From nobody Thu Mar 28 12:32:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1642187287; cv=none; d=zohomail.com; s=zohoarc; b=SdywqSfBwqgzwopud41qbbF2IeZTlQxKSMJjUWXxrGce+E12W2XkLVBSQspSxxWPFQ3zZnIIRzzm3k40BaNtAX6Z6vLix75CPc6nGDcywe2zJI6Og1e+bdeQrJ0/akmMRzxSBTOSToptQlhL+2roPvTgjcJ7lXFCdKujZFnwSpI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1642187287; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=KOf9Ps7zV2zUmhcNV8IAX7N3XdQOrRkKOf+yH24Cucg=; b=P6W1orlkIUtb++Ib6/gTuNYtPqOS7w77LeFGRp5voLc/pUfXEUR7wSxpvW0qt7wapZNn1gujyT8nfGKiO9dVQ83ZPnhdnLfGuQnIbpaN0lF98iBNkyEzVM2+c+aEgj82TKbNVkFHmXjmZiVc8+EqB5lDvjCo4D/M2a1t/OtikKA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1642187287765298.9045257234328; Fri, 14 Jan 2022 11:08:07 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-644-EtkpjLijNHG08nD6_TexMA-1; Fri, 14 Jan 2022 14:08:03 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5C5BB61265; Fri, 14 Jan 2022 19:07:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 396FE5DB80; Fri, 14 Jan 2022 19:07:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0B9914A7C8; Fri, 14 Jan 2022 19:07:58 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 20EJ7vSr023158 for ; Fri, 14 Jan 2022 14:07:57 -0500 Received: by smtp.corp.redhat.com (Postfix) id 06E161002390; Fri, 14 Jan 2022 19:07:57 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.131]) by smtp.corp.redhat.com (Postfix) with ESMTP id 34A151001F4D; Fri, 14 Jan 2022 19:07:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1642187286; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=KOf9Ps7zV2zUmhcNV8IAX7N3XdQOrRkKOf+yH24Cucg=; b=TW6IfwkliV5TiS0DUnfoUXtLCgkFjCrzaZnKKnVkpNbd/altCdSOKvW/QKCj6wj0eqMGM5 PVKqJUtTwgwoumKIaJpXKAsE32ljxHQ5oLW5YUp+oquEdgKmFn3jvOR3BoafzHtLy7YTB8 PEGfF8eHiCnY5N7T8DZRsZbr6+dXtsc= X-MC-Unique: EtkpjLijNHG08nD6_TexMA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 1/5] docs: explain that some UEFI images can use 'rom' instead of 'pflash' Date: Fri, 14 Jan 2022 19:07:11 +0000 Message-Id: <20220114190715.128033-2-berrange@redhat.com> In-Reply-To: <20220114190715.128033-1-berrange@redhat.com> References: <20220114190715.128033-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1642187288204100001 The normal requirements for UEFI firmware images are to support persistence of variables, either in the main image, or more typically in a separate NVRAM file. In a confidential computing environment, however, persistence of variables can cause trust issues and prevent measurement of the firmware during boot up. For these scenarios some UEFI images will disable persistence of variables. To use such images the loader type must be set to 'rom' instead of 'pflash'. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Erik Skultety --- docs/formatdomain.rst | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index c0b2d935f3..cd818c1ded 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -214,10 +214,14 @@ harddisk, cdrom, network) determining where to obtain= /find the boot image. the fact that the image should be writable or read-only. The second att= ribute ``type`` accepts values ``rom`` and ``pflash``. It tells the hypervisor= where in the guest memory the file should be mapped. For instance, if the loa= der - path points to an UEFI image, ``type`` should be ``pflash``. Moreover, = some - firmwares may implement the Secure boot feature. Attribute ``secure`` c= an be - used to tell the hypervisor that the firmware is capable of Secure Boot= feature. - It cannot be used to enable or disable the feature itself in the firmwa= re. + path points to an UEFI image, ``type`` would normally be ``pflash`` to + enable support for persistence of firmware variables. Moreover, some + firmwares may implement the Secure