?us-ascii?Q?5Y41+2RuuWfatloMoY3zWr1ZkKFg5mvyRsT49B1I2GNsoOZBq5CAAkEbhxRI?= =?us-ascii?Q?a9sEX7ZXEbF1gIsR9CONWX19Rcm9NoDaMmLVzPI+mbfGGkUAHvmGXbZBM1Fi?= =?us-ascii?Q?xqCUAKam11b/I32rYcFRzWKnDvGj6MxpDTUfudzLh6rKtrcCcPd0tqyebTc9?= =?us-ascii?Q?EBg763ZI0qkTeOjYxvsQJbj5FGX1So0vdfl6vzEbrvEyu5f/0PsPeJ5jyzP5?= =?us-ascii?Q?ZwmzCDbm/EXcfY6RtmMrSukJrNmzzoEKk/DVQwWxqYST1YhJJFJUeXuemmQh?= =?us-ascii?Q?gBLxGTenHD2DNRSQd3wvjelwmga+YeES48PcAs3eghZ6GqA5kCkM1ZMmUivw?= =?us-ascii?Q?GANLn5jmXfxjGCeTECi7wVtFA0hEaM6PRZ46DkFjsRvDCdcv4bK68lPeBSHl?= =?us-ascii?Q?sL/3G1kL/UMSYaHwfvIBBKaFN3nuRvDtdXAHhs4PGlTS6CRZn5oSdbHFXhA/?= =?us-ascii?Q?pF6I1Nkjc7y51pO7mr9G03COB8wdNVsO+2HD9S7PntfjidRqv4EFv0oAb17J?= =?us-ascii?Q?8RPP8/Y+Zizib3rcu3ki/rxTX7eiHD9BQBPXTgJv/YxBXJ+2Ioh3E9BUsUdH?= =?us-ascii?Q?NRhRKvpwlRLUeVJbxseh761mMaMrnAa0zsOFaevpzG/93aLUOU6eJvDB4+Xv?= =?us-ascii?Q?BlWYmtEek4w+4W0i5b3pyUNKNXjvQRBhK/7PIQ2zBs+raCsaUKolckUBGjnd?= =?us-ascii?Q?5IePoxqZGY87c2CqdtTDpAFrwLitMCSF+wmCCnzUA73eDNpY/GhwV8TkbcHs?= =?us-ascii?Q?7Nm+1gGidOBAp4TyJ/luzpzymHYn/hheKipLzIGdIS0nNX2Ukh3QYcJE0HBn?= =?us-ascii?Q?k2VDxrqNYcJuLD+56EU5xAD39WHDPThztnhyau3W2wQHdHNIOV3MQ4PCWF1y?= =?us-ascii?Q?GTf+aHByRoqtDDM1bj3xTzToA8HPLp2V+vov993ggEoOJuvsS0DuXZigjXpk?= =?us-ascii?Q?YS9GcotAcOmSIj12LAJsy9Ix9dISlsZnCdSvMMGPgZQz0kAwGzuEKo8KbR04?= =?us-ascii?Q?9dVNQ=3D=3D?= X-Microsoft-Antispam-Message-Info: OdbLWJnakRGFvCLzwY+yTlruuXKuJU8x9q69dlYlPiT5L/M28Q4jv7FMpIaRP3CPGiVK+dMrAX+603r/c2jIE16ZkcFI+ByS+fLTAh06xkDNmZDh55zMaOQbHLmtxT9tFAVDuDV9dsYzCwrMiy4tCrILw9vd8bmq42HSTs3lha3/zrXcpTuJvEnVIlzj8OPN X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB2456; 6:f99F9uBcggXegZlB708GxZnM6oIWL1YeuoEpaaLDJH6ueLPgHUwdB1sNdm3SFfZHtoOd+kZtVbdciYSpyJLY6Y9UQFv/8BE/dH7hQu/mAV5kBZilsxAP5H0hXSy82ju9eshWRIynqi4sFw3s8YR67MHvUaCtx4GTmw/LxPdwOMWMiR6D32qkU+1GUTOunFY5yxKSDx2qrX0zYWIUn8HU0UOxuRmWAtKUIjEdxxBN9Gi8d81BDHXlPq/OqIwqVvNDvwQCajMQL3RhxW8WxR4J+R5wboXZ6qiFwthDOJ8Co1CfwGUoSW+nDYnbqKf+chH+E83fn6e34kX/dfzl2zOhbguu6s6qW/UW9tfx6sZhpkfnPJKQgsarKFZT5F9H8UhmuzRZFxstzyJppSyE27hKkHLVp55A9p/uUEUAteXc3OkHJrZcCU4P02QHPe2H31cWoPh9aIf5z8T/AfEQ68iEeg==; 5:fFrBTU7wv3goTOGh7us5GH04WmijGyVKJJ/rKqBUXhkykms3Y/xd1UW/17UTdxuTxk+13Is60YB2gVzhBKhS30BEPndwuzL52s7UK06okPcG7sbImr/omUoo6fZhJrV2r6OcvxN4sLIOsPZWiQE+DVXU1EwkJe6H5Zj7I4WNNpE=; 24:jLUhp78uWGVzMDkUCCNyP/vMhrwFXAObMBByEkV20yscvZLJ9wGBfV/Qk2kx50UjMW/x/cG0BW5w2A4emANY8OyqI0NGEXI375DDz4ilcrc= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB2456; 7:zyFTOZWf1J7CL7j7KlmVTbied96K7xzg14uMMZ8uLMXD7s1Hrx/XIOEs+E9bNbH9WPBBmqFQ9ShZRicpLgRjZipvU7YGbU5hJeRtYl56tbsUpmqrVtVoB+BbeKk/pjlmuTsK9Z+Aeq7bEZUBuusMFa8Mc+bdzB32X4RWyUuWUwiIZLUhWeHB3R9C39eV4oubzJXMHStXG7TeSYgneB6kJECOusMBt+W5a/17HTYrOhI6qQTjXMrJovbsXB7Fd3SM; 20:nHmqbXhzYEcX1F83DqqfbzTdC3h13vgYt17BccQ68CkeQoD3G5iwsjKB/080zowGydpGs8p+6jZrYbr8zPDAZt06YWfxYayya/oef0k9aM8Ey4Zp5UaZXkhYnyPmi2AiX7a5svngv98J/rbpidOYGnVDBllgaYsN1fbVYKU6rVPSnfSkauY7TiSc5ynjJIy6RHs6CYAFdceazr4zq2jI7N3ylkYDVJgKdg11oSBqgrYQKAoWmp9g+3inzu7a9fu8 X-MS-Office365-Filtering-Correlation-Id: 79cc34d0-8162-4d63-2443-08d5cbd60d10 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jun 2018 17:50:54.1644 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 79cc34d0-8162-4d63-2443-08d5cbd60d10 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB2456 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Wed, 06 Jun 2018 17:51:02 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Wed, 06 Jun 2018 17:51:02 +0000 (UTC) for IP:'104.47.42.63' DOMAIN:'mail-by2nam03on0063.outbound.protection.outlook.com' HELO:'NAM03-BY2-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.021 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.42.63 mail-by2nam03on0063.outbound.protection.outlook.com 104.47.42.63 mail-by2nam03on0063.