From nobody Tue Feb 10 03:57:36 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1528468945705563.7824254748308; Fri, 8 Jun 2018 07:42:25 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 38593883AE; Fri, 8 Jun 2018 14:42:24 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E04A160851; Fri, 8 Jun 2018 14:42:23 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8DAE3180BA84; Fri, 8 Jun 2018 14:42:23 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w58EfgGf026288 for ; Fri, 8 Jun 2018 10:41:42 -0400 Received: by smtp.corp.redhat.com (Postfix) id 41B1826E5C; Fri, 8 Jun 2018 14:41:42 +0000 (UTC) Received: from mx1.redhat.com (ext-mx12.extmail.prod.ext.phx2.redhat.com [10.5.110.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 32F3C2A188 for ; Fri, 8 Jun 2018 14:41:42 +0000 (UTC) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0052.outbound.protection.outlook.com [104.47.40.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EA249308A945 for ; Fri, 8 Jun 2018 14:41:40 +0000 (UTC) Received: from localhost-010236106000.amd.com (165.204.78.1) by SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.841.13; Fri, 8 Jun 2018 14:41:31 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uoNKoA/fKPx2YoI1nMH1z55fbPQAFgXmxfoNrvJL+vc=; b=qchHbh1Tfu4mTS+CdtVgeO67BqzHAKF24V6p+jP9mNs1cHAuoRs/zP31SkAe+KENLFmERTBfkm2UHsuiAKYVCPaBbMrTbXoKp1yJu6TfFT9cEwGgLXd/YIPHVE7QCq2GQ6m12b1Zi3Qaa9B0MPhndNtso76LsPkOuuJIsrPdCnA= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Fri, 8 Jun 2018 09:40:58 -0500 Message-Id: <20180608144101.34228-9-brijesh.singh@amd.com> In-Reply-To: <20180608144101.34228-1-brijesh.singh@amd.com> References: <20180608144101.34228-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0133.namprd05.prod.outlook.com (2603:10b6:803:2c::11) To SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN1PR12MB2461; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 3:Myqnj80svKzrvP9M9Uo3l+9cN10ICSM8Crk7I8Be73KrrRN37tfOmcsJewC1eiklL7t3+zuMG9JWBe4EsnTC0lqlkUJhZnM/cSgPzUTnk7fC7Wdqnsum55ZtFMS4VKmAYn1apnY5j/D2a3dcZYDP0L54uVCIh39Die84z+RT6npDlr+INkO2oIl3AT3v9pZrMG3XHZPVPWlwEYe8NPLEDiDSlTpmyFon9cEZrPfU9DTHET/qBiNXxFZDT+AktYRb; 25://LaBWf/xth8swt/+tyklloARyIGVpfLNTGZJoFiu5H4hUO+/yfyfssOyMkSlmCHdQtPT9M9mBM8CHEX5B1US1On1uNh9JKc0lO1WDsJ95q+t6GIHK0heVHm1KeKCorEYp7Ue5rn7CjdPURN0CgSurskIxcuGBwvtuLeh67cciwvMxoKBTs1wRd/10qwxZfCfsnre0uKLvXHAuHnYnn3ikmDnsNQpvhTU8XkkFqXVnXV/bhLe34NpGVy+yae2teppv5+f2x2oAXxot7HP1JV5RVNPp10pzsSlAZKZ9K2g3+hrMX7WYs/SqYF5ryFjTwZ+wL0SFSErGd7V2wZH+/ytw==; 31:WKU3keGuG4d3IrrbDJA9DDHWpNgy5YSJoimJrBnB26KNWK9zCdgIhuEtTVoEs1KY3U69qLKfpdQW/1LnLLghLs/+4ZzluiASWRnUEHLbYZEPjhJIfsoR7ZNBBbkqCwvTUo/BZfyzB8vNjuXyEZZ4pC0xuqEbEmWD1AcRvSdYeTpBkK3W+6Lr5XNWULl4wDDXnmbQnkq4KZhpUSb6PjSdLFlRmOoH29E91O97IQNgDuQ= X-MS-TrafficTypeDiagnostic: SN1PR12MB2461: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 