boot feature. Some UEFI images inten= ded + for use with confidential computing environments like AMD SEV will disa= ble + persistence of variables, and would thus require ``type`` to be ``rom``. + Attribute ``secure`` can be used to tell the hypervisor that the firmwa= re + is capable of Secure Boot feature. It cannot be used to enable or disab= le + the feature itself in the firmware. :since:`Since 2.1.0` ``nvram`` Some UEFI firmwares may want to use a non-volatile memory to store some --=20 2.33.1 From nobody Thu Mar 28 12:32:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1642187295; cv=none; d=zohomail.com; s=zohoarc; b=YIDLL2dB9np/WSZaDTaOMcZG6G7/jzdHQJczPdtNHWyDyWb+a+KQm0LinIcWIDJ+IEZEEg0/QG8iPaQyyZlm4DI8xtgrZyUBUFL5jgyI49DcqRd0n/mhRfHdEYQ0M3cXrkJCKzwMhaueampr0/PXAmByl2fMMhds7XLxeev+ezk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1642187295; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=nYX+aVC+KbZQEuVguy96R+nFyyrUckYFpRn466OyJDs=; b=EQ3s6zKETVQmZiOqaCwT5NGg2rzbXSXSB+OVjeDJZOQ56WfB+S1tliWUgxv6ix5aVbE/6JPeIjWx+QcCjMjTBzeVMN1ZGcTdd8tK6KqINxQnl+dIA/6KWw6gFb3O3QRwdyV/348H0IErn4VJBh8vNzNBXXSWMM2bZ8ClGUXU3Jg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1642187295152632.1134107365958; Fri, 14 Jan 2022 11:08:15 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-587-_5HQ2Zt2NteiIVPGg-h-0Q-1; Fri, 14 Jan 2022 14:08:12 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8805C835E20; Fri, 14 Jan 2022 19:08:04 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 64AFD2B88B; Fri, 14 Jan 2022 19:08:04 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 35D094A7C9; Fri, 14 Jan 2022 19:08:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 20EJ83ci023169 for ; Fri, 14 Jan 2022 14:08:03 -0500 Received: by smtp.corp.redhat.com (Postfix) id 286F21000324; Fri, 14 Jan 2022 19:08:03 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.131]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4A0671002388; Fri, 14 Jan 2022 19:07:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1642187294; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=nYX+aVC+KbZQEuVguy96R+nFyyrUckYFpRn466OyJDs=; b=BDBJxnaoXe+3gSaA6+nOrs//RqYuiW8I3eBrI2viDRo60AFFblCF5sVUcFeIP5+F1OetUC kSIzuMPCDrbnOwt2TmVDQfCmvYL1WYF5uqk/ail2kpxhnbujRn3m4l3lSzRb8dXMivmYPg xnxFLKlyuFv8ZGPpQtmFQrsIFzSW2gU= X-MC-Unique: _5HQ2Zt2NteiIVPGg-h-0Q-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 2/5] conf: parse loader 'type' even when doing firmware auto select Date: Fri, 14 Jan 2022 19:07:12 +0000 Message-Id: <20220114190715.128033-3-berrange@redhat.com> In-Reply-To: <20220114190715.128033-1-berrange@redhat.com> References: <20220114190715.128033-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1642187295776100001 The loader 'type' is a property that is useful to filter on when selecting firmware. For example, with AMD SEV it is desirable to be able to request selecting of firmware without NVRAM using: Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/formatdomain.rst | 12 ++++++++++++ src/conf/domain_conf.c | 8 ++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index cd818c1ded..3c4ee70835 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -149,6 +149,16 @@ harddisk, cdrom, network) determining where to obtain/= find the boot image. ... =20 + + ... + + hvm + + + + ... + ``firmware`` The ``firmware`` attribute allows management applications to automatica= lly fill ```` and ```` elements and possibly enable some @@ -219,6 +229,8 @@ harddisk, cdrom, network) determining where to obtain/f= ind the boot image. firmwares may implement the Secure boot feature. Some UEFI images inten= ded for use with confidential computing environments like AMD SEV will disa= ble persistence of variables, and would thus require ``type`` to be ``rom``. + If set, the ``type`` attribute will also influence what firmware path is + used when firmware auto-select is performed. :since:`Since 8.1.0`. Attribute ``secure`` can be used to tell the hypervisor that the firmwa= re is capable of Secure Boot feature. It cannot be used to enable or disab= le the feature itself in the firmware. diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index a805f7f6a3..4f0d8e27cf 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -18044,10 +18044,6 @@ virDomainLoaderDefParseXML(xmlNodePtr node, &loader->readonly) < 0) return -1; =20 - if (virXMLPropEnum(node, "type", virDomainLoaderTypeFromString, - VIR_XML_PROP_NONZERO, &loader->type) < 0) - return -1; - if (!(loader->path =3D virXMLNodeContentString(node))) return -1; =20 @@ -18055,6 +18051,10 @@ virDomainLoaderDefParseXML(xmlNodePtr node, VIR_FREE(loader->path); } =20 + if (virXMLPropEnum(node, "type", virDomainLoaderTypeFromString, + VIR_XML_PROP_NONZERO, &loader->type) < 0) + return -1; + if (virXMLPropTristateBool(node, "secure", VIR_XML_PROP_NONE, &loader->secure) < 0) return -1; --=20 2.33.1 From nobody Thu Mar 28 12:32:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1642187314; cv=none; d=zohomail.com; s=zohoarc; b=ltHloRjFj4XUBPrTX6FozdTK3/FJSCYopRNDHz1CINUix4lL+JYX2CTg52+6pr6GOv4X3giceKhRC6oa4oMT6S1H4z7v9ee9fUIgKdm5TTlg8JEWFRsnneK0QwM3SdMoit9GiLZb21XorDx3+zXEMzJtkjBKNyRQiFGlSxUxKgQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1642187314; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=h1IU+Rg6Bm3slfl6HcLnv6bz5wNDZbuPCeirpzQnjZQ=; b=aUEgCP22ymkoEBx1mk3ZG2AGvJKKK7JNYOkRavcGheCSi+iDgz7fJQ8+VEP1bIiTKWzZHiox4tLvZxUoVk7WCpYjcZP3uaFC22uvIkvPsdN1NRfifg5/cvCaEZtTYk3uv03HfHUFgpNrmcvQ6cbToTbwodhg+ai52v1Jam+yKAw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 164218731401082.74888074705405; Fri, 14 Jan 2022 11:08:34 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-547-2beDYadjNXWWyUBjnjBl9g-1; Fri, 14 Jan 2022 14:08:27 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0B7A6100F943; Fri, 14 Jan 2022 19:08:21 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D505419741; Fri, 14 Jan 2022 19:08:20 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A268A1806D2C; Fri, 14 Jan 2022 19:08:20 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 20EJ8JKT023314 for ; Fri, 14 Jan 2022 14:08:19 -0500 Received: by smtp.corp.redhat.com (Postfix) id 8F75D1036D02; Fri, 14 Jan 2022 19:08:19 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.131]) by smtp.corp.redhat.com (Postfix) with ESMTP id EA8DA10016F7; Fri, 14 Jan 2022 19:08:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1642187313; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=h1IU+Rg6Bm3slfl6HcLnv6bz5wNDZbuPCeirpzQnjZQ=; b=MsmwZqca219D4NN2kf0KGPStBHUSSKE4wqkkyvN0hvfL2xXaHYvz0HykJ+eDSZzP5lLd+B CO5XzQPtTd7Ub01OvzPGMKLRypC+komRMWCYwGYlpChycYsdYC1asVtlS52PcpCP2OHrYq 34V/XW+SC9YfCmNGZ/8ng2+1979cmnQ= X-MC-Unique: 2beDYadjNXWWyUBjnjBl9g-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 3/5] qemu: filter firmware selection based on loader type Date: Fri, 14 Jan 2022 19:07:13 +0000 Message-Id: <20220114190715.128033-4-berrange@redhat.com> In-Reply-To: <20220114190715.128033-1-berrange@redhat.com> References: <20220114190715.128033-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1642187315548100001 If the '' type attribute is set, then use this to filter the available firmware files. This allows forcing use of a firmware with or without NVRAM, where both options are available. This will be used for AMD SEV when doing a measured boot, where NVRAM must be forbidden. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/qemu/qemu_firmware.