From nobody Thu May  2 10:21:36 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639136358; cv=none;
	d=zohomail.com; s=zohoarc;
	b=OMJRyXx8JnBlWvLAE07Zy8fzl95hZnb9vMMhBGmzxpqr0aC0Dl/oORqSlx0xU50Ee2WeSVLs792zKW1Klpvh36bOZ5pl6PDW505/lqlZvbAU0pjnqo/vidkEs30zgXKadu8licFEoE4v3YKLWrsbf6t7DWmkVfu22w6FUWbHqVA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639136358;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=ASAqW17ciIT1TjmDcn/fbjYj0AAFsyPtAAp0LsWVtDI=;
	b=Dx7Bhuw9PhL7jmOmb9PxrwijbHmD8i51L9h37ffBd4M/fzSKNVAFtE24lnUz+VrHnlUjntXASamAoOq/V2qCMwbZ35EE1VRrnqf7WBrlhsjla3csWVt8LjQUX41IeCi4IiHQ1P64WbpECwQ/D1E+reTt5kAQZ6o8apwtbO3vBcE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1639136358800900.6047446756924;
 Fri, 10 Dec 2021 03:39:18 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-235-PNNpFxOzO_2Bs6UhQKsb2g-1; Fri, 10 Dec 2021 06:39:14 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 916F8802E6E;
	Fri, 10 Dec 2021 11:39:07 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 6B5B46FB70;
	Fri, 10 Dec 2021 11:39:07 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3A3D44A700;
	Fri, 10 Dec 2021 11:39:07 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BABc76I020533 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 06:38:07 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id C44045BE24; Fri, 10 Dec 2021 11:38:07 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id CD52F5F4EF;
	Fri, 10 Dec 2021 11:38:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639136357;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=ASAqW17ciIT1TjmDcn/fbjYj0AAFsyPtAAp0LsWVtDI=;
	b=U7mE8g/3udP2pHr8PlGtoasGdb3DGXEPEJFzBAqrfBIJrC29t6RfkBgf9ueJkkqvW7nDKT
	lT+0E0vUjpL5uQ+8uHRrp7htLh4hPu8XI3OVQFXgRW9N08NDbP0LO2aCi6SP9y8oy31uT7
	F1oXfUPPxotDtSTBuXl1p7iunCK471U=
X-MC-Unique: PNNpFxOzO_2Bs6UhQKsb2g-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v2 01/12] include: add new launch security parameters
Date: Fri, 10 Dec 2021 11:37:24 +0000
Message-Id: <20211210113735.2857076-2-berrange@redhat.com>
In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com>
References: <20211210113735.2857076-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639136359481100001

Three more parameters are required in order that clients can
perform a launch attestation on the SEV guest.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 include/libvirt/libvirt-domain.h | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-dom=
ain.h
index d0dd11ab01..5d3e15766e 100644
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
@@ -5101,6 +5101,38 @@ int virDomainSetLifecycleAction(virDomainPtr domain,
  */
 # define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement"
=20
+/**
+ * VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MAJOR:
+ *
+ * Macro represents the API major version of the SEV host,
+ * as VIR_TYPED_PARAM_UINT.
+ */
+# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MAJOR "sev-api-major"
+
+/**
+ * VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MINOR:
+ *
+ * Macro represents the API minor version of the SEV guest,
+ * as VIR_TYPED_PARAM_UINT.
+ */
+# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MINOR "sev-api-minor"
+
+/**
+ * VIR_DOMAIN_LAUNCH_SECURITY_SEV_BUILD_ID:
+ *
+ * Macro represents the build ID of the SEV host,
+ * as VIR_TYPED_PARAM_UINT.
+ */
+# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_BUILD_ID "sev-build-id"
+
+/**
+ * VIR_DOMAIN_LAUNCH_SECURITY_SEV_POLICY:
+ *
+ * Macro represents the policy of the SEV guest,
+ * as VIR_TYPED_PARAM_UINT.
+ */
+# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_POLICY "sev-policy"
+
 int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
                                    virTypedParameterPtr *params,
                                    int *nparams,
--=20
2.33.1

From nobody Thu May  2 10:21:36 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639136299; cv=none;
	d=zohomail.com; s=zohoarc;
	b=LjcUh+E7oXaLWnziaU38YZeJuOmB+eDkgQximUqayqXCyQdlrCaYngrigIKa/CRO3TyE9+wC2b3L/3tWW4RmE0jgBeKZXN/82n20IrPEi9Nfn4Vu/A8z/qel1Rk3rHn5HkLf3vbWuEtbi1oIJx4+avCOodT6OJ4ObuU02eoV2TM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639136299;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=e5eVlewoQ034ZAzQUy2GdreNzHtnFYpmQM+fWl+YePM=;
	b=CE/wY2Mn76kNh/NTNyo61Ne6vMsY/RmHUKm6Z7nv+4gfwVvNF1pOhMNpUE3D3VkURgwEZe1Gx+ZSv2TN+e1oFWuMZClOrx9CcS43rlcKhYukjbq+WQGl8WcFPetSeOxhTrJ+PnfCSYuy+4BI2LXLlmkXjoIhQjX/M2ZUecclygs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1639136299772212.43324063982425;
 Fri, 10 Dec 2021 03:38:19 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-556-_nJsFVT-Oa2Wh93qRGkRZg-1; Fri, 10 Dec 2021 06:38:15 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0C3EB100C611;
	Fri, 10 Dec 2021 11:38:11 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id DC7EA5BE1C;
	Fri, 10 Dec 2021 11:38:10 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7DCF94A7C8;
	Fri, 10 Dec 2021 11:38:10 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BABc9mo020552 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 06:38:09 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 715475F4E7; Fri, 10 Dec 2021 11:38:09 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 373C45BE24;
	Fri, 10 Dec 2021 11:38:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639136298;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=e5eVlewoQ034ZAzQUy2GdreNzHtnFYpmQM+fWl+YePM=;
	b=T7pVAbKzSa907/1Gp28kyAM/j4Wpoj+h2MWyAxHruFXsURJpAjAEci0GB68WnQdQiF5No0
	kV0DKIanDzwoYfjO1IkD++MkBq/cHroxd6nP3nyX0umQAg3SjOEFbr1jdj/+3DkEiciThN
	FCcZAO0vNFldZ2Zl7WoZXVDcfHBTwLc=
X-MC-Unique: _nJsFVT-Oa2Wh93qRGkRZg-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v2 02/12] qemu: report error querying launch params
	for inactive guest
Date: Fri, 10 Dec 2021 11:37:25 +0000
Message-Id: <20211210113735.2857076-3-berrange@redhat.com>
In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com>
References: <20211210113735.2857076-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639136300186100001

Querying launch params on a inactive guest currently triggers
a warning about the monitor being NULL.

https://bugzilla.redhat.com/show_bug.cgi?id=3D2030437

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/qemu/qemu_driver.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 8093b8f69b..5bacf73003 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -19992,6 +19992,12 @@ qemuDomainGetSEVMeasurement(virQEMUDriver *driver,
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
         return -1;
=20
+    if (!virDomainObjIsActive(vm)) {
+        virReportError(VIR_ERR_OPERATION_INVALID,
+                       "%s", _("domain is not running"));
+        goto endjob;
+    }
+
     qemuDomainObjEnterMonitor(driver, vm);
     tmp =3D qemuMonitorGetSEVMeasurement(QEMU_DOMAIN_PRIVATE(vm)->mon);
=20
--=20
2.33.1

From nobody Thu May  2 10:21:36 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639136302; cv=none;
	d=zohomail.com; s=zohoarc;
	b=c04aCVVcz22bkCsTeb7TXUVD3YYqEpZujGW3e3kV8iAOnR06l9GYJuzGadHUvxdAWOOi6M20Chk0o/V01UqDQ4fTw0iWXffuCkoGWz+mJjb/uWdJQoabrKTNi6T88hd06e00wfIlz5OP857rtgIFclAOKmeUmoX8/PmV2FPDtEM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639136302;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=AP7NgkGtfW7Zlnd3t/2UlUUTTnP7kv/2sVNZJxdnLS4=;
	b=eJodju3c0lVih26a7PBMDRKx3GeQpXy3riWPpvXy2CAIlN2d4/VebtW7wHy7qU7EdGBzurYg0AhFlTFBL33H2mTyb803sbPWJtLlFJmHal8wMAOCnj9CNrDNmaQAJQcbgmI9Yt7mdEg/M+Z8ey6oEN0jeDoRtyqyADzcjOlMoJs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1639136302506726.5578654743808;
 Fri, 10 Dec 2021 03:38:22 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-132-RuCcdX8IN_KhXf_6V0uFpg-1; Fri, 10 Dec 2021 06:38:18 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9DF6F81CCC2;
	Fri, 10 Dec 2021 11:38:13 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7DBB910023AE;
	Fri, 10 Dec 2021 11:38:13 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 51D774A7CB;
	Fri, 10 Dec 2021 11:38:13 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BABcAGU020561 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 06:38:10 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id B1BF65BE22; Fri, 10 Dec 2021 11:38:10 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id D4E725BE1C;
	Fri, 10 Dec 2021 11:38:09 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639136301;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=AP7NgkGtfW7Zlnd3t/2UlUUTTnP7kv/2sVNZJxdnLS4=;
	b=ECNQuy3cV69AMBvDbTAZ0v4DM/hkCG7gbPdJIa82qG0QQZ5Gjk+cePDQlfPac2SR/A775w
	IxVXRIovGuf7tX48v5m8kj8PM8KJyYQXy+45X9IwbM6ZhyFJ18bFX7tY9y22N6Kngdh/UX
	qh6HcXDK8SAHb4eYgJUYUqoc6Sj03+k=
X-MC-Unique: RuCcdX8IN_KhXf_6V0uFpg-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v2 03/12] qemu: add monitor APIs for query-sev
Date: Fri, 10 Dec 2021 11:37:26 +0000
Message-Id: <20211210113735.2857076-4-berrange@redhat.com>
In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com>
References: <20211210113735.2857076-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639136304576100001

