From nobody Wed Jul  9 23:32:50 2025
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1519667670827425.9251516878862;
 Mon, 26 Feb 2018 09:54:30 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 11EF34ACAC;
	Mon, 26 Feb 2018 17:54:25 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D9D6D60C8A;
	Mon, 26 Feb 2018 17:54:24 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9F54A4A471;
	Mon, 26 Feb 2018 17:54:24 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
	[10.5.11.16])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w1QHs35s031061 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 26 Feb 2018 12:54:03 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 924495E1A4; Mon, 26 Feb 2018 17:54:03 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx04.extmail.prod.ext.phx2.redhat.com
	[10.5.110.28])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 51A9F5E1A2;
	Mon, 26 Feb 2018 17:53:59 +0000 (UTC)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com
	(mail-sn1nam01on0082.outbound.protection.outlook.com [104.47.32.82])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 5FAAA7B9A8;
	Mon, 26 Feb 2018 17:53:58 +0000 (UTC)
Received: from wsp141597wss.amd.com (165.204.78.1) by
	BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) with Microsoft
	SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
	15.20.506.18; Mon, 26 Feb 2018 17:53:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
	bh=EUUvPvepVTKYhtAgGcjjN21htchSKWfBms8R6bEPqcc=;
	b=FQw4b8MsFV02T4YDufub4gfGfjKZ787iMH9gV7MjoTn4lQRPFU4ygg+aI+0c5Psy7RBJM22jnNo9G9hGcTnVBKdfJxlEm8ez19PLWUBKvsuInEihaLtlReaMqL9GRQmk4URzxHD6f0JBuGD5uiOTXi8HWtmsrxP0Z7DwOSWYEuo=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: libvir-list@redhat.com
Date: Mon, 26 Feb 2018 11:53:34 -0600
Message-Id: <20180226175336.79815-3-brijesh.singh@amd.com>
In-Reply-To: <20180226175336.79815-1-brijesh.singh@amd.com>
References: <20180226175336.79815-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: BN6PR17CA0004.namprd17.prod.outlook.com (10.173.147.14) To
	BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 9f9de223-45f7-4715-1478-08d57d41e7c0
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020);
	SRVR:BY2PR12MB0146;
X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146;
	3:ctj5lVOHD9Glo4+7fa1GNxTTeDnASByuDdmgAlGAMW08ye23ywiQMNO5vJXwl7jIPcqrhI2Drod08SHbIDtUuSHlX1NL+dTjGgl2uE1ZF97rQOYStfVpilxNp4OdAmHn7hmmlGc8DwoWVIwj+TCh2w0WehjhgKKLFwfoIGLRG4jvRubc3SeMurHV7hZDZ5EB0y7eIPcNWE5GG/Dj1CLFHqwimZNfyO3NGB4IGaGgNCE3M0FckXUBUDCPuFQ/2UgX;
	25:KrM/iBJeERmHhvVUCICC9+eOcrVBfHKaC2voXelIiZIeCl8CHfk0OV/RaSjwq/TLIBHr7bs4aeU2cZO2odvCM1HaNfTcIzozJZfQmmfnK9/p2aDHbVHSWRZv7gqCz04Fto8TpgHMlVlId0GvSEXGZtq0VLpjZXyAgiwVT8nqezBo07u/BIdvGsvoOrFUaqPXHX/JlqG4DQTXSqCIRn6lNb5Fqxo0B3ANFhYbW+L3ld0iJ4dhNbsySdazfIZ3r5HdjFpxD5lfOLxBwLwDEUm7LQ8UzNy6IOwYwTBNdxZcDxOI2g02VkVSU16xc8aL0Oixy6gNEPp5lmSfme0hR0lZKg==;