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c index 84c80eaacb..2c3b28ae13 100644 --- a/src/qemu/qemu_firmware.c +++ b/src/qemu/qemu_firmware.c @@ -1070,6 +1070,31 @@ qemuFirmwareMatchDomain(const virDomainDef *def, return false; } =20 + if (def->os.loader) { + VIR_DEBUG("Check loader type '%s' match for device '%s'", + virDomainLoaderTypeToString(def->os.loader->type), + qemuFirmwareDeviceTypeToString(fw->mapping.device)); + switch (def->os.loader->type) { + case VIR_DOMAIN_LOADER_TYPE_NONE: + break; + + case VIR_DOMAIN_LOADER_TYPE_ROM: + if (fw->mapping.device !=3D QEMU_FIRMWARE_DEVICE_MEMORY) + return false; + break; + + case VIR_DOMAIN_LOADER_TYPE_PFLASH: + if (fw->mapping.device !=3D QEMU_FIRMWARE_DEVICE_FLASH) + return false; + break; + + case VIR_DOMAIN_LOADER_TYPE_LAST: + break; + } + } else { + VIR_DEBUG("Skip loader type match"); + } + if (def->sec) { switch ((virDomainLaunchSecurity) def->sec->sectype) { case VIR_DOMAIN_LAUNCH_SECURITY_SEV: --=20 2.33.1 From nobody Thu Mar 28 12:32:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1642187325; cv=none; d=zohomail.com; s=zohoarc; b=mdQC4s0mlvIhjHAPM3xks5dRcm90UE4xlWpGtNn9dgvvcdMk8AQde60ji2tCa03ZMy2NNbvPEXtWoarUYevYqUInBiDwQ6icZ6t3qlLFHJ3mInTJ4J4I6CMJSvefcMsNmgfq0Gd2HyJg03IBx5UgDj7cWM9vCqnQV+48yziYqLA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1642187325; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=oy07LyejvcwPtgLVubvZJ3XzHO2QNj8KNSh0y181ZYI=; b=HVtPJZ8FmLIJVUOYvuzqqOQi7uRRbE3vq8zR9K6L/vKY4x8IDF9zBIMdTIdWPj/fJkXsMRmhsbq554zGL4ExciJmXVO1Z6zlR3oR7HsCLoIgefMFA/Lv80GYdFQS79RIS/uMIJMDS18as+TE9fxlxA/B418s4rOX3UGqPCKbM8c= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1642187325861182.24505397840755; Fri, 14 Jan 2022 11:08:45 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-352-I5bu_FUhOCCx3GyHYEPnhQ-1; Fri, 14 Jan 2022 14:08:41 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 484E5100F94A; Fri, 14 Jan 2022 19:08:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 24E68196E2; Fri, 14 Jan 2022 19:08:36 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id EB1BA1806D2D; Fri, 14 Jan 2022 19:08:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 20EJ8YpO023385 for ; Fri, 14 Jan 2022 14:08:34 -0500 Received: by smtp.corp.redhat.com (Postfix) id 1013F1002388; Fri, 14 Jan 2022 19:08:34 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.131]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9424E10013C1; Fri, 14 Jan 2022 19:08:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1642187324; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=oy07LyejvcwPtgLVubvZJ3XzHO2QNj8KNSh0y181ZYI=; b=dCo6FJKdzIjlSl56h8KTQrx1SBmHSHjt3ychDBX0OHM02s8UtbRTCDqgYwClXSvjlY6beR rUCm0raN7myb4QRXO1wgBcIebFw9kOOvVV+aUbpl6YQgE1U0zhJv3jdX9iWSc5H7Ekw/Dq SVZ1XqcoX+Z/RUZ+3JkE2PimGsQRse4= X-MC-Unique: I5bu_FUhOCCx3GyHYEPnhQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 4/5] tests: add firmware descriptor for SEV dedicated build Date: Fri, 14 Jan 2022 19:07:14 +0000 Message-Id: <20220114190715.128033-5-berrange@redhat.com> In-Reply-To: <20220114190715.128033-1-berrange@redhat.com> References: <20220114190715.128033-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1642187328012100001 This is different from most OVMF firmware builds in that there is no separate NVRAM variables store. The main image is readonly and does not persist variables. As such it uses the old style -bios config with QEMU rather than pflash. Signed-off-by: Daniel P. Berrang=C3=A9 --- .../usr/share/qemu/firmware/62-ovmf-sev.json | 27 +++++++++++++++++++ tests/qemufirmwaretest.c | 4 ++- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 tests/qemufirmwaredata/usr/share/qemu/firmware/62-ovmf-= sev.json diff --git a/tests/qemufirmwaredata/usr/share/qemu/firmware/62-ovmf-sev.jso= n