We're only returning the set of fields needed to perform an
attestation, per the SEV API docs.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/qemu/qemu_monitor.c      | 13 ++++++++++
 src/qemu/qemu_monitor.h      |  9 +++++++
 src/qemu/qemu_monitor_json.c | 46 ++++++++++++++++++++++++++++++++++++
 src/qemu/qemu_monitor_json.h |  9 +++++++
 tests/qemumonitorjsontest.c  | 43 +++++++++++++++++++++++++++++++++
 5 files changed, 120 insertions(+)

diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 75e0e4ed92..dda6ae9796 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -4366,6 +4366,19 @@ qemuMonitorGetSEVMeasurement(qemuMonitor *mon)
 }
=20
=20
+int
+qemuMonitorGetSEVInfo(qemuMonitor *mon,
+                      unsigned int *apiMajor,
+                      unsigned int *apiMinor,
+                      unsigned int *buildID,
+                      unsigned int *policy)
+{
+    QEMU_CHECK_MONITOR(mon);
+
+    return qemuMonitorJSONGetSEVInfo(mon, apiMajor, apiMinor, buildID, pol=
icy);
+}
+
+
 int
 qemuMonitorGetPRManagerInfo(qemuMonitor *mon,
                             GHashTable **retinfo)
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index edc2b01a66..29746f0b8e 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -1445,6 +1445,15 @@ int qemuMonitorBlockdevMediumInsert(qemuMonitor *mon,
 char *
 qemuMonitorGetSEVMeasurement(qemuMonitor *mon);
=20
+int
+qemuMonitorGetSEVInfo(qemuMonitor *mon,
+                      unsigned int *apiMajor,
+                      unsigned int *apiMinor,
+                      unsigned int *buildID,
+                      unsigned int *policy)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+    ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
+
 typedef struct _qemuMonitorPRManagerInfo qemuMonitorPRManagerInfo;
 struct _qemuMonitorPRManagerInfo {
     bool connected;
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index e00d785c20..a3d6eca569 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -8216,6 +8216,52 @@ qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon)
 }
=20
=20
+/**
+ * Retrive info about the SEV setup, returning those fields that
+ * are required to do a launch attestation, as per
+ *
+ * HMAC(0x04 || API_MAJOR || API_MINOR || BUILD || GCTX.POLICY || GCTX.LD =
|| MNONCE; GCTX.TIK)
+ *
+ * specified in section 6.5.1 of AMD Secure Encrypted
+ * Virtualization API.
+ *
+ *  { "execute": "query-sev" }
+ *  { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0,
+ *                "build-id" : 0, "policy" : 0, "state" : "running",
+ *                "handle" : 1 } }
+ */
+int
+qemuMonitorJSONGetSEVInfo(qemuMonitor *mon,
+                          unsigned int *apiMajor,
+                          unsigned int *apiMinor,
+                          unsigned int *buildID,
+                          unsigned int *policy)
+{
+    g_autoptr(virJSONValue) cmd =3D NULL;
+    g_autoptr(virJSONValue) reply =3D NULL;
+    virJSONValue *data;
+
+    if (!(cmd =3D qemuMonitorJSONMakeCommand("query-sev", NULL)))
+        return -1;
+
+    if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+        return -1;
+
+    if (qemuMonitorJSONCheckReply(cmd, reply, VIR_JSON_TYPE_OBJECT) < 0)
+        return -1;
+
+    data =3D virJSONValueObjectGetObject(reply, "return");
+
+    if (virJSONValueObjectGetNumberUint(data, "api-major", apiMajor) < 0 ||
+        virJSONValueObjectGetNumberUint(data, "api-minor", apiMinor) < 0 ||
+        virJSONValueObjectGetNumberUint(data, "build-id", buildID) < 0 ||
+        virJSONValueObjectGetNumberUint(data, "policy", policy) < 0)
+        return -1;
+
+    return 0;
+}
+
+
 /*
  * Example return data
  *
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 64064b0519..e88dfc9d50 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -459,6 +459,15 @@ qemuMonitorJSONSystemWakeup(qemuMonitor *mon);
 char *
 qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon);
=20
+int
+qemuMonitorJSONGetSEVInfo(qemuMonitor *mon,
+                          unsigned int *apiMajor,
+                          unsigned int *apiMinor,
+                          unsigned int *buildID,
+                          unsigned int *policy)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+    ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
+
 int
 qemuMonitorJSONGetVersion(qemuMonitor *mon,
                           int *major,
diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c
index 1ad2912b08..1b0bd0870d 100644
--- a/tests/qemumonitorjsontest.c
+++ b/tests/qemumonitorjsontest.c
@@ -2884,6 +2884,48 @@ testQemuMonitorJSONqemuMonitorJSONGetCPUModelBaselin=
e(const void *opaque)
 }
=20
=20
+static int
+testQemuMonitorJSONGetSEVInfo(const void *opaque)
+{
+    const testGenericData *data =3D opaque;
+    virDomainXMLOption *xmlopt =3D data->xmlopt;
+    g_autoptr(qemuMonitorTest) test =3D NULL;
+    unsigned int apiMajor =3D 0;
+    unsigned int apiMinor =3D 0;
+    unsigned int buildID =3D 0;
+    unsigned int policy =3D 0;
+
+    if (!(test =3D qemuMonitorTestNewSchema(xmlopt, data->schema)))
+        return -1;
+
+    if (qemuMonitorTestAddItem(test, "query-sev",
+                               "{"
+                               "    \"return\": {"
+                               "        \"enabled\": false,"
+                               "        \"api-minor\": 8,"
+                               "        \"handle\": 0,"
+                               "        \"state\": \"uninit\","
+                               "        \"api-major\": 1,"
+                               "        \"build-id\": 834,"
+                               "        \"policy\": 3"
+                               "    },"
+                               "    \"id\": \"libvirt-15\""
+                               "}") < 0)
+        return -1;
+
+    if (qemuMonitorGetSEVInfo(qemuMonitorTestGetMonitor(test),
+                              &apiMajor, &apiMinor, &buildID, &policy) < 0)
+        return -1;
+
+    if (apiMajor !=3D 1 || apiMinor !=3D 8 || buildID !=3D 834 || policy !=
=3D 3) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       "Unexpected SEV info values");
+        return -1;
+    }
+
+    return 0;
+}
+
 static int
 mymain(void)
 {
@@ -2979,6 +3021,7 @@ mymain(void)
     DO_TEST(CPU);
     DO_TEST(GetNonExistingCPUData);
     DO_TEST(GetIOThreads);
+    DO_TEST(GetSEVInfo);
     DO_TEST(Transaction);
     DO_TEST(BlockExportAdd);
     DO_TEST(BlockdevReopen);
--=20
2.33.1

From nobody Thu May  2 10:21:36 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639136361; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ORVL5/Q/No6yTE8d/glp+AFFR0zVd0b5B1lGAi/UzM+cQGub00Wk27ugPMLjnEOq24FFdPqoeT5qzXojbUBJ6AAcr8xazNCAYDH7bIr0AYuJqVrXR2VNZEIgFCocdYalughaPWUNs1mxRil4dw4lXTBy9T+b5bUM/yIcm/pv8r0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639136361;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=NhHL645xidIIpIDEq9bPt1eqLEMJ/KpHoQ40TDdmgH0=;
	b=MOJ8MHrlhyiHvrIpwvn3nfI3SZAPo71J8/K3aF/fuB2dQQHqOszEkfHYgoiwDGKC0+YFYjJKJycsr4fLf8e5q/6Z0YMLkAOZ4SYNSGjyDMLeWEO/2w8CbrfAKLJEJxaRzBdNhIMuMBjhsVlWLUFtZVs3hQEOysVvJW47sJvgO6g=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1639136361854255.6900549065026;
 Fri, 10 Dec 2021 03:39:21 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-515-1tfmepy7MQmOz76zWT6n3g-1; Fri, 10 Dec 2021 06:39:17 -0500
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 15F65100CCA2;
	Fri, 10 Dec 2021 11:39:12 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id CF32C694D9;
	Fri, 10 Dec 2021 11:39:11 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 833314A70C;
	Fri, 10 Dec 2021 11:39:11 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BABcXXu020663 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 06:38:33 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 1B0D65BE3F; Fri, 10 Dec 2021 11:38:33 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 15FCD5BE2A;
	Fri, 10 Dec 2021 11:38:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639136360;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=NhHL645xidIIpIDEq9bPt1eqLEMJ/KpHoQ40TDdmgH0=;
	b=ePpIcXkU5XRFSWQyHSN45uh0t/SsgZ7Pi8yb0JD5gxkDGdfycEuIHIjD2OLKzbjGnRoWJ0
	1+YFwvCytnn2CGzKDmLFMSwRCWeAYxmqIdg7LNDmie+P34nCT44/yR7pJms1IrG2moLMxH
	Vqra/CsHRfXWdHA+gocCA49hFLhJTLY=
X-MC-Unique: 1tfmepy7MQmOz76zWT6n3g-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v2 04/12] qemu: report new launch security parameters
Date: Fri, 10 Dec 2021 11:37:27 +0000
Message-Id: <20211210113735.2857076-5-berrange@redhat.com>
In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com>
References: <20211210113735.2857076-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639136363646100001

Report extra info about the SEV setup, returning those fields
that are required to calculate the expected launch measurement

 HMAC(0x04 || API_MAJOR || API_MINOR || BUILD ||
      GCTX.POLICY || GCTX.LD || MNONCE; GCTX.TIK)

specified in section 6.5.1 of AMD Secure Encrypted
Virtualization API.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/qemu/qemu_driver.c | 43 +++++++++++++++++++++++++++++++++++-------
 1 file changed, 36 insertions(+), 7 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 5bacf73003..1bf1938634 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -19977,14 +19977,19 @@ qemuNodeGetSEVInfo(virConnectPtr conn,
=20
=20
 static int
-qemuDomainGetSEVMeasurement(virQEMUDriver *driver,
-                            virDomainObj *vm,
-                            virTypedParameterPtr *params,
-                            int *nparams,
-                            unsigned int flags)
+qemuDomainGetSEVInfo(virQEMUDriver *driver,
+                     virDomainObj *vm,
+                     virTypedParameterPtr *params,
+                     int *nparams,
+                     unsigned int flags)
 {
     int ret =3D -1;
+    int rv;
     g_autofree char *tmp =3D NULL;
+    unsigned int apiMajor =3D 0;
+    unsigned int apiMinor =3D 0;
+    unsigned int buildID =3D 0;
+    unsigned int policy =3D 0;
     int maxpar =3D 0;
=20
     virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1);
@@ -20001,15 +20006,39 @@ qemuDomainGetSEVMeasurement(virQEMUDriver *driver,
     qemuDomainObjEnterMonitor(driver, vm);
     tmp =3D qemuMonitorGetSEVMeasurement(QEMU_DOMAIN_PRIVATE(vm)->mon);
=20
+
+    if (!tmp) {
+        qemuDomainObjExitMonitor(driver, vm);
+        goto endjob;
+    }
+
+    rv =3D qemuMonitorGetSEVInfo(QEMU_DOMAIN_PRIVATE(vm)->mon,
+                               &apiMajor, &apiMinor, &buildID, &policy);
     qemuDomainObjExitMonitor(driver, vm);
=20
-    if (!tmp)
+    if (rv < 0)
         goto endjob;
=20
     if (virTypedParamsAddString(params, nparams, &maxpar,
                                 VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT,
                                 tmp) < 0)
         goto endjob;
+    if (virTypedParamsAddUInt(params, nparams, &maxpar,
+                              VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MAJOR,
+                              apiMajor) < 0)
+        goto endjob;
+    if (virTypedParamsAddUInt(params, nparams, &maxpar,
+                              VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MINOR,
+                              apiMinor) < 0)
+        goto endjob;
+    if (virTypedParamsAddUInt(params, nparams, &maxpar,
+                              VIR_DOMAIN_LAUNCH_SECURITY_SEV_BUILD_ID,
+                              buildID) < 0)
+        goto endjob;
+    if (virTypedParamsAddUInt(params, nparams, &maxpar,
+                              VIR_DOMAIN_LAUNCH_SECURITY_SEV_POLICY,
+                              policy) < 0)
+        goto endjob;
=20
     ret =3D 0;
=20
@@ -20037,7 +20066,7 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr domain,
=20
     if (vm->def->sec &&
         vm->def->sec->sectype =3D=3D VIR_DOMAIN_LAUNCH_SECURITY_SEV) {
-        if (qemuDomainGetSEVMeasurement(driver, vm, params, nparams, flags=
) < 0)
+        if (qemuDomainGetSEVInfo(driver, vm, params, nparams, flags) < 0)
             goto cleanup;
     }
=20
--=20
2.33.1