20:8WqUDzjgUSI3jZOJWwxKUgrJ5cME3MrPOe0sU1dMHJgUcvNH1vn/e8/VKh7LQ/CLzMn8a6WkiDyRxW2pFaQFUpchqbdTFWWmxXItWe0AcKjNX0gp7gtPJxy4HwpIOLFcDHmPUEIPPZ117NcbpmNCJdzG+a239CVJutp4UAIu8krKrmzeWU6uWHvWvJm/0+T1RvXFkvH8tK5riTn4tjkp6beBGt/6qu810ubtsFRpi0UVHynqpAsLovmwbg3sy58yJtuGZIZK5mrIuQ2lXEDJLapS9p/jwMEI2syxvoitaSKXbcc9laU8w9hetjEmjFIz3ddOvq3/tRqSKxFJzNk8YLeIYKuIdVgH1budLtAsA6Ntrce1rrgUuIFI1aiQRcofGvDjbRydSkeJf8ElLcm9Bx6oDHdyqMCcfO7fbefhSiMrq5J6ijFbh7OLdHcoGJH8M6PD3h8/+wCooAT6hFEUjtd71pcvypI16Zdqo+7SbgA8Niy+jWCNQxTuxIEtXGKp; 4:I23JcEuIklAc87mx0WGLmk4js5btiGawR5DGtOawAQ/C7oPsdWBXOKChZq6vMshFrks0WHeVxz3b3H/a4mj4VRbgeU0Xw5/ZCyvQ/6mY92Q5wsFwYb2aiH0XMYo/71gNK/0ukKZEJNP9dAckIZDnPUMlmwkZEPrcsFMjlSCMm2fuBg8l5tMPPOKG+ijHBOt1N8Yg0j0fgoLWETRdE1EP3tWSd3iZ5gvNdEmbQd2kK8L7LGIUezJe54cZ2gWvHL1UY6g2NmTu5VMx9YGYtg9VSjv2G6Nymhd/xszk1pi9Uuxv594iHGBXL1udLf2HoiHg X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:SN1PR12MB2461; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB2461; X-Forefront-PRVS: 06973FFAD3 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6069001)(376002)(39860400002)(39380400002)(346002)(396003)(366004)(189003)(199004)(106356001)(68736007)(2361001)(105586002)(305945005)(7736002)(4326008)(2351001)(53416004)(86362001)(575784001)(76506005)(5660300001)(50466002)(47776003)(6666003)(48376002)(81166006)(81156014)(66066001)(478600001)(6486002)(25786009)(8676002)(6916009)(6116002)(3846002)(8936002)(1076002)(97736004)(50226002)(386003)(59450400001)(54906003)(51416003)(76176011)(36756003)(52116002)(7696005)(53936002)(316002)(16586007)(476003)(956004)(2616005)(11346002)(446003)(44832011)(486006)(2906002)(16526019)(186003)(26005)(44824005); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB2461; H:localhost-010236106000.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB2461; 23:m1AHcpyhyF7bPL0b5UTCRs3otFcVFj5lGXmGx0nyx?= =?us-ascii?Q?IvvdbAfRcTuofFDDcH5vwjPaLpqSX4ykfG//tIqD9gQBcJ0DGIXqGwwOxJ0q?= =?us-ascii?Q?D6NNYtFzIGKR9GUR4D89YZIV3zLghy1Publo/86/JprTwTzKWrEAcAnSfEPR?= =?us-ascii?Q?7t1EHD0HBDhfwHtYDbZGM10yIkmscrkk0ywrTuD73SCbJkiEzFkHF2ZnwU/7?= =?us-ascii?Q?dZH8dBes5mcMUaPJrI5tgUqltmZe8+SFkP63iaaQdIvaxg+aXRSP3lAADjvF?= =?us-ascii?Q?llJJZe3oJFLv52M+hSufagfPubzpVrQ2kn1O9LXnrd2iB3bCajhI/5FrWcNv?= =?us-ascii?Q?22LBbOTOCVAZP7sH+y71t3ITwGY7j6HfAGT8gMtJIAHOBZILecmCwRHICt07?= =?us-ascii?Q?H4duV7FUB0mmUcb3VqdHeny/Ub++xJKmN6I0NTv26tlCOhHHQi+n+N2W0lkc?= =?us-ascii?Q?oPc6fN9phQCh0Ew7rOBlvHS5+S50OFligQSThMFw3AnZbCH+e8Pi7CghcXBP?= =?us-ascii?Q?DZxSLGPWqrSimpifwPUe1emMqtnBoKsa8QecAApiFc1OJG7wdf72DltSt55q?= =?us-ascii?Q?k2ELBTMOaLU48LgT1UPuGb9nxX2ml6kqv9yIskZpIB1TnGkKPYrik4/z/ara?= =?us-ascii?Q?EKZQeG5d3oENu4fXc9vTcD3k7Kvw3SaAKi9iZeuEG7MBlE50EjUvEQ6O/eW0?= =?us-ascii?Q?+nz2Dj143IHXSxJoLFjdkPn/+W9gUxoXhw1+IlQydXXzmUMyKwg3HzuuoM/R?= =?us-ascii?Q?C4jZ1S04w7wgYGEaMYk/I/kibvm1L2H9+Gk6EunPkVgH5cCZXcK5mb50z3WW?= =?us-ascii?Q?P0MIFdc1GeZCgMp5gVQ6LwkPb+phONXvocfNQ3QEj9a14QqpQ8mrLARJDakz?= =?us-ascii?Q?NSj9RldHOtDjJXF42hH4iYx6cTDMldVAOJ3viF4rpcjy818H34r7TIZ46gJ6?= =?us-ascii?Q?lEGNw2E0XsVlBBY0x1vjF7vQrqCM0OpplkZo4Chger3M/VIC29IoHJAsQGN8?= =?us-ascii?Q?nNSraai/O/DYm1ldf38DW/GHcbb/DT1+4moGG9psMjzxFCJVd37WZ4vSbGhh?= =?us-ascii?Q?v2nw/ykYU2KwmJUUcbeqFBAYASw8tgreMTPWeHn67XxDPhTZi1e0yQT9LH8u?= =?us-ascii?Q?5fPc53DzZAxqMsYkgjf4SNV4ePaVVSE5nJKVuMYroTrPXF1KmQl3IX5quHhG?= =?us-ascii?Q?HRqm3JarW0QeNKwZS5+beeLCdI03owpkbGAN5YVCt6Qs5oSBRDm5I16m2N6T?