	31:A4bsy9oq67zh1LpETAK1L7bxBxlqFrdbfPk7cNlEdIEo/T4dEntkJhTwcrV/Yru97eTJ5wAROFZfhC3sAMxYiHaAH/AdXZnKJZynNuC84bbik9YnUZXQgsRk7gl3jlbT6pqSVqg8D/KaQ1CFrxIEL8v4HDufmrMOpwTbK6PbYD+dOMGzZ1ITaNV1UcJB6uQCeX6rXIEyrztBBXWBDp75GV6G20oVB/pJV6uihDOo00E=
X-MS-TrafficTypeDiagnostic: BY2PR12MB0146:
X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146;
	20:xUs12w78ZL7rRwxxZQ0gpsHiGA3g6WfGbDnwqpxAKb8u5AubKBcmFONSR23fBTONhVCXgXU12pXpOTBXb8o99IHGleXQPtXwsPzdazOS+waImd+SvCJCpS5PwC+QpJ9QsOF1tTXu/BIXi/TydaA20xWGeBevB+Sz1zO+xK1q4FBFrNZDQ+tN3kLjtWhucbb+z/3wixIhzrAlgfGtriopPnCucpHfcbIs3Mz0L2WEifGPzjPjhYrCt128t82Aspu+wgPs7cQbdFk0h/w0NZRcVpvoFH82M/PZKB6wYzk1Ux9D8esHtxO0QrmwLDMxWVKjKEcmw2O/gAHynPRwNvVizeUa8FXD4wJfVbKwMoyuJghh6wM9+kXDwYEOUh1jtbjk3tnw3dFQhFxBZGwKqMFaVw+2ljx0I41cLEX6uNjnkWUJlq5+aU38j0RICh+gXaZ1tQuclMUF0MzYE0uoWe8fp+lb6knqzcB5sRKHR8mwO6rHrjIBPSIdBlWA6xY8hWOd;
	4:NRqbuYciTk7WLqMSXvJKzZ07emBp7Nxs6i9uKL0H8zSr0KW5Eceda0EkuRUGQvh22GSjbrlIz6t4xHrtsuEWBxHr19iQCrs3XChgPGIcu57aS0QeYGvmsd8ElNEnQaDKETNXHRB4LtCw9CBdZAih2uM8djS8nxnGRoD1+GKEIln13XnKbIjhQAoZj3aiFUoMpNUtu4ohFMVmkBAxnGCB7ZkisHIQgXnn4jaQ/gZUh0lDqoeXCVKtXb/smigBCIPNs5mVLQWUrzEveBangxbwTzqT9VDLOT1v13I0einSYce09l+TYvfvYbRDC9bIa6Z3
X-Microsoft-Antispam-PRVS: 
 <BY2PR12MB0146124A225FE1EB0044475BE5C10@BY2PR12MB0146.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(767451399110);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3002001)(3231220)(944501161)(52105095)(93006095)(93001095)(10201501046)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(6072148)(201708071742011);
	SRVR:BY2PR12MB0146; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0146;
X-Forefront-PRVS: 05954A7C45
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(376002)(39380400002)(346002)(366004)(396003)(39860400002)(199004)(189003)(53416004)(76176011)(3846002)(8676002)(81156014)(68736007)(186003)(16526019)(6116002)(8936002)(66066001)(36756003)(53936002)(86362001)(54906003)(1076002)(47776003)(26005)(50226002)(316002)(2906002)(81166006)(25786009)(5660300001)(6486002)(478600001)(97736004)(2351001)(50466002)(6916009)(39060400002)(106356001)(7696005)(2361001)(52116002)(105586002)(59450400001)(298455003)(386003)(48376002)(2950100002)(6666003)(4326008)(51416003)(7736002)(16586007);
	DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0146;
	H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1;
	MX:1; LANG:en;
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR12MB0146;
	23:W8GA195+Jl/chnpU1jnFSu3cff5IALZ9plmShtQzY?=
	=?us-ascii?Q?PMadoX3mcrzto6eOmXAKRBlOlzAXg/OeeZg4p0WRSlBfhBcae0V0XY2pPAVg?=
	=?us-ascii?Q?LxF3dnESRzPOdW7KAgLTxcy+8yeb7loncRKbGIKpT3uVM0QXmTV5QYVH6Yur?=
	=?us-ascii?Q?socdc1lY/r8XYvhSHeP71g6P/MILt0ky9NY73Qg9pv54hxLWa3uk2kq55N/q?=