From nobody Thu May  2 10:21:36 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639136364; cv=none;
	d=zohomail.com; s=zohoarc;
	b=T18NtuGVu/yr4PgCvwTWHilceeezONRv6Z9NZAjC5JRfgxf/oXauKOmhtNVCeZOUU1vgNkP0psIgoZ4mM6/e4ZoiShrS5bFUdrUHi4RBnZzY9DSaweXcTUU2vFC+tu1vv2NNNHISH5NYS2xT8MsMRQtAa7hHoZ/lRWynn7VtT0A=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639136364;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=ESCs0p1YthqP9Vqu/WNX1kZExYnL5gTaZN8OHBZJXjI=;
	b=aVLYAzZul8gx9xETd5iH7OMsuR43Sw52FtJ6U0YrRjfHjaF+Qqy3TmSDEzq+DONjs4hJpcPyBL8Q2Gk0gYq1sCKRozbVs71t6zxQRnGzHyq2Pz53huuOq7LILUJdg9Q+toyiWs3hoE7Ey9iRCb9mqRDlBnbrw+Mf4dDLpetdd2A=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 16391363646801007.0949342220655;
 Fri, 10 Dec 2021 03:39:24 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-363-78bI0wmfP1mTrTmIQwMwaQ-1; Fri, 10 Dec 2021 06:39:21 -0500
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9D22D801B0C;
	Fri, 10 Dec 2021 11:39:15 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 827856A023;
	Fri, 10 Dec 2021 11:39:15 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 562991803390;
	Fri, 10 Dec 2021 11:39:15 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BABcYOv020668 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 06:38:34 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 432455F4E7; Fri, 10 Dec 2021 11:38:34 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 81AB75BE3F;
	Fri, 10 Dec 2021 11:38:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639136363;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=ESCs0p1YthqP9Vqu/WNX1kZExYnL5gTaZN8OHBZJXjI=;
	b=i50rQDI2E7ZsybfYLLWhjR2rr1+jRKGYly0uCNTMKo8ixYQJw+D2/2yi5wP3QI7cS9aSTw
	nvpIAQYdc9B8W+svvdmajCDNCY19WVgFLm+OJrGknkNcHJVs1ohuHop6qDdm5/+YaGsuXi
	7seSJJTHIJy9yP9kqdVVtUDL7GcxVFI=
X-MC-Unique: 78bI0wmfP1mTrTmIQwMwaQ-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v2 05/12] tools: add 'domlaunchsecinfo' virsh command
Date: Fri, 10 Dec 2021 11:37:28 +0000
Message-Id: <20211210113735.2857076-6-berrange@redhat.com>
In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com>
References: <20211210113735.2857076-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639136366058100001

This command reports the launch security parameters for
a guest, allowing an external tool to perform a launch
attestation.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 docs/manpages/virsh.rst | 17 +++++++++++++
 tools/virsh-domain.c    | 53 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)

diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 275f416090..1a74217625 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -2057,6 +2057,23 @@ destination hosts have synchronized time (i.e., NTP =
daemon is running
 on both of them).
=20
=20
+domlaunchsecinfo
+----------------
+
+**Syntax:**
+
+::
+
+   domlaunchsecinfo domain
+
+Returns information about the launch security parameters associated
+with a running domain.
+
+The set of parameters reported will vary depending on which type of
+launch security protection is active. If none is active, no parameters
+will be reported.
+
+
 dommemstat
 ----------
=20
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 8379f9f135..1560a8ea0d 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -9525,6 +9525,53 @@ cmdNumatune(vshControl * ctl, const vshCmd * cmd)
     goto cleanup;
 }
=20
+/*
+ * "domlaunchsecinfo" command
+ */
+static const vshCmdInfo info_domlaunchsecinfo[] =3D {
+    {.name =3D "help",
+     .data =3D N_("Get domain launch security info")
+    },
+    {.name =3D "desc",
+     .data =3D N_("Get the launch security parameters for a guest domain")
+    },
+    {.name =3D NULL}
+};
+
+static const vshCmdOptDef opts_domlaunchsecinfo[] =3D {
+    VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+    {.name =3D NULL}
+};
+
+static bool
+cmdDomLaunchSecInfo(vshControl * ctl, const vshCmd * cmd)
+{
+    g_autoptr(virshDomain) dom =3D NULL;
+    size_t i;
+    int nparams =3D 0;
+    virTypedParameterPtr params =3D NULL;
+    bool ret =3D false;
+
+    if (!(dom =3D virshCommandOptDomain(ctl, cmd, NULL)))
+        return false;
+
+    if (virDomainGetLaunchSecurityInfo(dom, &params, &nparams, 0) !=3D 0) {
+        vshError(ctl, "%s", _("Unable to get launch security parameters"));
+        goto cleanup;
+    }
+
+    for (i =3D 0; i < nparams; i++) {
+        g_autofree char *str =3D vshGetTypedParamValue(ctl, &params[i]);
+        vshPrint(ctl, "%-15s: %s\n", params[i].field, str);
+    }
+
+    ret =3D true;
+
+ cleanup:
+    virTypedParamsFree(params, nparams);
+    return ret;
+}
+
 /*
  * "qemu-monitor-command" command
  */
@@ -14544,6 +14591,12 @@ const vshCmdDef domManagementCmds[] =3D {
      .info =3D info_domjobinfo,
      .flags =3D 0
     },
+    {.name =3D "domlaunchsecinfo",
+     .handler =3D cmdDomLaunchSecInfo,
+     .opts =3D opts_domlaunchsecinfo,
+     .info =3D info_domlaunchsecinfo,
+     .flags =3D 0
+    },
     {.name =3D "domname",
      .handler =3D cmdDomname,
      .opts =3D opts_domname,
--=20
2.33.1

From nobody Thu May  2 10:21:36 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639136405; cv=none;
	d=zohomail.com; s=zohoarc;
	b=QDIcBIIExpNr2MiDqyTo+6UWvvUfRhkjNNTDwPQ/GifRdcFuQwA/hbIDV/gKWr4GSGMWsB8OUJc7q9FjFRedKlCYjsgRiyjfnryxhdQs4iU/vLFNvqAdvYvnYeUdWo+BXicFsS/QctHsdheguWpH4f7oKt+Fmy5aKgisEAZCPXE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639136405;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=y01GbPgtUwp2bLtBy2RpzxiF7amKcr4cjtctoBIGFh0=;
	b=W0XGwEuh2jwwPgNQDKmVXJrJdcS4puJulb8Rwu3oDMaDDx20aQvpYGOPY91sz/eCtnUp0hBOuJQH99x7GST98ttE0oHUYHawIPrGIDt+kalF2oUKEGqIEIV/71cplIyvaICwxeQMGIl1rbdfI0bM8AjgqvC4sXcLxyWlqZ7CjlY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1639136405622511.8726600498761;
 Fri, 10 Dec 2021 03:40:05 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-431-dQyFhC0zMAKbqYVxIELC2A-1; Fri, 10 Dec 2021 06:39:23 -0500
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D8D04801B2F;
	Fri, 10 Dec 2021 11:39:17 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id BEE34709AA;
	Fri, 10 Dec 2021 11:39:17 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 950E74A712;
	Fri, 10 Dec 2021 11:39:17 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BABcZMD020678 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 06:38:35 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 7F7715BE18; Fri, 10 Dec 2021 11:38:35 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id A68CC5BE3F;
	Fri, 10 Dec 2021 11:38:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639136404;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=y01GbPgtUwp2bLtBy2RpzxiF7amKcr4cjtctoBIGFh0=;
	b=A08S7jnPw6TokbddSAtbm2RUakd7HSewlIpTYep4aoxS5ncBRO1Td7wuu0Z1NUmeR9ypkt
	hYP6kY7GA+B56zfR6deLkE/j+4b01ffJewF7oxYjrCjploQng2hwxKX49uYhxfPkxnyuTE
	g3DJ3B8ISbS9Ee/LZSB1M5aWsKK7QwM=
X-MC-Unique: dQyFhC0zMAKbqYVxIELC2A-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v2 06/12] tools: add 'nodesevinfo' virsh command
Date: Fri, 10 Dec 2021 11:37:29 +0000
Message-Id: <20211210113735.2857076-7-berrange@redhat.com>
In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com>
References: <20211210113735.2857076-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639136407638100001

While some SEV info is reported in the domain capabilities,
for reasons of size, this excludes the certificates. The
nodesevinfo command provides the full set of information.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 docs/manpages/virsh.rst | 14 +++++++++++++
 tools/virsh-host.c      | 45 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)

diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 1a74217625..e828f7ef68 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -479,6 +479,20 @@ Returns memory stats of the node.
 If *cell* is specified, this will print the specified cell statistics only.
=20
=20
+nodesevinfo
+-----------
+
+**Syntax:**
+
+::
+
+   nodesevinfo
+
+Reports information about the AMD SEV launch security features for
+the node, if any. Some of this information is also reported in the
+domain capabilities XML document.
+
+
 nodesuspend
 -----------
=20
diff --git a/tools/virsh-host.c b/tools/virsh-host.c
index 5da1346a9c..5ee3834de2 100644
--- a/tools/virsh-host.c
+++ b/tools/virsh-host.c
@@ -888,6 +888,45 @@ cmdNodeMemStats(vshControl *ctl, const vshCmd *cmd)
     return true;
 }
=20
+/*
+ * "nodesevinfo" command
+ */
+static const vshCmdInfo info_nodesevinfo[] =3D {
+    {.name =3D "help",
+     .data =3D N_("node SEV information")
+    },
+    {.name =3D "desc",
+     .data =3D N_("Returns basic SEV information about the node.")
+    },
+    {.name =3D NULL}
+};
+
+static bool
+cmdNodeSEVInfo(vshControl *ctl, const vshCmd *cmd G_GNUC_UNUSED)
+{
+    virshControl *priv =3D ctl->privData;
+    size_t i;
+    int nparams =3D 0;
+    virTypedParameterPtr params =3D NULL;
+    bool ret =3D false;
+
+    if (virNodeGetSEVInfo(priv->conn, &params, &nparams, 0) !=3D 0) {
+        vshError(ctl, "%s", _("Unable to get host SEV information"));
+        goto cleanup;
+    }
+
+    for (i =3D 0; i < nparams; i++) {
+        g_autofree char *str =3D vshGetTypedParamValue(ctl, &params[i]);
+        vshPrint(ctl, "%-18s: %s\n", params[i].field, str);
+    }
+
+    ret =3D true;
+
+ cleanup:
+    virTypedParamsFree(params, nparams);
+    return ret;
+}
+
 /*
  * "nodesuspend" command
  */
@@ -1828,6 +1867,12 @@ const vshCmdDef hostAndHypervisorCmds[] =3D {
      .info =3D info_nodememstats,
      .flags =3D 0
     },
+    {.name =3D "nodesevinfo",
+     .handler =3D cmdNodeSEVInfo,
+     .opts =3D NULL,
+     .info =3D info_nodesevinfo,
+     .flags =3D 0
+    },
     {.name =3D "nodesuspend",
      .handler =3D cmdNodeSuspend,
      .opts =3D opts_node_suspend,
--=20
2.33.1