= =?us-ascii?Q?DIBwuc0pbx2Q0HYrtQvjiw9RfEoA+pQYwgjejBOikKVLYyxx3f233HNS5AhN?= =?us-ascii?Q?hBFYMdzOr00gXgq3zfM8iwgX5g0AtoP4jveV7fh0JWTZsPatuZZolsyzZi1O?= =?us-ascii?Q?5W+wXFq5naU99SOk1zKao7VshBxaRB2sCC8ZG4x2iLd75Vk?= X-Microsoft-Antispam-Message-Info: CI3tEkvJsEyd4y2zuKoPLwWBW2Y4s03LOKwJDh4ry6wlljooZ+/eBTQZndpcD7NsnFqPlhBFXbJqPyBJUfdzPJrtiltiBDiECi3FDShwHYhU0P5v6ZkKsEOjcgcuRjchf1rtSFwLpaRO0EWzJXiauX3IlFkXDY2Eo6m9zYDLA0PONtNyhb1RN800tHWSErFo X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 6:PRGcuJn6dwVTqGUOKowbYJU2L1PzhE5F9YJHUHSRssU5XA6k0PB2DNiQhoe77G+Gqgfiilsno03Xl6GzPy8CcevEParRV8Tz57escZx57+Xb70d/0MkvQJTbN75A+z2g5pvXm9tUifjidDT29zdpJSouH/r+2PSYR89iyDYG/YlTK953S0ozqESyjFxq9mbn7ABFyMKATBZNwlLY39JkFpAqhCVZBY4TXbCt6OtBlXa0sjWQhDzpybHgg14fKR9hX3U8j52nL1Nj9tAGOgamWjPTc8kAsJgmHsxXMZgzkrlEVQnTWdOj4R4AcqxJKgaMr3wkdYXxUpaT6PSScbFA9dLhba4z/EZpz4xF2NDvo7Mc9ApBj/r9/81niqLfX3zs+1nAIxgaLObLwIJOK/cSRgpj2JT9+AUJodZriWrn6Jk2kMnvOX/lnQtLa6vIy+EGWKo2xcWadNJuUpMMGikrqA==; 5:c4Ky1y+CQeZqlJxLTgGyoAacczjGB/7+hzbA17elvvT3ddJk+AkPXeF/ZgUr950kVd68X4h3XQBfHnLUljnzPTNxZrPi2XoTmKF+bAduUQWexMQ4JaNXmr7PF+Wu08b8fpy37BjhwZXuDyPYr9EE/uHbvjfgDsa6yhJjKt5oCWc=; 24:4IBubMeqoc1xHnhZxIZkuFg4v6zfExq06DDXfTwptyv7ksHKyNc/25T/4JdPPE7ucDsFOP8FuUmI1cF/VfQXrZ86JyfcCwsPX05RHX0sSOg= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 7:41mZwg+ZnLcrGKi3IQZBH7JQBzs5G8Ohp3uHcEH4S/QIRdS27bdrlDvtXEG9INUSmOrpan7lodF5Vnb1XzQZ+QsjCUDwMqqsY/hXSu9QDXw8Y3Fw4Vbm+soDrT6gBIgcvtdrEmoWhAfiyw2n5Jz1bEf2wlchYAtH/aem6JpitZfqzyrk/DhrSQh5DiGtN+YqJcMWhq/BDCvDXRsxD2BU12XLNhfeeM9cWM6rxUX4dTU+E6Kg1Ua7IXkMaYFAYK9j; 20:+xOaszjIKIkEWK1yXe9bsnahUAZxnF7ToAnsq7b0bwTAhYswsUQN1+bJCeVPCI5v1sSVmx5v11+7qLshyZJMo7xQ5e9dYRUoNJA5w6dXv3GF2C+ReDMiTWijpyJf9XyOCrUjIJ9eD3ckxtIdFrqlh5Buf9naCPRhHzNKtJZ1/MB1DbWnLjzLB4GxnXheh70xw38+uiaRVhgNv6l7saNl9ecPwR39gl17dJNpBHwGi2vSTCPG7P4a3B2AUYkXeapG X-MS-Office365-Filtering-Correlation-Id: b59314c0-cb91-4a71-443d-08d5cd4ded57 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jun 2018 14:41:31.9057 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b59314c0-cb91-4a71-443d-08d5cd4ded57 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2461 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 08 Jun 2018 14:41:41 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 08 Jun 2018 14:41:41 +0000 (UTC) for IP:'104.47.40.52' DOMAIN:'mail-co1nam03on0052.outbound.protection.outlook.com' HELO:'NAM03-CO1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.021 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.40.52 mail-co1nam03on0052.outbound.protection.outlook.com 104.47.40.52 mail-co1nam03on0052.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.41 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Jon Grimm , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v9 08/11] qemu: add support to launch SEV guest X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Fri, 08 Jun 2018 14:42:25 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" QEMU >=3D 2.12 provides 'sev-guest' object which is used to launch encrypted VMs on AMD platform using SEV feature. The various inputs required to launch SEV guest is provided through the tag. A typical SEV guest launch command line looks like this: # $QEMU ...