	=?us-ascii?Q?mw7pBPZNpojxhiBYGPciN7tvsTxl9t06kgmfimeumRPAfOX5rY5foNxcGA7S?=
	=?us-ascii?Q?mTUUNwGDx1b94AiaCPxeH3n1xD/mJ49B44ZL+quz79yL9BzTC1odiKHLzfC+?=
	=?us-ascii?Q?GkQ4s9yJ7U2txBBCNSPseTgeeNSVzgm9E+fFxf7LtsLsmjkXjCyFAGSgR93T?=
	=?us-ascii?Q?4qHxeBHxbi9xyf/APLt+/RV7pFbPe8kgPun80KUuvYmHqmbpRMu9WifAu3nE?=
	=?us-ascii?Q?gDAARvy1ahQnG7W5NfIGKUZqdjbzRnocJh1SlvCFMTsxHi4Tga2LrDa6zG9y?=
	=?us-ascii?Q?Svb093A68vsRo6af+rXE3bvp2/rEijxeRyRFgYDrRXFmoQyH599QYtF6Yv4C?=
	=?us-ascii?Q?iVh9NEH8lqGzuP10g6vkf+wM3+9hrNYi43WsHe+Mi0HURcbr8eB5qXHmgayu?=
	=?us-ascii?Q?VFq+W0P+iGqD0Z6wuQdNEj/ioBcvrlQWDjIJ3/csWtGypwTHjafY58s1/OYu?=
	=?us-ascii?Q?xA2wrPnXxO7ylUdY8CETHF77PwAIjveLKK8/wAHELNo24PXEIWN0HXKnf+NK?=
	=?us-ascii?Q?1w3JuswwUA1n4Aw77cIyPSxHtnpwzj9YXJt1aD0uNpFAiVlNdpaZ+/MaHVQ+?=
	=?us-ascii?Q?CK9ZlZ2w/LKRsR7UvBwEJC4fEitcQODfnz2M0VmvEx4gQ011qIoWXcS0tCz/?=
	=?us-ascii?Q?iQVMfkk9TqSDtmjSwwvnsRQfLrEiLRuLgMDbLTRZQ/RU6oA5Yu5endkddwkX?=
	=?us-ascii?Q?V0jctwqNvtZY/EOoTIeHGgldToYvhwe6Ah/Sz+9wA6lr+RLGDFDQFB/ahAdV?=
	=?us-ascii?Q?r2ebCm+uGmuTHNU1ZTyV1L7U8zFcQbnCx76uCETB38zF/KMM5JTGWToz1tD+?=
	=?us-ascii?Q?Lc+W0XBp2wxhQdpL3HBnBLF3FAEjViUggyt9ZPBpEdAtHsZQKaOL34naIKrO?=
	=?us-ascii?Q?Hx4DbY6neJCp1tdAXer0G2zdpSuBj9hXct5RM9d4wMUeoHeMHdrcmMPpWu2l?=
	=?us-ascii?Q?YjmLlbvnvA6O1WxkvPusUhlIsMs8XitoN/ZYX3ya6qHV1ssQi7mn/tFUw=3D?=
	=?us-ascii?Q?=3D?=
X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146;
	6:GPjgDzrPRiMQxP9+tjOwIUFp+6XuIstbN+rRG4ZLfPuM2jOocx+C6sYsIO8LcNWF1PpORL9t7uFsXHeL4Dib+LYWZuIszwI1r65hVJag4sLw+NSI31ubYlXBFKSC+UdIBht1ywHtUwJ2u4ezRsIoE4V0Rtu5UIj9Gq3CeFexTn3hsoLhc6ORHpz6kRLY3iuypq+iTrL7ONrWX3N0VHx8M6uslrwfVtTuI69nUGxmDbq1lZN1dsu3Ba8vEh5gS1299Z9QdQOtnlDEOqQwIYQyrZJUNt6HGOHsR3uxu3QULsq8e6g0XJfbuirbdGR29xOcVy1nxqI0iwf9rRsyl1xEDwy772UN+EXmiQiZ/o1YVIQ=;
	5:wQwFRBCOJ4hjx9FtEmo2BQrIUgaej+expIR+IqA8/AJ9/cKrIVtRQaDurQsu9IlcA30HGzik3AQlEe/QUxUxWChx0gluCp6ZAGcye3uLSNr30GD6cYsvTehOJdF2bRh0ZIOJC5xJh+oSxMMXigQg14+JunSLv2y1wI0EeHxXXgU=;
	24:J0ZTr83khiV2HFDz3Mo4Gqja68/3aIa451AphvV3WjnXR6NXDniPkI2hbkAM4d/9ZMymBAbqkHvvvmABc51vndPh27tM3u4+IpxzL2+PGnY=;
	7:60P6U1qOCJ0mgmYDd+RlWWWLHSOxosVTLM9xcCzGIA+s4omF8dkv9RoaZ38183Wba75WrEoMe8j3xGdrrnbvBbTIVGvydyriO8lEZ+VhcoXT29fPXdCBl9rdcuEmMxdTcRZM6e8IbijDQVHz6dF5hxz+VVgSp9rEK3yILWW31Rjias0HABl29rkJInRRP/idQpgv8H7xDKZY7y+YsPjxIYu6BHs892jsnKk7Xohwn22jmmeK80H2Ij4ww+u4rZur
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146;
	20:g1r4xhORlFVs6g/j9gaajrXeuWT9aVTjnkC8P2EVrDnBpeADVyiyDFlhqTcLuH21eTLf4CeIzr/gi1WkxEkdaBD7H21uNJcBPJ3Rws73JProKwssy0n0pWEDEATWX+t28znctoudaeEoEKEAAdLV4AcKWHv5SwUIb9/2GBcf31nYg+7uqrLSfAteR4/mg7UFyY+2o2OFt770Y4T3sN+G5QZq/vDTkns/7IpxdVpkfGsnvdXSPEtTqp3eZS561WLK
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2018 17:53:54.6951 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 9f9de223-45f7-4715-1478-08d57d41e7c0