From nobody Thu May  2 10:21:36 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639136327; cv=none;
	d=zohomail.com; s=zohoarc;
	b=aQeuDIIT3QDNsEr8RHgfZgBht2LV14Cfip70chdrVOg2wCpzSqNkSyfMmhQC9oU0wJmARaUK2bLQbQlWYdgDuXd3sqvy9s0JawT949ce/3ioru+XZX1fMLBN2raYGDg8NEiiohX9OPlpwE4ymlFmTG8iRJRtD20zk7nUY/4rajM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639136327;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=1p8/Z38GIQ8gWY83JE0Fg40yMeF850/vDaP0XhYDbew=;
	b=fpM4Paj++NxugsAvJSj4YM72VicxookuCtRRxNYYODAtqnhOei4ZJ/RkHQcPjH+uwdvlHjvDeRK0GgVmuOOBolo2idnlUdyWLEqNfJPmmF0OgWsRxfcaSc7XdwZuD9YOGNt+7zRbSy5yGE9QM5JvYCgJSYZKXINxvWe319xxvS8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 163913632771893.41254313978709;
 Fri, 10 Dec 2021 03:38:47 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-48-UHdyCJIgP9a4xzxH7zAnWg-1; Fri, 10 Dec 2021 06:38:42 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 84F4F18C89E0;
	Fri, 10 Dec 2021 11:38:38 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 669BE60BE5;
	Fri, 10 Dec 2021 11:38:38 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3B2054A705;
	Fri, 10 Dec 2021 11:38:38 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BABcaDl020694 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 06:38:36 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id B4BDF5BE1B; Fri, 10 Dec 2021 11:38:36 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id E49585BE18;
	Fri, 10 Dec 2021 11:38:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639136326;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=1p8/Z38GIQ8gWY83JE0Fg40yMeF850/vDaP0XhYDbew=;
	b=WsrklwETOi+RG3sUKoi8RCQiwbhGjNZraENh3MiOYHqD8jeKhJbwyMWeNicbMeOH6MXq1X
	zj4XOBhynxWNYecSnwJ4hRiAu7zcdfX7BFMMe7sNCB9+jMOIUpS6dCSYeAhyIc1I4CCmH6
	eMIevJcj8DD6pWs3Ogy0JgVuGK2Nfb4=
X-MC-Unique: UHdyCJIgP9a4xzxH7zAnWg-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v2 07/12] conf: extend domain capabilities for max SEV
	guest count
Date: Fri, 10 Dec 2021 11:37:30 +0000
Message-Id: <20211210113735.2857076-8-berrange@redhat.com>
In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com>
References: <20211210113735.2857076-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639136329007100001

There are limits on the number of SEV/SEV-ES guests that can
be run on machines, which may be influenced by firmware
settings. This is important to expose to users.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 docs/formatdomaincaps.html.in                   | 6 ++++++
 docs/schemas/domaincaps.rng                     | 6 ++++++
 src/conf/domain_capabilities.c                  | 4 ++++
 src/conf/domain_capabilities.h                  | 2 ++
 tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 2 ++
 tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 2 ++
 tests/domaincapsdata/qemu_2.12.0.x86_64.xml     | 2 ++
 tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml  | 2 ++
 tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  | 2 ++
 tests/domaincapsdata/qemu_6.0.0.x86_64.xml      | 2 ++
 10 files changed, 30 insertions(+)

diff --git a/docs/formatdomaincaps.html.in b/docs/formatdomaincaps.html.in
index 915ece8e3e..35b8bf3def 100644
--- a/docs/formatdomaincaps.html.in
+++ b/docs/formatdomaincaps.html.in
@@ -681,6 +681,12 @@
       <dt><code>reducedPhysBits</code></dt>
       <dd>When memory encryption is enabled, we lose certain bits in physi=
cal
       address space. The number of bits we lose is hypervisor dependent.</=
dd>
+      <dt><code>maxGuests</code></dt>
+      <dd>The maximum number of SEV guests that can be launched on the hos=
t.
+      This value may be configurable in the firmware for some hosts.</dd>
+      <dt><code>maxESGuests</code></dt>
+      <dd>The maximum number of SEV-ES guests that can be launched on the =
host.
+      This value may be configurable in the firmware for some hosts.</dd>
     </dl>
=20
   </body>
diff --git a/docs/schemas/domaincaps.rng b/docs/schemas/domaincaps.rng
index 1b6122507f..b40ee0f35a 100644
--- a/docs/schemas/domaincaps.rng
+++ b/docs/schemas/domaincaps.rng
@@ -323,6 +323,12 @@
         <element name=3D"reducedPhysBits">
           <data type=3D"unsignedInt"/>
         </element>
+        <element name=3D"maxGuests">
+          <data type=3D"unsignedInt"/>
+        </element>
+        <element name=3D"maxESGuests">
+          <data type=3D"unsignedInt"/>
+        </element>
       </optional>
     </element>
   </define>
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index fef1326190..c394a7a390 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -597,6 +597,10 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf,
         virBufferAsprintf(buf, "<cbitpos>%d</cbitpos>\n", sev->cbitpos);
         virBufferAsprintf(buf, "<reducedPhysBits>%d</reducedPhysBits>\n",
                           sev->reduced_phys_bits);
+        virBufferAsprintf(buf, "<maxGuests>%d</maxGuests>\n",
+                          sev->max_guests);
+        virBufferAsprintf(buf, "<maxESGuests>%d</maxESGuests>\n",
+                          sev->max_es_guests);
         virBufferAdjustIndent(buf, -2);
         virBufferAddLit(buf, "</sev>\n");
     }
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index 2fcad87fd8..1d2f4ac7a5 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -187,6 +187,8 @@ struct _virSEVCapability {
     char *cert_chain;
     unsigned int cbitpos;
     unsigned int reduced_phys_bits;
+    unsigned int max_guests;
+    unsigned int max_es_guests;
 };
=20
 typedef enum {
diff --git a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml b/tests/domain=
capsdata/qemu_2.12.0-q35.x86_64.xml
index 9f41dfaf2b..26816ff066 100644
--- a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml
@@ -205,6 +205,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>0</maxGuests>
+      <maxESGuests>0</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml b/tests/domain=
capsdata/qemu_2.12.0-tcg.x86_64.xml
index d5f9d8ebe3..5840a8b921 100644
--- a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml
@@ -215,6 +215,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>0</maxGuests>
+      <maxESGuests>0</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml b/tests/domaincaps=
data/qemu_2.12.0.x86_64.xml
index dc2c3ec4dd..21d1b6946e 100644
--- a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml
@@ -205,6 +205,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>0</maxGuests>
+      <maxESGuests>0</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_6.0.0-q35.x86_64.xml
index 90acb29775..3415d44019 100644
--- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
@@ -227,6 +227,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>0</maxGuests>
+      <maxESGuests>0</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_6.0.0-tcg.x86_64.xml
index 768cba5a41..f58be3af6c 100644
--- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
@@ -233,6 +233,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>0</maxGuests>
+      <maxESGuests>0</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_6.0.0.x86_64.xml
index 7a95c530f9..0a2615c519 100644
--- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
@@ -227,6 +227,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>0</maxGuests>
+      <maxESGuests>0</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
--=20
2.33.1

From nobody Thu May  2 10:21:36 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639136329; cv=none;
	d=zohomail.com; s=zohoarc;
	b=nbbm4XghvYqooeIom36VEYhZYGWmVgTUUmvI2wG77G2ccokiMjwb0o/Lf3wRx7PpBu2EEvBFJSJwfWThV2dCb1bfI7heH7QnxM9GO3qp1q0xbsGzRs6cm+DknYZZh9CH9LnQT7JKVh9q0unPXo0dY9kfGn66TVw/IOLi+fHv57Q=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639136329;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=gYtwAnBQXKGeoLeiRHmGGwA4a+EJLnsloOzQqV0e6lU=;
	b=mtuKxz7DRDpTLAujYw4ZpzUlr8eHYxZnTtK8bh//1JEMQxTYVilEqWIQW33ulk42WmaAPDFbnQrnpCgLfH2nlq0a17GHElH01O70VMhjqfFJsDjKnRQhfTgDnaRS5QsLZ72EksrrN++rsvNOLjWng9X/P7ml6+icl8TmnjMbCg8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 163913632924034.87604005393166;
 Fri, 10 Dec 2021 03:38:49 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-216-iB_weJd2PLeBaLLYkSOk7Q-1; Fri, 10 Dec 2021 06:38:44 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 629FA1023F4F;
	Fri, 10 Dec 2021 11:38:40 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 44CD419724;
	Fri, 10 Dec 2021 11:38:40 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1540E4A70C;
	Fri, 10 Dec 2021 11:38:40 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BABccPp020710 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 06:38:38 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id F37D35BE1B; Fri, 10 Dec 2021 11:38:37 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 29FB75BE18;
	Fri, 10 Dec 2021 11:38:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639136328;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=gYtwAnBQXKGeoLeiRHmGGwA4a+EJLnsloOzQqV0e6lU=;
	b=F+TtwWnPs6rXwnW8VnXrc7gjUInas+n1HGke2Ovdv28SAPp5swMIpX8wkc4D+jA5/0VQ0r
	jgk5CQQC4mzF1xKjzlcIm/CdE7db/DMbR5kBrQmmJLMEBBO9Y+6nP5s7L2HNeewTm6RBHb
	vX0Bc4u6ivVO1CO2FeJBu8QvG14ukk4=
X-MC-Unique: iB_weJd2PLeBaLLYkSOk7Q-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v2 08/12] include: define parameters for reporting SEV
	guest limits
Date: Fri, 10 Dec 2021 11:37:31 +0000
Message-Id: <20211210113735.2857076-9-berrange@redhat.com>
In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com>
References: <20211210113735.2857076-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639136331106100003