b/tests/qemufirmwaredata/usr/share/qemu/firmware/62-ovmf-sev.json new file mode 100644 index 0000000000..02e5e1dae8 --- /dev/null +++ b/tests/qemufirmwaredata/usr/share/qemu/firmware/62-ovmf-sev.json @@ -0,0 +1,27 @@ +{ + "description": "OVMF for x86_64, with SEV, without SB, without SMM, wi= th NO varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "memory", + "filename": "/usr/share/OVMF/OVMF.sev.fd" + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "amd-sev-es", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/tests/qemufirmwaretest.c b/tests/qemufirmwaretest.c index cad4b6d383..45c27554f6 100644 --- a/tests/qemufirmwaretest.c +++ b/tests/qemufirmwaretest.c @@ -62,6 +62,7 @@ testFWPrecedence(const void *opaque G_GNUC_UNUSED) SYSCONFDIR "/qemu/firmware/40-ovmf-sb-keys.json", PREFIX "/share/qemu/firmware/50-ovmf-sb-keys.json", PREFIX "/share/qemu/firmware/61-ovmf.json", + PREFIX "/share/qemu/firmware/62-ovmf-sev.json", PREFIX "/share/qemu/firmware/70-aavmf.json", NULL }; @@ -250,7 +251,8 @@ mymain(void) DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_X86_64, true, "/usr/share/seabios/bios-256k.bin:NULL:" "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVM= F/OVMF_VARS.secboot.fd:" - "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_V= ARS.fd", + "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_V= ARS.fd:" + "/usr/share/OVMF/OVMF.sev.fd:NULL", VIR_DOMAIN_OS_DEF_FIRMWARE_BIOS, VIR_DOMAIN_OS_DEF_FIRMWARE_EFI); DO_SUPPORTED_TEST("pc-q35-3.1", VIR_ARCH_I686, false, --=20 2.33.1 From nobody Thu Mar 28 12:32:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1642187343; cv=none; d=zohomail.com; s=zohoarc; b=ETV4sWMTCOsUR8ztrb7OT92ghLS9opVVf96z+flvL9Gf1zFRa0JFDGWytsDpZMpDkRicEoVrxNxSZIOuFLdRgOw0a+5SFQrn32fJf/DZBvMKJRxiTHZFuJBbv6l55UFcNQmB1JCMEn3yXlGB074eYNwzoVAuKffuioZNHLPOXrc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1642187343; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=WVu2JWN5LddE9oKesH6u7Ci5H7oJuuVbE2bMeiSLKrk=; b=W86VOSgeVMiB+4kWOpW3zL4WLo2CU0sX1O34PcVzomW6b8v0kr8Uv21Fuc8ciNwUonuuTeC7uXW6deVdPZE+TyJhLwqmGSPcZdF5NV369xLwLxyuvHYnR1jVJiegt36yY92oRKlh1QbmfwytW7nX0AdnEVMMSg2FlcvvF16s8i4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1642187343115553.2724633721277; Fri, 14 Jan 2022 11:09:03 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-246-wkdTNc7jOD-4QzgRAJqotg-1; Fri, 14 Jan 2022 14:08:45 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 63F03100F943; Fri, 14 Jan 2022 19:08:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3F29D2B178; Fri, 14 Jan 2022 19:08:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0E2A74A7C9; Fri, 14 Jan 2022 19:08:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 20EJ8cYk023401 for ; Fri, 14 Jan 2022 14:08:38 -0500 Received: by smtp.corp.redhat.com (Postfix) id 771871037F36; Fri, 14 Jan 2022 19:08:38 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.131]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9368010013C1; Fri, 14 Jan 2022 19:08:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1642187342; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=WVu2JWN5LddE9oKesH6u7Ci5H7oJuuVbE2bMeiSLKrk=; b=Yv5Megac388XsJYhmGUQPLyfWlAFr0lDaD55nnMMtXT8Qwc4+agDSjvjYfjA/8Q8z07z66 ZG8b7PeH3o4U4J5GZaDmJ05bQ6BYtDW8BJ9rVGRhmBd9mzdFmj2hLQe7MD/6puu1+SNt9w iflDsHWEML1fAByHsHh+emPK74OK0dY= X-MC-Unique: wkdTNc7jOD-4QzgRAJqotg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 5/5] tests: add a test for selecting a firmware without NVRAM Date: Fri, 14 Jan 2022 19:07:15 +0000 Message-Id: <20220114190715.128033-6-berrange@redhat.com> In-Reply-To: <20220114190715.128033-1-berrange@redhat.com> References: <20220114190715.128033-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1642187343638100001 This demonstrates that when the XML