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0146
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.28]); Mon, 26 Feb 2018 17:53:58 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.28]);
	Mon, 26 Feb 2018 17:53:58 +0000 (UTC) for IP:'104.47.32.82'
	DOMAIN:'mail-sn1nam01on0082.outbound.protection.outlook.com'
	HELO:'NAM01-SN1-obe.outbound.protection.outlook.com'
	FROM:'brijesh.singh@amd.com' RCPT:''
X-RedHat-Spam-Score: -0.031  (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,
	SPF_HELO_PASS) 104.47.32.82
	mail-sn1nam01on0082.outbound.protection.outlook.com
	104.47.32.82
	mail-sn1nam01on0082.outbound.protection.outlook.com
	<brijesh.singh@amd.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.28
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-loop: libvir-list@redhat.com
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
	Xiaogang Chen <Xiaogang.Chen@amd.com>,
	Jon Grimm <Jon.Grimm@amd.com>, brijesh.ksingh@gmail.com,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [libvirt] [PATCH 2/4] qemu: introduce SEV feature in hypervisor
	capabilities
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]);
 Mon, 26 Feb 2018 17:54:25 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Extend hypervisor capabilities to include sev feature. When available,
hypervisor supports launching an encrypted VM on AMD platform. The
sev feature tag provides additional details like platform diffie-hellman
key and certificate chain which can be used by the guest owner to
establish a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 docs/formatdomaincaps.html.in  | 31 +++++++++++++++++++++++++++++++
 docs/schemas/domaincaps.rng    | 10 ++++++++++
 src/conf/domain_capabilities.c | 19 +++++++++++++++++++
 src/conf/domain_capabilities.h | 11 +++++++++++
 src/qemu/qemu_capabilities.c   | 41 ++++++++++++++++++++++++++++++++++++++=
++-
 5 files changed, 111 insertions(+), 1 deletion(-)

diff --git a/docs/formatdomaincaps.html.in b/docs/formatdomaincaps.html.in
index 6bfcaf61caae..8f833477772c 100644
--- a/docs/formatdomaincaps.html.in
+++ b/docs/formatdomaincaps.html.in
@@ -417,6 +417,12 @@
         &lt;value&gt;3&lt;/value&gt;
       &lt;/enum&gt;
     &lt;/gic&gt;
+    &lt;sev supported=3D'yes'&gt;
+      &lt;pdh&gt; &lt;/pdh&gt;
+      &lt;cert-chain&gt; &lt;/cert-chain&gt;
+      &lt;cbitpos&gt; &lt;/cbitpos&gt;
+      &lt;reduced-phys-bits&gt; &lt;/reduced-phys-bits&gt;
+    &lt;/sev&gt;
   &lt;/features&gt;
 &lt;/domainCapabilities&gt;
 </pre>
@@ -441,5 +447,30 @@
       <code>gic</code> element.</dd>
     </dl>
=20
+    <h4><a id=3D"elementsSEV">SEV capabilities</a></h4>
+
+    <p>AMD Secure Encrypted Virtualization (SEV) capabilities are exposed =
under
+    the <code>sev</code> element.
+    SEV is an extension to the AMD-V architecture which supports running