There are limits on the number of SEV/SEV-ES guests that can
be run on machines, which may be influenced by firmware
settings. This is important to expose to users.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 include/libvirt/libvirt-host.h | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
index 4caed94a77..1dc4b8a147 100644
--- a/include/libvirt/libvirt-host.h
+++ b/include/libvirt/libvirt-host.h
@@ -472,6 +472,22 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
  */
 # define VIR_NODE_SEV_REDUCED_PHYS_BITS "reduced-phys-bits"
=20
+/**
+ * VIR_NODE_SEV_MAX_GUESTS:
+ *
+ * Macro represents the number of SEV guests that can
+ * be run on the host, as a VIR_TYPED_PARAM_UINT.
+ */
+# define VIR_NODE_SEV_MAX_GUESTS "max-guests"
+
+/**
+ * VIR_NODE_SEV_MAX_ES_GUESTS:
+ *
+ * Macro represents the number of SEV-ES guests that can
+ * be run on the host, as a VIR_TYPED_PARAM_UINT.
+ */
+# define VIR_NODE_SEV_MAX_ES_GUESTS "max-es-guests"
+
 int virNodeGetSEVInfo (virConnectPtr conn,
                        virTypedParameterPtr *params,
                        int *nparams,
--=20
2.33.1

From nobody Thu May  2 10:21:36 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639136335; cv=none;
	d=zohomail.com; s=zohoarc;
	b=nc8Is5Pvo2L+4A8yclreE2qL+awGfHxflpZ0JhRqrU4dPxYrPQGxTEump7o/ClMiZ7aQUEpE8LhHHjhX+8OsbNYKePuNyjz8I/z/eFMfhfY5PUyxSsnXbqjlmhTM7HA09PR4hX4OOHXIm4TGGRj55QJtawg3kFTzOSe65m+qgrA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639136335;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=8hdqpHdLHCgZv/8zx3GltPaXgvWDIlSY9oMrKW2u/+A=;
	b=Uk7tGyf4SI8fBZ35kkPJ41Yacui5NiKMsv3o2e0xyRzfBrmiOvu0TiVWuKqS5/oFbv/VNwdPcSBITJ+rvjnsYW4mfWnJQlip8KOylAHCXWaARMs2gBLT0fl34IKbafd+ir+EoaXLWOviLKrfxtdDJbL3pPJvxnfx/IJtfvz/5M0=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1639136335133373.0775042737338;
 Fri, 10 Dec 2021 03:38:55 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-29-NOg5Qz3lMAqgFQNury_4SQ-1; Fri, 10 Dec 2021 06:38:50 -0500
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 113AA801B25;
	Fri, 10 Dec 2021 11:38:43 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id EB50145D7F;
	Fri, 10 Dec 2021 11:38:42 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id C07501806D2C;
	Fri, 10 Dec 2021 11:38:42 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BABcdsi020720 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 06:38:39 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 41BC85BE24; Fri, 10 Dec 2021 11:38:39 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 6077A5BE18;
	Fri, 10 Dec 2021 11:38:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639136334;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=8hdqpHdLHCgZv/8zx3GltPaXgvWDIlSY9oMrKW2u/+A=;
	b=XEFDlVHWj/c4BPZmFUDTOS7ZGUhYCn0moMGoMHBnI26s/U9ZBzOd+AD3y2aNvn7HqVVWvj
	x5X/Mh1YI1Y3BKcHY7fQf7h2MhMsM6pGiDur6YS9n5fvZ6Awlh53GBnv8xPOKa0/+C3x75
	uJpmNXnGcffz1Xb6Dv+KYcZfWMvruyE=
X-MC-Unique: NOg5Qz3lMAqgFQNury_4SQ-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v2 09/12] qemu: report max number of SEV guests
Date: Fri, 10 Dec 2021 11:37:32 +0000
Message-Id: <20211210113735.2857076-10-berrange@redhat.com>
In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com>
References: <20211210113735.2857076-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639136335878100001

Different CPU generations have different limits on the number
of SEV/SEV-ES guests that can be run. Since both limits come
from the same overall set, there is typically also BIOS config
to set the tradeoff betweeen SEV and SEV-ES guest limits.

This is important information to expose for a mgmt application
scheduling guests to hosts.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/qemu/qemu_capabilities.c                  | 38 +++++++++++++++++++
 src/qemu/qemu_driver.c                        | 10 +++++
 .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml |  2 +-
 .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml |  2 +-
 tests/domaincapsdata/qemu_2.12.0.x86_64.xml   |  2 +-
 .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml  |  2 +-
 .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  |  2 +-
 tests/domaincapsdata/qemu_6.0.0.x86_64.xml    |  2 +-
 8 files changed, 54 insertions(+), 6 deletions(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 4ffd0a98a2..456ce1b72e 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -1897,6 +1897,8 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst,
=20
     tmp->cbitpos =3D src->cbitpos;
     tmp->reduced_phys_bits =3D src->reduced_phys_bits;
+    tmp->max_guests =3D src->max_guests;
+    tmp->max_es_guests =3D src->max_es_guests;
=20
     *dst =3D g_steal_pointer(&tmp);
     return 0;
@@ -3286,6 +3288,30 @@ virQEMUCapsProbeQMPGICCapabilities(virQEMUCaps *qemu=
Caps,
 }
=20
=20
+static void
+virQEMUCapsGetSEVMaxGuests(virSEVCapability *caps)
+{
+# if __x86_64__
+    uint32_t eax, ebx, ecx, edx;
+    asm("xor %%ebx, %%ebx;" /* clear the other registers as some cpuid */
+        "xor %%edx, %%edx;" /* functions may use them as additional argume=
nts */
+        "cpuid;"
+        : "=3Da" (eax),
+          "=3Db" (ebx),
+          "=3Dc" (ecx),
+          "=3Dd" (edx)
+        : "0" (0x8000001F),
+          "c" (0)
+        : "cc");
+
+    caps->max_guests =3D ecx - edx + 1;
+    caps->max_es_guests =3D edx - 1;
+# else
+    VIR_WARN("Unexpectedly asked for SEV guest count on non-x86_64 arch");
+    caps->max_guests =3D caps->max_es_guests =3D 0;
+# endif
+}
+
 static int
 virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemuCaps,
                                    qemuMonitor *mon)
@@ -3305,6 +3331,8 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemuC=
aps,
         return 0;
     }
=20
+    virQEMUCapsGetSEVMaxGuests(caps);
+
     virSEVCapabilitiesFree(qemuCaps->sevCapabilities);
     qemuCaps->sevCapabilities =3D caps;
     return 0;
@@ -4084,6 +4112,14 @@ virQEMUCapsParseSEVInfo(virQEMUCaps *qemuCaps, xmlXP=
athContextPtr ctxt)
         return -1;
     }
=20
+
+    /* We probe this every time because the values
+     * can change on every reboot via firmware
+     * config tunables. It is cheap to query so
+     * lack of caching is a non-issue
+     */
+    virQEMUCapsGetSEVMaxGuests(sev);
+
     qemuCaps->sevCapabilities =3D g_steal_pointer(&sev);
     return 0;
 }
@@ -6344,6 +6380,8 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCaps *qemu=
Caps,
     domCaps->sev->cert_chain =3D g_strdup(cap->cert_chain);
     domCaps->sev->cbitpos =3D cap->cbitpos;
     domCaps->sev->reduced_phys_bits =3D cap->reduced_phys_bits;
+    domCaps->sev->max_guests =3D cap->max_guests;
+    domCaps->sev->max_es_guests =3D cap->max_es_guests;
 }
=20
=20
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 1bf1938634..572e09be9f 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -19934,6 +19934,16 @@ qemuGetSEVInfoToParams(virQEMUCaps *qemuCaps,
                     sev->reduced_phys_bits) < 0)
         goto cleanup;
=20
+    if (virTypedParamsAddUInt(&sevParams, &n, &maxpar,
+                    VIR_NODE_SEV_MAX_GUESTS,
+                    sev->max_guests) < 0)
+        goto cleanup;
+
+    if (virTypedParamsAddUInt(&sevParams, &n, &maxpar,
+                    VIR_NODE_SEV_MAX_ES_GUESTS,
+                    sev->max_es_guests) < 0)
+        goto cleanup;
+
     *params =3D g_steal_pointer(&sevParams);
     *nparams =3D n;
     return 0;
diff --git a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml b/tests/domain=
capsdata/qemu_2.12.0-q35.x86_64.xml
index 26816ff066..6956f9af07 100644
--- a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml
@@ -205,7 +205,7 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
-      <maxGuests>0</maxGuests>
+      <maxGuests>15</maxGuests>
       <maxESGuests>0</maxESGuests>
     </sev>
   </features>
diff --git a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml b/tests/domain=
capsdata/qemu_2.12.0-tcg.x86_64.xml
index 5840a8b921..c6408d154c 100644
--- a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml
@@ -215,7 +215,7 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
-      <maxGuests>0</maxGuests>
+      <maxGuests>15</maxGuests>
       <maxESGuests>0</maxESGuests>
     </sev>
   </features>
diff --git a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml b/tests/domaincaps=
data/qemu_2.12.0.x86_64.xml
index 21d1b6946e..918439e4a0 100644
--- a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml
@@ -205,7 +205,7 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
-      <maxGuests>0</maxGuests>
+      <maxGuests>15</maxGuests>
       <maxESGuests>0</maxESGuests>
     </sev>
   </features>
diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_6.0.0-q35.x86_64.xml
index 3415d44019..8733b79a31 100644
--- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
@@ -227,7 +227,7 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
-      <maxGuests>0</maxGuests>
+      <maxGuests>15</maxGuests>
       <maxESGuests>0</maxESGuests>
     </sev>
   </features>
diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_6.0.0-tcg.x86_64.xml
index f58be3af6c..0382bdaf5a 100644
--- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
@@ -233,7 +233,7 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
-      <maxGuests>0</maxGuests>
+      <maxGuests>15</maxGuests>
       <maxESGuests>0</maxESGuests>
     </sev>
   </features>
diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_6.0.0.x86_64.xml
index 0a2615c519..30ea787a75 100644
--- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
@@ -227,7 +227,7 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
-      <maxGuests>0</maxGuests>
+      <maxGuests>15</maxGuests>
       <maxESGuests>0</maxESGuests>
     </sev>
   </features>
--=20
2.33.1

From nobody Thu May  2 10:21:36 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639136332; cv=none;
	d=zohomail.com; s=zohoarc;
	b=gyZgX9VeG//tsF8Gd1mA61j6HUzTSgjtks57JXPmCoQDuUstA5lgPsOB9AC5vgT5mtrxurKobJpKI9gBMn0Ou8CjTBOjbFkzi2TITrbs1ZYvjMc/H2MEsEQ/uwEgth/myEnsBVFeSgKHBgjEOA6P1uFY2aW66hQ4kifg9HaoiG8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639136332;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=/fP87B0taPQIXPzBfv8DFQmd8OOcqhhuSx2iuSJZjHk=;
	b=fpdObEh35FYLQwp5Q78C5eyptetfqDMRRyUtS3LDWWYZWX60r4VJZKEBIp9JEMmgOOE/PYvkYW1wMtf8Tx2gTpT4GcR+Jm3uR7zYCP29pu/pT5/ll3aPIhLdMIGiyFet1wWb+luNCS2B+nUDdljFb5YIstIIOJxwyqz/R2wvVFU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1639136332033171.25169960579683;
 Fri, 10 Dec 2021 03:38:52 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-490-9tMB-Ae6MgWD8V2Ff96Kiw-1; Fri, 10 Dec 2021 06:38:47 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0D4A5100C61A;
	Fri, 10 Dec 2021 11:38:43 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id E414622E04;
	Fri, 10 Dec 2021 11:38:42 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id B9A321806D2B;
	Fri, 10 Dec 2021 11:38:42 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BABcekb020725 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 06:38:40 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 98EE05F4E7; Fri, 10 Dec 2021 11:38:40 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id BEF685BE18;
	Fri, 10 Dec 2021 11:38:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639136331;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=/fP87B0taPQIXPzBfv8DFQmd8OOcqhhuSx2iuSJZjHk=;
	b=L+4ssyUQXiQBZVfwe8gSELyrFIszaOZgY6y8ZAI7+47bbzupyQ18d7IFAqTT1F7D59z0/4
	ELhtX6BgdX8tPrhwU30VQearOR+pLn55RnSaJmVkr/mG3TN0EbIv4GWT9XAbuFmegyLN/T
	NFIwbKqQHFjuCEoyEbG2qZgnigAKwAA=
X-MC-Unique: 9tMB-Ae6MgWD8V2Ff96Kiw-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v2 10/12] conf: add support for setting SEV kernel
	hashes
Date: Fri, 10 Dec 2021 11:37:33 +0000
Message-Id: <20211210113735.2857076-11-berrange@redhat.com>
In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com>
References: <20211210113735.2857076-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639136333529100007

Normally the SEV measurement only covers the firmware
loader contents. When doing a direct kernel boot, however,
with new enough OVMF it is possible to ask for the
measurement to cover the kernel, ramdisk and command line.