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.38 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Jon Grimm , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v8 08/11] qemu: add support to launch SEV guest X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 06 Jun 2018 17:51:21 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" QEMU >=3D 2.12 provides 'sev-guest' object which is used to launch encrypted VMs on AMD platform using SEV feature. The various inputs required to launch SEV guest is provided through the tag. A typical SEV guest launch command line looks like this: # $QEMU ...\ -object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D5 ...\ -machine memory-encryption=3Dsev0 \ Signed-off-by: Brijesh Singh Reviewed-by: Erik Skultety --- src/qemu/qemu_command.c | 41 ++++++++++++++++ src/qemu/qemu_process.c | 62 +++++++++++++++++++++= ++++ tests/qemuxml2argvdata/launch-security-sev.args | 29 ++++++++++++ tests/qemuxml2argvdata/launch-security-sev.xml | 37 +++++++++++++++ tests/qemuxml2argvtest.c | 4 ++ 5 files changed, 173 insertions(+) create mode 100644 tests/qemuxml2argvdata/launch-security-sev.args create mode 100644 tests/qemuxml2argvdata/launch-security-sev.xml diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 1324c67..6ffdf63 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7295,6 +7295,9 @@ qemuBuildMachineCommandLine(virCommandPtr cmd, virQEMUCapsGet(qemuCaps, QEMU_CAPS_LOADPARM)) qemuAppendLoadparmMachineParm(&buf, def); =20 + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev) + virBufferAddLit(&buf, ",memory-encryption=3Dsev0"); + virCommandAddArgBuffer(cmd, &buf); =20 ret =3D 0; @@ -9651,6 +9654,41 @@ qemuBuildTPMCommandLine(virCommandPtr cmd, return 0; } =20 +static int +qemuBuildSevCommandLine(virDomainObjPtr vm, virCommandPtr cmd, + virDomainSevDefPtr sev) +{ + virBuffer obj =3D VIR_BUFFER_INITIALIZER; + qemuDomainObjPrivatePtr priv =3D vm->privateData; + char *path =3D NULL; + + if (!sev) + return 0; + + VIR_DEBUG("policy=3D0x%x cbitpos=3D%d reduced_phys_bits=3D%d", + sev->policy, sev->cbitpos, sev->reduced_phys_bits); + + virBufferAsprintf(&obj, "sev-guest,id=3Dsev0,cbitpos=3D%d", sev->cbitp= os); + virBufferAsprintf(&obj, ",reduced-phys-bits=3D%d", sev->reduced_phys_b= its); + virBufferAsprintf(&obj, ",policy=3D0x%x", sev->policy); + + if (sev->dh_cert) { + if (virAsprintf(&path, "%s/dh_cert.base64", priv->libDir) < 0) + return -1; + virBufferAsprintf(&obj, ",dh-cert-file=3D%s", path); + VIR_FREE(path); + } + + if (sev->session) { + if (virAsprintf(&path, "%s/session.base64", priv->libDir) < 0) + return -1; + virBufferAsprintf(&obj, ",session-file=3D%s", path); + VIR_FREE(path); + } + + virCommandAddArgList(cmd, "-object", virBufferContentAndReset(&obj), N= ULL); + return 0; +} =20 static int qemuBuildVMCoreInfoCommandLine(virCommandPtr cmd, @@ -10245,6 +10283,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildVMCoreInfoCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 + if (qemuBuildSevCommandLine(vm, cmd, def->sev) < 0) + goto error; + if (snapshot) virCommandAddArgList(cmd, "-loadvm", snapshot->def->name, NULL); =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 9eb3ea0..5783627 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -5825,6 +5825,65 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver, =20 =20 static int +qemuBuildSevCreateFile(const char *configDir, + const char *name, + const char *data) +{ + char *configFile; + + if (!