+    virtual machines (VMs) under the control of a hypervisor. When support=
ed,
+    guest owner can create a VM whose memory contents will be transparently
+    encrypted with a key unique to that VM.
+    </p>
+
+    <dl>
+      <dt><code>pdh</code></dt>
+      <dd>Platform diffie-hellman key, which can be exported to remote ent=
ities
+      which wish to establish a secure transport context with the SEV plat=
form
+      in order to transmit data securely. The key is encoded in base64</dd>
+      <dt><code>cert-chain</code></dt>
+      <dd> Platform certificate chain -- which includes platform endorseme=
nt key
+      (PEK), owners certificate authory (OCA) and chip endorsement key (CE=
K).
+      The certificate chain is encoded in base64.</dd>
+      <dt><code>cbitpos</code></dt>
+      <dd> C-bit position in page-table entry</dd>
+      <dt><code>reduced-phys-bits</code></dt>
+      <dd> Physical Address bit reduction</dd>
+    </dl>
+
   </body>
 </html>
diff --git a/docs/schemas/domaincaps.rng b/docs/schemas/domaincaps.rng
index 39053181eb9a..6ce8d296c703 100644
--- a/docs/schemas/domaincaps.rng
+++ b/docs/schemas/domaincaps.rng
@@ -184,6 +184,16 @@
     </element>
   </define>
=20
+  <define name=3D'sev'>
+    <element name=3D'sev'>
+      <ref name=3D'supported'/>
+      <ref name=3D'pdh'/>
+      <ref name=3D'cert-chain'/>
+      <ref name=3D'cbitpos'/>
+      <ref name=3D'reduced-phys-bits'/>
+    </element>
+  </define>
+
   <define name=3D'value'>
     <zeroOrMore>
       <element name=3D'value'>
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index f7d9be50f82d..6a7a30877042 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -549,6 +549,24 @@ virDomainCapsFeatureGICFormat(virBufferPtr buf,
     FORMAT_EPILOGUE(gic);
 }
=20
+static void
+virDomainCapsFeatureSEVFormat(virBufferPtr buf,
+                              virDomainCapsFeatureSEVPtr const sev)
+{
+    FORMAT_PROLOGUE(sev);
+
+    if (sev->supported) {
+        virBufferAsprintf(buf, "<cbitpos>%d</cbitpos>\n", sev->cbitpos);
+        virBufferAsprintf(buf, "<reduced-phys-bits>%d</reduced-phys-bits>\=
n",
+                          sev->reduced_phys_bits);
+        virBufferAsprintf(buf, "<pdh>%s</pdh>\n", sev->pdh);
+        virBufferAsprintf(buf, "<cert-chain>%s</cert-chain>\n",
+                          sev->cert_chain);
+    }
+
+    FORMAT_EPILOGUE(sev);
+}
+
=20
 char *
 virDomainCapsFormat(virDomainCapsPtr const caps)
@@ -587,6 +605,7 @@ virDomainCapsFormat(virDomainCapsPtr const caps)
     virBufferAdjustIndent(&buf, 2);
=20
     virDomainCapsFeatureGICFormat(&buf, &caps->gic);
+    virDomainCapsFeatureSEVFormat(&buf, &caps->sev);
=20
     virBufferAdjustIndent(&buf, -2);
     virBufferAddLit(&buf, "</features>\n");