\ -object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D5 ...\ -machine memory-encryption=3Dsev0 \ Signed-off-by: Brijesh Singh Reviewed-by: Erik Skultety --- src/qemu/qemu_command.c | 41 ++++++++++++++++ src/qemu/qemu_process.c | 62 +++++++++++++++++++++= ++++ tests/qemuxml2argvdata/launch-security-sev.args | 29 ++++++++++++ tests/qemuxml2argvdata/launch-security-sev.xml | 37 +++++++++++++++ tests/qemuxml2argvtest.c | 4 ++ 5 files changed, 173 insertions(+) create mode 100644 tests/qemuxml2argvdata/launch-security-sev.args create mode 100644 tests/qemuxml2argvdata/launch-security-sev.xml diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index bd54d17..6a95344 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7287,6 +7287,9 @@ qemuBuildMachineCommandLine(virCommandPtr cmd, virQEMUCapsGet(qemuCaps, QEMU_CAPS_LOADPARM)) qemuAppendLoadparmMachineParm(&buf, def); =20 + if (def->sev) + virBufferAddLit(&buf, ",memory-encryption=3Dsev0"); + virCommandAddArgBuffer(cmd, &buf); =20 ret =3D 0; @@ -9687,6 +9690,41 @@ qemuBuildTPMCommandLine(virCommandPtr cmd, return 0; } =20 +static int +qemuBuildSevCommandLine(virDomainObjPtr vm, virCommandPtr cmd, + virDomainSevDefPtr sev) +{ + virBuffer obj =3D VIR_BUFFER_INITIALIZER; + qemuDomainObjPrivatePtr priv =3D vm->privateData; + char *path =3D NULL; + + if (!sev) + return 0; + + VIR_DEBUG("policy=3D0x%x cbitpos=3D%d reduced_phys_bits=3D%d", + sev->policy, sev->cbitpos, sev->reduced_phys_bits); + + virBufferAsprintf(&obj, "sev-guest,id=3Dsev0,cbitpos=3D%d", sev->cbitp= os); + virBufferAsprintf(&obj, ",reduced-phys-bits=3D%d", sev->reduced_phys_b= its); + virBufferAsprintf(&obj, ",policy=3D0x%x", sev->policy); + + if (sev->dh_cert) { + if (virAsprintf(&path, "%s/dh_cert.base64", priv->libDir) < 0) + return -1; + virBufferAsprintf(&obj, ",dh-cert-file=3D%s", path); + VIR_FREE(path); + } + + if (sev->session) { + if (virAsprintf(&path, "%s/session.base64", priv->libDir) < 0) + return -1; + virBufferAsprintf(&obj, ",session-file=3D%s", path); + VIR_FREE(path); + } + + virCommandAddArgList(cmd, "-object", virBufferContentAndReset(&obj), N= ULL); + return 0; +} =20 static int qemuBuildVMCoreInfoCommandLine(virCommandPtr cmd, @@ -10283,6 +10321,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildVMCoreInfoCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 + if (qemuBuildSevCommandLine(vm, cmd, def->sev) < 0) + goto error; + if (snapshot) virCommandAddArgList(cmd, "-loadvm", snapshot->def->name, NULL); =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 1606f4c..480bc8c 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -5826,6 +5826,65 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver, =20 =20 static int +qemuBuildSevCreateFile(const char *configDir, + const char *name, + const char *data) +{ + char *configFile; + + if (!