It can't be done automatically as that would break existing
guests using direct kernel boot with old firmware, so there
is a new XML setting allowing this behaviour to be toggled.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 docs/formatdomain.rst         | 7 ++++++-
 docs/schemas/domaincommon.rng | 5 +++++
 src/conf/domain_conf.c        | 8 ++++++++
 src/conf/domain_conf.h        | 1 +
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index eb8c973cf1..c6e1f2226a 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -8191,7 +8191,7 @@ spec <https://support.amd.com/TechDocs/55766_SEV-KM_A=
PI_Specification.pdf>`__
=20
    <domain>
      ...
-     <launchSecurity type=3D'sev'>
+     <launchSecurity type=3D'sev' kernelHashes=3D'yes'>
        <policy>0x0001</policy>
        <cbitpos>47</cbitpos>
        <reducedPhysBits>1</reducedPhysBits>
@@ -8201,6 +8201,11 @@ spec <https://support.amd.com/TechDocs/55766_SEV-KM_=
API_Specification.pdf>`__
      ...
    </domain>
=20
+``kernelHashes``
+   The optional ``kernelHashes`` attribute indicates whether the
+   hashes of the kernel, ramdisk and command line should be included
+   in the measurement done by the firmware. This is only valid if
+   using direct kernel boot. :since:`Since 8.0.0`
 ``cbitpos``
    The required ``cbitpos`` element provides the C-bit (aka encryption bit)
    location in guest page table entry. The value of ``cbitpos`` is hypervi=
sor
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index f01b7a6470..8fe6134935 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -499,6 +499,11 @@
     <attribute name=3D"type">
       <value>sev</value>
     </attribute>
+    <optional>
+      <attribute name=3D"kernelHashes">
+        <ref name=3D"virYesNo"/>
+      </attribute>
+    </optional>
     <interleave>
       <optional>
         <element name=3D"cbitpos">
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 107d2a4f5d..86cd124c4a 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -14793,6 +14793,10 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
     unsigned long policy;
     int rc;
=20
+    if (virXMLPropTristateBool(ctxt->node, "kernelHashes", VIR_XML_PROP_NO=
NE,
+                               &def->kernel_hashes) < 0)
+        return -1;
+
     if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) {
         virReportError(VIR_ERR_XML_ERROR, "%s",
                        _("failed to get launch security policy"));
@@ -27056,6 +27060,10 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSec=
Def *sec)
     case VIR_DOMAIN_LAUNCH_SECURITY_SEV: {
         virDomainSEVDef *sev =3D &sec->data.sev;
=20
+        if (sev->kernel_hashes !=3D VIR_TRISTATE_BOOL_ABSENT)
+            virBufferAsprintf(&attrBuf, " kernelHashes=3D'%s'",
+                              virTristateBoolTypeToString(sev->kernel_hash=
es));
+
         if (sev->haveCbitpos)
             virBufferAsprintf(&childBuf, "<cbitpos>%d</cbitpos>\n", sev->c=
bitpos);
=20
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index c0c07ea6ba..8e576c00f8 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2692,6 +2692,7 @@ struct _virDomainSEVDef {
     unsigned int cbitpos;
     bool haveReducedPhysBits;
     unsigned int reduced_phys_bits;
+    virTristateBool kernel_hashes;
 };
=20
 struct _virDomainSecDef {
--=20
2.33.1

From nobody Thu May  2 10:21:36 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639136367; cv=none;
	d=zohomail.com; s=zohoarc;
	b=KbUF16XqsrsOwB/2H/KvlpSdhLgFAnJ3/GLKV4SDx/IMcJx7L+cHNBjZk2kIh2uABqgBsZZeF2SGZDvwYG54t0INmmkJUiG1POh+dlUwZ95eypahnDlev1sFHbgC9mpemm2muqMCbfBh7umAOtIPsy/T/H/eiGX9N/WF4GwYAQY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639136367;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=OTl4sd8mMe8r0FxmP2cI6h+tq48s7tUcm0bfVFGgWFs=;
	b=Iyr28xLqMkNvKiNXeeWZBJELIDAIyq4bpPAuGhKQyGuvEsuTqSTCbYYpleLupdxurCS/DM7eGxInDR1SEHDWNnOdHdJRb9gvBO77OSX58Xmo/6zfqLXOKvtGpAhiHyGdDWsOcCEvv1/1QGUw9UEaUJEHmT4l02uxOcorQDgeZvU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1639136367455606.7262292784678;
 Fri, 10 Dec 2021 03:39:27 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-372--ZsC34WrMIC_xYamVLpFTg-1; Fri, 10 Dec 2021 06:39:24 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7BDE1801B35;
	Fri, 10 Dec 2021 11:39:20 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5B05118035;
	Fri, 10 Dec 2021 11:39:20 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2AC234A716;
	Fri, 10 Dec 2021 11:39:20 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BABcgHs020745 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 06:38:42 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 5D0075BE2A; Fri, 10 Dec 2021 11:38:42 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 0E96F5BE18;
	Fri, 10 Dec 2021 11:38:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639136366;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=OTl4sd8mMe8r0FxmP2cI6h+tq48s7tUcm0bfVFGgWFs=;
	b=UQvMrMoPo57Nh6XJnMx2HBZSBj+L5ledYNcl1NGgJJxhSUWXygkYAR4wkJM/UPtPqrrhMQ
	zeHZNRqIKeGC4Bfw5xDcHDDtrxtGc72qeTnBbrOYjAlrqv0iB6RM4XuBoHckFmhQlDULT5
	AMr4HFUyFe7XdJhxwmeK3yy+YhiQQnQ=
X-MC-Unique: -ZsC34WrMIC_xYamVLpFTg-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v2 11/12] qemu: probe for sev-guest.kernel-hashes
	property
Date: Fri, 10 Dec 2021 11:37:34 +0000
Message-Id: <20211210113735.2857076-12-berrange@redhat.com>
In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com>
References: <20211210113735.2857076-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639136368539100001

This sev-guest object property indicates whether QEMU should
expose the kernel, ramdisk, cmdline hashes to the firmware
for measurement.