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index e13a7fd6ba1b..aed5ec28e9cc 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -102,6 +102,16 @@ struct _virDomainCapsFeatureGIC {
     virDomainCapsEnum version; /* Info about virGICVersion */
 };
=20
+typedef struct _virDomainCapsFeatureSEV virDomainCapsFeatureSEV;
+typedef virDomainCapsFeatureSEV *virDomainCapsFeatureSEVPtr;
+struct _virDomainCapsFeatureSEV {
+    bool supported;
+    char *pdh;  /* host platform-diffie hellman key */
+    char *cert_chain;  /* PDH certificate chain */
+    int cbitpos;
+    int reduced_phys_bits;
+};
+
 typedef enum {
     VIR_DOMCAPS_CPU_USABLE_UNKNOWN,
     VIR_DOMCAPS_CPU_USABLE_YES,
@@ -171,6 +181,7 @@ struct _virDomainCaps {
     /* add new domain devices here */
=20
     virDomainCapsFeatureGIC gic;
+    virDomainCapsFeatureSEV sev;
     /* add new domain features here */
 };
=20
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 2c680528deb8..ee8c542679eb 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -5880,6 +5880,44 @@ virQEMUCapsSupportsGICVersion(virQEMUCapsPtr qemuCap=
s,
     return false;
 }
=20
+/**
+ * virQEMUCapsFillDomainFeatureSEVCaps:
+ * @qemuCaps: QEMU capabilities
+ * @domCaps: domain capabilities
+ *
+ * Take the information about SEV capabilities that has been obtained
+ * using the 'query-sev-capabilities' QMP command and stored in @qemuCaps
+ * and convert it to a form suitable for @domCaps.
+ *
+ * Returns: 0 on success, <0 on failure
+ */
+static int
+virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCapsPtr qemuCaps,
+                                    virDomainCapsPtr domCaps)
+{
+    virDomainCapsFeatureSEVPtr sev =3D &domCaps->sev;
+    virSEVCapability *cap =3D qemuCaps->sevCapabilities;
+
+    if (!cap)
+        return 0;
+
+    sev->supported =3D cap->sev;
+
+    if (VIR_STRDUP(sev->pdh, cap->pdh) < 0)
+        goto failed;
+
+    if (VIR_STRDUP(sev->cert_chain, cap->cert_chain) < 0)
+        goto failed;
+
+    sev->cbitpos =3D cap->cbitpos;
+    sev->reduced_phys_bits =3D cap->reduced_phys_bits;
+
+    return 0;
+failed:
+    sev->supported =3D false;
+    return 0;
+}
+
=20
 /**
  * virQEMUCapsFillDomainFeatureGICCaps:
@@ -5958,7 +5996,8 @@ virQEMUCapsFillDomainCaps(virCapsPtr caps,
         virQEMUCapsFillDomainDeviceGraphicsCaps(qemuCaps, graphics) < 0 ||
         virQEMUCapsFillDomainDeviceVideoCaps(qemuCaps, video) < 0 ||
         virQEMUCapsFillDomainDeviceHostdevCaps(qemuCaps, hostdev) < 0 ||
-        virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps) < 0)
+        virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps) < 0 ||
+        virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps))
         return -1;
     return 0;
 }
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list