On Thu, Jun 20, 2024 at 01:22:48PM +0200, Michal Privoznik wrote:
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
> src/qemu/qemu_driver.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index fc1704f4fc..3a76df8ddb 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -19185,9 +19185,10 @@ qemuDomainSetLaunchSecurityState(virDomainPtr domain,
>
> /* Currently only SEV is supported */
> if (!vm->def->sec ||
> - vm->def->sec->sectype != VIR_DOMAIN_LAUNCH_SECURITY_SEV) {
> + (vm->def->sec->sectype != VIR_DOMAIN_LAUNCH_SECURITY_SEV &&
> + vm->def->sec->sectype != VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP)) {
> virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> - _("setting a launch secret is only supported in SEV-enabled domains"));
> + _("setting a launch secret is only supported in SEV/SEV-SNP enabled domains"));
> goto cleanup;
> }
I've not tested to be 100% sure, but I'm thinking this method is not
supportable on SNP. Its use case is related to host initiated
attestation workflow, where you inject a secret after attesting.
Conceptually this workflow isn't relevant for SNP with guest
initiated attestation workflows.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|