(configFile =3D virFileBuildPath(configDir, name, ".base64"))) + return -1; + + if (virFileRewriteStr(configFile, S_IRUSR | S_IWUSR, data) < 0) { + virReportSystemError(errno, _("failed to write data to config '%s'= "), + configFile); + goto error; + } + + VIR_FREE(configFile); + return 0; + + error: + VIR_FREE(configFile); + return -1; +} + + +static int +qemuProcessPrepareSevGuestInput(virDomainObjPtr vm) +{ + qemuDomainObjPrivatePtr priv =3D vm->privateData; + virDomainDefPtr def =3D vm->def; + virQEMUCapsPtr qemuCaps =3D priv->qemuCaps; + virDomainSevDefPtr sev =3D def->sev; + + if (!sev) + return 0; + + VIR_DEBUG("Prepare SEV guest"); + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Domain %s asked for 'sev' launch but this " + "QEMU does not support SEV feature"), vm->def->n= ame); + return -1; + } + + if (sev->dh_cert) { + if (qemuBuildSevCreateFile(priv->libDir, "dh_cert", sev->dh_cert) = < 0) + return -1; + } + + if (sev->session) { + if (qemuBuildSevCreateFile(priv->libDir, "session", sev->session) = < 0) + return -1; + } + + return 0; +} + + +static int qemuProcessPrepareHostStorage(virQEMUDriverPtr driver, virDomainObjPtr vm, unsigned int flags) @@ -5987,6 +6046,9 @@ qemuProcessPrepareHost(virQEMUDriverPtr driver, if (qemuExtDevicesPrepareHost(driver, vm->def) < 0) goto cleanup; =20 + if (qemuProcessPrepareSevGuestInput(vm) < 0) + goto cleanup; + ret =3D 0; cleanup: virObjectUnref(cfg); diff --git a/tests/qemuxml2argvdata/launch-security-sev.args b/tests/qemuxm= l2argvdata/launch-security-sev.args new file mode 100644 index 0000000..db0be1a --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev.args @@ -0,0 +1,29 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name QEMUGuest1 \ +-S \ +-machine pc-1.0,accel=3Dkvm,usb=3Doff,dump-guest-core=3Doff,memory-encrypt= ion=3Dsev0 \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest1/moni= tor.sock,\ +server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-no-acpi \ +-boot c \ +-usb \ +-drive file=3D/dev/HostVG/QEMUGuest1,format=3Draw,if=3Dnone,id=3Ddrive-ide= 0-0-0 \ +-device ide-drive,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-= 0 \ +-object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D1,policy=3D0x= 1,\ +dh-cert-file=3D/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\ +session-file=3D/tmp/lib/domain--1-QEMUGuest1/session.base64 diff --git a/tests/qemuxml2argvdata/launch-security-sev.xml b/tests/qemuxml= 2argvdata/launch-security-sev.xml new file mode 100644 index 0000000..5ae83f6 --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev.xml @@ -0,0 +1,37 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + +
+ + + + + + + + + + 47 + 1 + 0x0001 + AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA + IHAVENOIDEABUTJUSTPROVIDINGASTRING + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index c81caec..f630185 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -2897,6 +2897,10 @@ mymain(void) DO_TEST_CAPS_LATEST("vhost-vsock"); DO_TEST_CAPS_LATEST("vhost-vsock-auto"); =20 + DO_TEST("launch-security-sev", + QEMU_CAPS_KVM, + QEMU_CAPS_SEV_GUEST); + if (getenv("LIBVIRT_SKIP_CLEANUP") =3D=3D NULL) virFileDeleteTree(fakerootdir); =20 --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list