The 6.2.0 capabilities are hacked to look as if they were
generated with sev-guest support.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_capabilities.c                  |   8 ++
 src/qemu/qemu_capabilities.h                  |   1 +
 .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml  |   7 +-
 .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml  |   7 +-
 tests/domaincapsdata/qemu_6.2.0.x86_64.xml    |   7 +-
 .../caps_2.12.0.x86_64.replies                |  97 ++++++++++++----
 .../caps_3.0.0.x86_64.replies                 |  97 ++++++++++++----
 .../caps_3.1.0.x86_64.replies                 |  97 ++++++++++++----
 .../caps_4.0.0.x86_64.replies                 |  97 ++++++++++++----
 .../caps_4.1.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_4.2.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_5.0.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_5.1.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_5.2.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_6.0.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_6.1.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_6.2.0.x86_64.replies                 | 109 ++++++++++++++----
 .../caps_6.2.0.x86_64.xml                     |   8 ++
 18 files changed, 895 insertions(+), 263 deletions(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 456ce1b72e..fbcb67713e 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -652,6 +652,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
               "device.json", /* QEMU_CAPS_DEVICE_JSON */
               "query-dirty-rate", /* QEMU_CAPS_QUERY_DIRTY_RATE */
               "rbd-encryption", /* QEMU_CAPS_RBD_ENCRYPTION */
+              "sev-guest-kernel-hashes", /* QEMU_CAPS_SEV_GUEST_KERNEL_HAS=
HES */
     );
=20
=20
@@ -1718,6 +1719,10 @@ static struct virQEMUCapsStringFlags virQEMUCapsObje=
ctPropsMaxCPU[] =3D {
     { "migratable", QEMU_CAPS_CPU_MIGRATABLE },
 };
=20
+static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsSEVGuest[] =3D {
+    { "kernel-hashes", QEMU_CAPS_SEV_GUEST_KERNEL_HASHES },
+};
+
 static virQEMUCapsObjectTypeProps virQEMUCapsObjectProps[] =3D {
     { "memory-backend-file", virQEMUCapsObjectPropsMemoryBackendFile,
       G_N_ELEMENTS(virQEMUCapsObjectPropsMemoryBackendFile),
@@ -1731,6 +1736,9 @@ static virQEMUCapsObjectTypeProps virQEMUCapsObjectPr=
ops[] =3D {
     { "max-arm-cpu", virQEMUCapsObjectPropsMaxCPU,
       G_N_ELEMENTS(virQEMUCapsObjectPropsMaxCPU),
       QEMU_CAPS_ARM_MAX_CPU },
+    { "sev-guest", virQEMUCapsObjectPropsSEVGuest,
+      G_N_ELEMENTS(virQEMUCapsObjectPropsSEVGuest),
+      QEMU_CAPS_SEV_GUEST },
 };
=20
 static struct virQEMUCapsStringFlags virQEMUCapsMachinePropsPSeries[] =3D {
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 716e09123c..aaac20a834 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -631,6 +631,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
     QEMU_CAPS_DEVICE_JSON, /* -device accepts JSON */
     QEMU_CAPS_QUERY_DIRTY_RATE, /* accepts query-dirty-rate */
     QEMU_CAPS_RBD_ENCRYPTION, /* Ceph RBD encryption support */
+    QEMU_CAPS_SEV_GUEST_KERNEL_HASHES, /* sev-guest.kernel-hashes=3D */
=20
     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
diff --git a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_6.2.0-q35.x86_64.xml
index 9d68c0a404..28d4f38fef 100644
--- a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
@@ -225,6 +225,11 @@
     <genid supported=3D'yes'/>
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
-    <sev supported=3D'no'/>
+    <sev supported=3D'yes'>
+      <cbitpos>47</cbitpos>
+      <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>15</maxGuests>
+      <maxESGuests>0</maxESGuests>
+    </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_6.2.0-tcg.x86_64.xml
index 8db840faac..711a77ccd1 100644
--- a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
@@ -231,6 +231,11 @@
     <genid supported=3D'yes'/>
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
-    <sev supported=3D'no'/>
+    <sev supported=3D'yes'>
+      <cbitpos>47</cbitpos>
+      <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>15</maxGuests>
+      <maxESGuests>0</maxESGuests>
+    </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_6.2.0.x86_64.xml
index 0f89790b60..b0fb1e11cd 100644
--- a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
@@ -225,6 +225,11 @@
     <genid supported=3D'yes'/>
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
-    <sev supported=3D'no'/>
+    <sev supported=3D'yes'>
+      <cbitpos>47</cbitpos>
+      <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>15</maxGuests>
+      <maxESGuests>0</maxESGuests>
+    </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies b/tests/=
qemucapabilitiesdata/caps_2.12.0.x86_64.replies
index 5fefbc64ab..c5bdd5398b 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies
@@ -17361,10 +17361,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-40"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-40"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-41"
+}
+
 {
   "return": [
     {
@@ -17561,7 +17610,7 @@
       "cpu-max": 255
     }
   ],
-  "id": "libvirt-40"
+  "id": "libvirt-41"
 }
=20
 {
@@ -17569,7 +17618,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -17674,12 +17723,12 @@
       "type": "string"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -18193,12 +18242,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -18206,12 +18255,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -18219,12 +18268,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -19511,12 +19560,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -19578,12 +19627,12 @@
       "capability": "dirty-bitmaps"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -19593,7 +19642,7 @@
     "cert-chain": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA=
",
     "pdh": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAA=
OAAA"
   },
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -19604,7 +19653,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -19794,7 +19843,7 @@
       }
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -19986,7 +20035,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -20241,7 +20290,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -20255,7 +20304,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -20445,7 +20494,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -20637,7 +20686,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
@@ -20892,7 +20941,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_3.0.0.x86_64.replies
index a63d1d8118..bc1ff6527d 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.replies
@@ -18035,10 +18035,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
+  "id": "libvirt-40"
+}
+
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
   "id": "libvirt-40"
 }
=20
+{
+  "execute": "query-machines",
+  "id": "libvirt-41"
+}
+
 {
   "return": [
     {
@@ -18245,7 +18294,7 @@
       "cpu-max": 255
     }
   ],
-  "id": "libvirt-40"
+  "id": "libvirt-41"
 }
=20
 {
@@ -18253,7 +18302,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -18358,12 +18407,12 @@
       "type": "string"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -18800,12 +18849,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -18813,12 +18862,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -18826,12 +18875,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -20130,12 +20179,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -20205,16 +20254,16 @@
       "capability": "late-block-activate"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
-  "id": "libvirt-47",
+  "id": "libvirt-48",
   "error": {
     "class": "GenericError",
     "desc": "SEV feature is not available"
@@ -20229,7 +20278,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -20422,7 +20471,7 @@
       }
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -20617,7 +20666,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -20880,7 +20929,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -20894,7 +20943,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -21087,7 +21136,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -21282,7 +21331,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
@@ -21545,7 +21594,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_3.1.0.x86_64.replies
index d021745a06..8bec154b10 100644
--- a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.replies
@@ -18452,10 +18452,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
+  "id": "libvirt-40"
+}
+
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
   "id": "libvirt-40"
 }
=20
+{
+  "execute": "query-machines",
+  "id": "libvirt-41"
+}
+
 {
   "return": [
     {
@@ -18672,7 +18721,7 @@
       "cpu-max": 255
     }
   ],
-  "id": "libvirt-40"
+  "id": "libvirt-41"
 }
=20
 {
@@ -18680,7 +18729,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -18785,12 +18834,12 @@
       "type": "int"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -19309,12 +19358,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -19322,12 +19371,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -19335,12 +19384,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -20614,12 +20663,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -20689,16 +20738,16 @@
       "capability": "late-block-activate"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
-  "id": "libvirt-47",
+  "id": "libvirt-48",
   "error": {
     "class": "GenericError",
     "desc": "SEV feature is not available"
@@ -20713,7 +20762,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -20915,7 +20964,7 @@
       }
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -21119,7 +21168,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -21394,7 +21443,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -21408,7 +21457,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -21610,7 +21659,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -21814,7 +21863,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
@@ -22089,7 +22138,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_4.0.0.x86_64.replies
index 5de9457eed..8a44f5e24a 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.replies
@@ -18981,10 +18981,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
+  "id": "libvirt-40"
+}
+
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
   "id": "libvirt-40"
 }
=20
+{
+  "execute": "query-machines",
+  "id": "libvirt-41"
+}
+
 {
   "return": [
     {
@@ -19201,7 +19250,7 @@
       "alias": "q35"
     }
   ],
-  "id": "libvirt-40"
+  "id": "libvirt-41"
 }
=20
 {
@@ -19209,7 +19258,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -19314,12 +19363,12 @@
       "type": "bool"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -19836,12 +19885,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -19849,12 +19898,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -19862,12 +19911,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -21149,12 +21198,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -21228,16 +21277,16 @@
       "capability": "x-ignore-shared"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
-  "id": "libvirt-47",
+  "id": "libvirt-48",
   "error": {
     "class": "GenericError",
     "desc": "SEV feature is not available"
@@ -21252,7 +21301,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -21456,7 +21505,7 @@
       }
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -21662,7 +21711,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -21941,7 +21990,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -21955,7 +22004,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -22159,7 +22208,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -22365,7 +22414,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
@@ -22644,7 +22693,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_4.1.0.x86_64.replies
index 0dadabf948..7d5ef93f16 100644
--- a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.replies
@@ -19441,10 +19441,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-40"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-40"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-41"
+}
+
 {
   "return": [
     {
@@ -19766,7 +19815,7 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-40"
+  "id": "libvirt-41"
 }
=20
 {
@@ -19774,7 +19823,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -19879,12 +19928,12 @@
       "type": "bool"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -21029,12 +21078,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -21042,12 +21091,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -21055,12 +21104,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -22334,12 +22383,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -22413,16 +22462,16 @@
       "capability": "x-ignore-shared"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
-  "id": "libvirt-47",
+  "id": "libvirt-48",
   "error": {
     "class": "GenericError",
     "desc": "SEV feature is not available"
@@ -22437,7 +22486,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -22645,7 +22694,7 @@
       }
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -22659,7 +22708,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -22867,7 +22916,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_4.2.0.x86_64.replies
index cd7a5c345c..e7aae333ec 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.replies
@@ -20483,10 +20483,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -20876,7 +20925,7 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -20884,7 +20933,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -20989,12 +21038,12 @@
       "type": "bool"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -22377,12 +22426,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -22390,12 +22439,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -22403,12 +22452,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -23694,12 +23743,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -23777,16 +23826,16 @@
       "capability": "validate-uuid"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
-  "id": "libvirt-48",
+  "id": "libvirt-49",
   "error": {
     "class": "GenericError",
     "desc": "SEV feature is not available"
@@ -23801,7 +23850,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -24103,7 +24152,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -24117,7 +24166,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -24419,7 +24468,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_5.0.0.x86_64.replies
index ad6ee05ba6..7657e7047d 100644
--- a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.replies
@@ -21808,10 +21808,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -22185,7 +22234,7 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -22193,7 +22242,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -22283,12 +22332,12 @@
       "type": "string"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -23833,12 +23882,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -23846,12 +23895,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -23859,12 +23908,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -25140,12 +25189,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -25223,16 +25272,16 @@
       "capability": "validate-uuid"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
-  "id": "libvirt-48",
+  "id": "libvirt-49",
   "error": {
     "class": "GenericError",
     "desc": "SEV feature is not available"
@@ -25247,7 +25296,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -25550,7 +25599,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -25564,7 +25613,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -25867,7 +25916,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_5.1.0.x86_64.replies
index b8f3c79026..82f6de7e7e 100644
--- a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.replies
@@ -22375,10 +22375,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -22768,7 +22817,7 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -22776,7 +22825,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -22866,12 +22915,12 @@
       "type": "string"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -24573,12 +24622,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -24586,12 +24635,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -24599,12 +24648,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -25899,12 +25948,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -25982,16 +26031,16 @@
       "capability": "validate-uuid"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
-  "id": "libvirt-48",
+  "id": "libvirt-49",
   "error": {
     "class": "GenericError",
     "desc": "SEV is not enabled in KVM"
@@ -26006,7 +26055,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -26314,7 +26363,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -26328,7 +26377,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -26636,7 +26685,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_5.2.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_5.2.0.x86_64.replies
index 54d8db5904..89f0270e27 100644
--- a/tests/qemucapabilitiesdata/caps_5.2.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_5.2.0.x86_64.replies
@@ -22982,10 +22982,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -23441,7 +23490,7 @@
       "default-ram-id": "pc.ram"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -23449,7 +23498,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -23534,12 +23583,12 @@
       "type": "string"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -25364,12 +25413,12 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -25377,12 +25426,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -25390,12 +25439,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -26690,12 +26739,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -26773,16 +26822,16 @@
       "capability": "validate-uuid"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
-  "id": "libvirt-48",
+  "id": "libvirt-49",
   "error": {
     "class": "GenericError",
     "desc": "SEV is not enabled in KVM"
@@ -26797,7 +26846,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -27106,7 +27155,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -27120,7 +27169,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -27429,7 +27478,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_6.0.0.x86_64.replies
index 986bb56630..6cda5538a5 100644
--- a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.replies
@@ -24796,10 +24796,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -25244,7 +25293,7 @@
       "default-ram-id": "pc.ram"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -25252,7 +25301,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -25350,12 +25399,12 @@
       "type": "child<container>"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -27223,12 +27272,12 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -27236,12 +27285,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -27249,12 +27298,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -28573,12 +28622,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -28660,12 +28709,12 @@
       "capability": "background-snapshot"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -28675,7 +28724,7 @@
     "cert-chain": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA=
",
     "pdh": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAA=
OAAA"
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -28686,7 +28735,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -29007,7 +29056,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -29021,7 +29070,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -29342,7 +29391,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_6.1.0.x86_64.replies
index 92feb723e6..694f0c64b2 100644
--- a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.replies
@@ -25060,10 +25060,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -25526,7 +25575,7 @@
       "default-ram-id": "pc.ram"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -25534,7 +25583,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -25637,12 +25686,12 @@
       "type": "child<container>"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -27699,12 +27748,12 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -27712,12 +27761,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -27725,12 +27774,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -29062,12 +29111,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -29149,16 +29198,16 @@
       "capability": "background-snapshot"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
-  "id": "libvirt-48",
+  "id": "libvirt-49",
   "error": {
     "class": "GenericError",
     "desc": "Failed to open /dev/sev: No such file or directory"
@@ -29173,7 +29222,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -29496,7 +29545,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -29510,7 +29559,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -29833,7 +29882,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_6.2.0.x86_64.replies
index 69d3b1b12a..71f325f921 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies
@@ -13315,6 +13315,11 @@
         {
           "name": "reduced-phys-bits",
           "type": "int"
+        },
+        {
+          "name": "kernel-hashes",
+          "default": null,
+          "type": "bool"
         }
       ],
       "meta-type": "object"
@@ -28022,10 +28027,64 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "kernel-hashes",
+      "description": "add kernel hashes to guest firmware for measured Lin=
ux boot",
+      "type": "bool"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -28506,7 +28565,7 @@
       "default-ram-id": "pc.ram"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -28514,7 +28573,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -28617,12 +28676,12 @@
       "type": "child<container>"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -30692,12 +30751,12 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -30705,12 +30764,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -30718,12 +30777,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -32055,12 +32114,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -32142,20 +32201,22 @@
       "capability": "background-snapshot"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
-  "id": "libvirt-48",
-  "error": {
-    "class": "GenericError",
-    "desc": "SEV: Failed to open /dev/sev: No such file or directory"
-  }
+  "return": {
+    "reduced-phys-bits": 1,
+    "cbitpos": 47,
+    "cert-chain": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA=
",
+    "pdh": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAA=
OAAA"
+  },
+  "id": "libvirt-49"
 }
=20
 {
@@ -32166,7 +32227,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -32499,7 +32560,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -32513,7 +32574,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -32846,7 +32907,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_6.2.0.x86_64.xml
index 39179916c5..73ab031931 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
@@ -154,6 +154,7 @@
   <flag name=3D'tpm-emulator'/>
   <flag name=3D'mch'/>
   <flag name=3D'mch.extended-tseg-mbytes'/>
+  <flag name=3D'sev-guest'/>
   <flag name=3D'usb-storage.werror'/>
   <flag name=3D'egl-headless'/>
   <flag name=3D'vfio-pci.display'/>
@@ -240,6 +241,7 @@
   <flag name=3D'device.json'/>
   <flag name=3D'query-dirty-rate'/>
   <flag name=3D'rbd-encryption'/>
+  <flag name=3D'sev-guest-kernel-hashes'/>
   <version>6001050</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100244</microcodeVersion>
@@ -3710,4 +3712,10 @@
   <machine type=3D'tcg' name=3D'pc-q35-2.5' hotplugCpus=3D'yes' maxCpus=3D=
'255' defaultCPU=3D'qemu64-x86_64-cpu' numaMemSupported=3D'yes' defaultRAMi=
d=3D'pc.ram'/>
   <machine type=3D'tcg' name=3D'pc-i440fx-3.0' hotplugCpus=3D'yes' maxCpus=
=3D'255' defaultCPU=3D'qemu64-x86_64-cpu' numaMemSupported=3D'yes' defaultR=
AMid=3D'pc.ram'/>
   <machine type=3D'tcg' name=3D'pc-q35-2.11' hotplugCpus=3D'yes' maxCpus=
=3D'288' defaultCPU=3D'qemu64-x86_64-cpu' numaMemSupported=3D'yes' defaultR=
AMid=3D'pc.ram'/>
+  <sev>
+    <cbitpos>47</cbitpos>
+    <reducedPhysBits>1</reducedPhysBits>
+    <pdh>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAA=
A</pdh>
+    <certChain>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</ce=
rtChain>
+  </sev>
 </qemuCaps>
--=20
2.33.1