config contains the firmware auto-selection code will ignore the high priority pflash OVMF builds tagged with the 'amd-sev' feature, and instead pick the ROM builds without a varstore. Signed-off-by: Daniel P. Berrang=C3=A9 --- .../os-firmware-efi-sev.x86_64-6.0.0.args | 43 +++++++++++ .../qemuxml2argvdata/os-firmware-efi-sev.xml | 74 +++++++++++++++++++ tests/qemuxml2argvtest.c | 1 + 3 files changed, 118 insertions(+) create mode 100644 tests/qemuxml2argvdata/os-firmware-efi-sev.x86_64-6.0.0= .args create mode 100644 tests/qemuxml2argvdata/os-firmware-efi-sev.xml diff --git a/tests/qemuxml2argvdata/os-firmware-efi-sev.x86_64-6.0.0.args b= /tests/qemuxml2argvdata/os-firmware-efi-sev.x86_64-6.0.0.args new file mode 100644 index 0000000000..fdb64fef75 --- /dev/null +++ b/tests/qemuxml2argvdata/os-firmware-efi-sev.x86_64-6.0.0.args @@ -0,0 +1,43 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/tmp/lib/domain--1-fedora \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/tmp/lib/domain--1-fedora/.local/share \ +XDG_CACHE_HOME=3D/tmp/lib/domain--1-fedora/.cache \ +XDG_CONFIG_HOME=3D/tmp/lib/domain--1-fedora/.config \ +/usr/bin/qemu-system-x86_64 \ +-name guest=3Dfedora,debug-threads=3Don \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm= p/lib/domain--1-fedora/master-key.aes"}' \ +-machine pc-q35-4.0,usb=3Doff,dump-guest-core=3Doff,confidential-guest-sup= port=3Dlsec0,memory-backend=3Dpc.ram \ +-accel kvm \ +-cpu qemu64 \ +-bios /usr/share/OVMF/OVMF.sev.fd \ +-m 8 \ +-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":8388608}' \ +-overcommit mem-lock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-global ICH9-LPC.disable_s3=3D0 \ +-global ICH9-LPC.disable_s4=3D1 \ +-boot menu=3Don,strict=3Don \ +-device i82801b11-bridge,id=3Dpci.1,bus=3Dpcie.0,addr=3D0x1e \ +-device pci-bridge,chassis_nr=3D2,id=3Dpci.2,bus=3Dpci.1,addr=3D0x0 \ +-device ioh3420,port=3D8,chassis=3D3,id=3Dpci.3,bus=3Dpcie.0,addr=3D0x1 \ +-device ich9-usb-ehci1,id=3Dusb,bus=3Dpcie.0,addr=3D0x1d.0x7 \ +-device ich9-usb-uhci1,masterbus=3Dusb.0,firstport=3D0,bus=3Dpcie.0,multif= unction=3Don,addr=3D0x1d \ +-device ich9-usb-uhci2,masterbus=3Dusb.0,firstport=3D2,bus=3Dpcie.0,addr= =3D0x1d.0x1 \ +-device ich9-usb-uhci3,masterbus=3Dusb.0,firstport=3D4,bus=3Dpcie.0,addr= =3D0x1d.0x2 \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.2,addr=3D0x1 \ +-object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":47,"reduced-phys-b= its":1,"policy":1,"dh-cert-file":"/tmp/lib/domain--1-fedora/dh_cert.base64"= ,"session-file":"/tmp/lib/domain--1-fedora/session.base64"}' \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource= control=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvdata/os-firmware-efi-sev.xml b/tests/qemuxml= 2argvdata/os-firmware-efi-sev.xml new file mode 100644 index 0000000000..eb8292b59d --- /dev/null +++ b/tests/qemuxml2argvdata/os-firmware-efi-sev.xml @@ -0,0 +1,74 @@ + + fedora + 63840878-0deb-4095-97e6-fc444d9bc9fa + 8192 + 8192 + 1 + + hvm + + + + + + + + + + + destroy + restart + restart + + + + + + /usr/bin/qemu-system-x86_64 + +
+ + + +
+ + + +
+ + + +
+ + +
+ + + + +
+ + + + +
+ + + + +
+ + + + +
+ + + + 47 + 1 + 0x0001 + AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA + IHAVENOIDEABUTJUSTPROVIDINGASTRING + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index cc67d806e4..16765f2471 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -3455,6 +3455,7 @@ mymain(void) DO_TEST_CAPS_LATEST("os-firmware-efi"); DO_TEST_CAPS_LATEST("os-firmware-efi-secboot"); DO_TEST_CAPS_LATEST("os-firmware-efi-no-enrolled-keys"); + DO_TEST_CAPS_VER("os-firmware-efi-sev", "6.0.0"); DO_TEST_CAPS_ARCH_LATEST("aarch64-os-firmware-efi", "aarch64"); =20 DO_TEST_CAPS_LATEST("vhost-user-vga"); --=20 2.33.1