(configFile =3D virFileBuildPath(configDir, name, ".base64"))) + return -1; + + if (virFileRewriteStr(configFile, S_IRUSR | S_IWUSR, data) < 0) { + virReportSystemError(errno, _("failed to write data to config '%s'= "), + configFile); + goto error; + } + + VIR_FREE(configFile); + return 0; + + error: + VIR_FREE(configFile); + return -1; +} + + +static int +qemuProcessPrepareSevGuestInput(virDomainObjPtr vm) +{ + qemuDomainObjPrivatePtr priv =3D vm->privateData; + virDomainDefPtr def =3D vm->def; + virQEMUCapsPtr qemuCaps =3D priv->qemuCaps; + virDomainSevDefPtr sev =3D def->sev; + + if (!sev) + return 0; + + VIR_DEBUG("Prepare SEV guest"); + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Domain %s asked for 'sev' launch but this " + "QEMU does not support SEV feature"), vm->def->n= ame); + return -1; + } + + if (sev->dh_cert) { + if (qemuBuildSevCreateFile(priv->libDir, "dh_cert", sev->dh_cert) = < 0) + return -1; + } + + if (sev->session) { + if (qemuBuildSevCreateFile(priv->libDir, "session", sev->session) = < 0) + return -1; + } + + return 0; +} + + +static int qemuProcessPrepareHostStorage(virQEMUDriverPtr driver, virDomainObjPtr vm, unsigned int flags) @@ -5982,6 +6041,9 @@ qemuProcessPrepareHost(virQEMUDriverPtr driver, if (qemuProcessPrepareHostStorage(driver, vm, flags) < 0) goto cleanup; =20 + if (qemuProcessPrepareSevGuestInput(vm) < 0) + goto cleanup; + ret =3D 0; cleanup: virObjectUnref(cfg); diff --git a/tests/qemuxml2argvdata/launch-security-sev.args b/tests/qemuxm= l2argvdata/launch-security-sev.args new file mode 100644 index 0000000..db0be1a --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev.args @@ -0,0 +1,29 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name QEMUGuest1 \ +-S \ +-machine pc-1.0,accel=3Dkvm,usb=3Doff,dump-guest-core=3Doff,memory-encrypt= ion=3Dsev0 \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest1/moni= tor.sock,\ +server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-no-acpi \ +-boot c \ +-usb \ +-drive file=3D/dev/HostVG/QEMUGuest1,format=3Draw,if=3Dnone,id=3Ddrive-ide= 0-0-0 \ +-device ide-drive,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-= 0 \ +-object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D1,policy=3D0x= 1,\ +dh-cert-file=3D/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\ +session-file=3D/tmp/lib/domain--1-QEMUGuest1/session.base64 diff --git a/tests/qemuxml2argvdata/launch-security-sev.xml b/tests/qemuxml= 2argvdata/launch-security-sev.xml new file mode 100644 index 0000000..5ae83f6 --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev.xml @@ -0,0 +1,37 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + +
+ + + + + + + + + + 47 + 1 + 0x0001 + AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA + IHAVENOIDEABUTJUSTPROVIDINGASTRING + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 2092b8e..9586200 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -2862,6 +2862,10 @@ mymain(void) DO_TEST_CAPS_LATEST("vhost-vsock"); DO_TEST_CAPS_LATEST("vhost-vsock-auto"); =20 + DO_TEST("launch-security-sev", + QEMU_CAPS_KVM, + QEMU_CAPS_SEV_GUEST); + if (getenv("LIBVIRT_SKIP_CLEANUP") =3D=3D NULL) virFileDeleteTree(fakerootdir); =20 --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list