From nobody Thu May  2 10:21:36 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639136372; cv=none;
	d=zohomail.com; s=zohoarc;
	b=HB1vMAPOPazs3A5ahC1HxsvOw8PaZA6UN2vsezxEKLDRsJhyCbsdZk26AT6+q4/5QcBvu4hTbNkD3hdDPob7ELb328/8HqlZizug61bcoD4r3dZgo6nmoPXOa2dp0jleyMHetm+pHWs1jCXl+HsQVGRUhVVu/BB/TCNk9bhTaRQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639136372;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=WhS6IuqQ8zcmixQwrq+ZlPzcjUK6usYxMHGi1ARq2Wk=;
	b=Npwpo0xs5YeAVxuQA2P9AtEWKfdhHn7cUi5tfP+uEJkS4/wiN5tOCU8Tv9yUDk6UvSVMEhPT4BVp1qmL5tZFg2MbYSy8g4i17x2/53uZW7LR27WxSk3yOF5brzKB/qwnmEpRisK9/wSPWHmWeegmOdWUMb7sYj4X3mBmjGAzwjs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 163913637232030.586457304109103;
 Fri, 10 Dec 2021 03:39:32 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-376-mzJDdus_OWaM_v0vOjrwJQ-1; Fri, 10 Dec 2021 06:39:27 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 69F2B801B0F;
	Fri, 10 Dec 2021 11:39:23 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 4CD2C6107F;
	Fri, 10 Dec 2021 11:39:23 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 22CFB1802FE9;
	Fri, 10 Dec 2021 11:39:23 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BABchPU020755 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 06:38:43 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 98E475BE2A; Fri, 10 Dec 2021 11:38:43 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id C202A5BE1C;
	Fri, 10 Dec 2021 11:38:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639136371;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=WhS6IuqQ8zcmixQwrq+ZlPzcjUK6usYxMHGi1ARq2Wk=;
	b=CVPypXjjrGXRIjcZOd32jLoUt7p7FNKCrhjvsDmrrgfc+nj35VV4sYBCZk+G+r6VBO96m8
	/Id+uqH1ZvylfzTy07qI4KGJK2lTYySYE/q1HhkEc0jduaqUd8Bem0xI+uyuQ3PEtz16j7
	W7FgGs571NfrvcF+J7Pdcdw0lKxsufs=
X-MC-Unique: mzJDdus_OWaM_v0vOjrwJQ-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v2 12/12] qemu: format sev-guest.kernel-hashes
 property
Date: Fri, 10 Dec 2021 11:37:35 +0000
Message-Id: <20211210113735.2857076-13-berrange@redhat.com>
In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com>
References: <20211210113735.2857076-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639136373094100001

Set the kernel-hashes property on the sev-guest object if
the config asked for it explicitly. While QEMU machine
types currently default to having this setting off, it
is not guaranteed to remain this way.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_command.c                       |  7 ++++
 src/qemu/qemu_validate.c                      |  8 ++++
 ...unch-security-sev-direct.x86_64-6.2.0.args | 40 +++++++++++++++++++
 .../launch-security-sev-direct.xml            | 39 ++++++++++++++++++
 tests/qemuxml2argvtest.c                      |  1 +
 5 files changed, 95 insertions(+)
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.x86_6=
4-6.2.0.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.xml

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index c47998aabd..6999afe5aa 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -10112,6 +10112,13 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virComma=
nd *cmd,
                                      NULL) < 0)
         return -1;
=20
+    if (sev->kernel_hashes !=3D VIR_TRISTATE_BOOL_ABSENT) {
+        bool val;
+        virTristateBoolToBool(sev->kernel_hashes, &val);
+        if (virJSONValueObjectAppendBoolean(props, "kernel-hashes", val) <=
 0)
+            return -1;
+    }
+
     if (qemuBuildObjectCommandlineFromJSON(cmd, props, priv->qemuCaps) < 0)
         return -1;
=20
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 29b01495ad..0150b0f082 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1200,6 +1200,14 @@ qemuValidateDomainDef(const virDomainDef *def,
                                  "this QEMU binary"));
                 return -1;
             }
+
+            if (def->sec->data.sev.kernel_hashes =3D=3D VIR_TRISTATE_BOOL_=
YES &&
+                !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST_KERNEL_HASHE=
S)) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("SEV launch security measured direct kern=
el "
+                                 "boot is not supported with this QEMU bin=
ary"));
+                return -1;
+            }
             break;
         case VIR_DOMAIN_LAUNCH_SECURITY_PV:
             if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GU=
EST_SUPPORT) ||
diff --git a/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-6.2.0=
.args b/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-6.2.0.args
new file mode 100644
index 0000000000..0062faa06c
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-6.2.0.args
@@ -0,0 +1,40 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/tmp/lib/domain--1-QEMUGuest1 \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3DQEMUGuest1,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm=
p/lib/domain--1-QEMUGuest1/master-key.aes"}' \
+-machine pc-i440fx-6.2,usb=3Doff,dump-guest-core=3Doff,confidential-guest-=
support=3Dlsec0,memory-backend=3Dpc.ram \
+-accel kvm \
+-cpu qemu64 \
+-m 214 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}'=
 \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-no-acpi \
+-boot strict=3Don \
+-kernel /vmlinuz \
+-initrd /initrd \
+-append runme \
+-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0=
x2"}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","no=
de-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw=
","file":"libvirt-1-storage"}' \
+-device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-form=
at","id":"ide0-0-0","bootindex":1}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":47,"reduced-phys-b=
its":1,"policy":1,"dh-cert-file":"/tmp/lib/domain--1-QEMUGuest1/dh_cert.bas=
e64","session-file":"/tmp/lib/domain--1-QEMUGuest1/session.base64","kernel-=
hashes":true}' \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxml2argvdata/launch-security-sev-direct.xml b/tests/=
qemuxml2argvdata/launch-security-sev-direct.xml
new file mode 100644
index 0000000000..80ce6412dd
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev-direct.xml
@@ -0,0 +1,39 @@
+<domain type=3D'kvm'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit=3D'KiB'>219100</memory>
+  <currentMemory unit=3D'KiB'>219100</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc'>hvm</type>
+    <kernel>/vmlinuz</kernel>
+    <initrd>/initrd</initrd>
+    <cmdline>runme</cmdline>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'block' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source dev=3D'/dev/HostVG/QEMUGuest1'/>
+      <target dev=3D'hda' bus=3D'ide'/>
+      <address type=3D'drive' controller=3D'0' bus=3D'0' target=3D'0' unit=
=3D'0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'/>
+    <controller type=3D'ide' index=3D'0'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <memballoon model=3D'none'/>
+  </devices>
+  <launchSecurity type=3D'sev' kernelHashes=3D'yes'>
+    <cbitpos>47</cbitpos>
+    <reducedPhysBits>1</reducedPhysBits>
+    <policy>0x0001</policy>
+    <dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCer=
t>
+    <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
+  </launchSecurity>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 5e4cd7389c..d407a6d03d 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -3309,6 +3309,7 @@ mymain(void)
     DO_TEST_CAPS_VER("launch-security-sev", "2.12.0");
     DO_TEST_CAPS_VER("launch-security-sev", "6.0.0");
     DO_TEST_CAPS_VER("launch-security-sev-missing-platform-info", "2.12.0"=
);
+    DO_TEST_CAPS_VER("launch-security-sev-direct", "6.2.0");
=20
     DO_TEST_CAPS_ARCH_LATEST("launch-security-s390-pv", "s390x");
=20
--=20
2.33.1