From nobody Wed May 14 19:34:26 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1520529234395943.0821362955879; Thu, 8 Mar 2018 09:13:54 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8B8EDC06A7F1; Thu, 8 Mar 2018 17:13:48 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5533F7E66F; Thu, 8 Mar 2018 17:13:48 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8D6A14CAAB; Thu, 8 Mar 2018 17:13:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w28HDct8014200 for ; Thu, 8 Mar 2018 12:13:38 -0500 Received: by smtp.corp.redhat.com (Postfix) id 4D5FA437F; Thu, 8 Mar 2018 17:13:38 +0000 (UTC) Received: from mx1.redhat.com (ext-mx01.extmail.prod.ext.phx2.redhat.com [10.5.110.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CA90918ED5; Thu, 8 Mar 2018 17:13:23 +0000 (UTC) Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0043.outbound.protection.outlook.com [104.47.37.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0061C7FEB9; Thu, 8 Mar 2018 17:12:39 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Thu, 8 Mar 2018 17:12:34 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Nmj4gtzZMTQQEVpLNbhaiBOh7/RIkuyavAl4FNin0EQ=; b=LaS4On4fPn7HCJEtoYmh3C2FP7DGY5Y0va01O3G6JG8asoNWhNgNzfO8W2J5NUyrpE+OjkDzib8+jXZuflqNYqcReThIBxEUpILufRugODwdxIp0413SBY4ZfNU6bLY8fRa0p9pHGTldZOC1ujnuaxAnZs//JJXY9jBuG4nGA2M= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Thu, 8 Mar 2018 11:12:03 -0600 Message-Id: <20180308171208.54369-5-brijesh.singh@amd.com> In-Reply-To: <20180308171208.54369-1-brijesh.singh@amd.com> References: <20180308171208.54369-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR11CA0037.namprd11.prod.outlook.com (2603:10b6:404:4b::23) To DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 8f881977-f259-4a57-6b97-08d58517c9c7 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM2PR12MB0156; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 3:RqNxnvKcth+7TJB+kSyamLxOjC+2elNvK29xrWAJLVDMuEJghbgLJPRJtyXW6q1jbhU37N1h2FdtGAhYF3lkY9BmHhA005Ku/PRfsPbfvU52NtoiZt+YeUM8yKqEOv65gIGVhxZdlV/0OOPBCCyRFA9Ys7nK049GUTl/tUTgZT7thq+97SbDKfHSUFVspIdhJK8w3RJe3poFgLb7wbVdv9+7YXMYSTZSJwMOedtvxKt43USwrAi4UIkW0kCTGY++; 25:t9WGFx4Rk3lnqWJLAaYkj1UgK30JQBcqoE81ZZfFXDXP0ZY1F2yHkdKyoh/JKW5kKKpgZT18vT23gCXwmI6PxnUOZ7wWDK5Z89UxqhJdSCufGWZe70FkAY6DMMA1YLmpeqvV/8o8sXnwX9U2SFXO6UjcRZaz4WLvkmxyeks92DC+AWkcknFoF61Q4mp5Pw3RPhEPWYxXD3v+9XN+IfShZD12IdTQ9WjblYQjBwYQJHuQzbLaZGeuToCujSUL9MS7kXVwBfTvHPfMHikw7usinqYIqx/iZV/mG8w5Eva+ND5/1lRMQF506CvB8lGovsjMS0uhSzbEAa8AuvSsUC4IZQ==; 31:Nle+paKDu4i4L/6yaOe8RSiiDD0wXx66BSyUeCgUe6l/Xe0S4aMrO8tm9LgIp+dn+asFLc82IE9nq6nkEUmDvjadM5PxEoIYxfmD9n1r2Ci4wytN2vS3aZWDDuMJyKYwIEFMyeF2ARkRJMNO3ULIuAiWvzHjzuKFNSdOaj+SX9t2K3XKwLiXfpA9jTdMHA84Psrn3YMCC/6sQkaw7pwwV1x+IaHUhBPVrPDszLv4X1o= X-MS-TrafficTypeDiagnostic: DM2PR12MB0156: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:RlDINkfE/1yzPpgyPJl8tmbQCGao7gTe3DIMh6W+dubBYgWmn6goUuyB4k0FQYioYD6uMLzbgueXOs5xhg3TiH4dNg8vN4Fw5uGPnAagnlRF9kub9ek3mqSW/oiUYXCIRrEu/aQJiw5vhtG1FaASaGYpav0CN+8KcJEmi1ANcMmz/HpFqVhadlVo+W9YhCUEmJ8Ym/7mm2pSJTYQZyOrEUxKIIbN+nsBv9cKM+YLXWOexDaiBpTrIgNUkqJ0urWUzlp9ublk2MTa/jhUNpgF7u6BSMOGVIo1BUkTnIsMQ+oWjz1dW8BJJ2Iwyty9+3N32O5MzKmeWr/otOPESEF/c+BKT5OxDV9DX1jOhKXcxMmvxyDTKvdkakSQr0SRKIuxw5145I7AwSaTMijJq/cmXcxz7vhcCUZma2mHxiYz0LySmZZsUQwwjQ05u4g5oTyKMaH2vcLoIIFS2Qc4rpAFbc30PmAL5iI51kcvfhHgWKQg4qroIEkVd6xVVt7hoe3C; 4:yrti4t5VSt7RXFcftdmwC3gi0qAn/H+1LmYxLXPxsmHLXMx8dJKyAMdY+I1ZfHbd+uPf+vpa00ARMSzUsu8H2jlJ1DepUP1Lj97HGgz0xgyaLRuWYmVYOox2WOoi+CsXTIwAVdPc3aJ7AS53r/WI66qOYTanjTJBPhqzUTibhJl/8pa0y+NUnk8fegHRSoadSbCpOlR0bMrCn9SbwTJv8WKh5eaORppr2unOAX+yJiMVHSHiM+FH+bHAsP55A7ayEzEtN4FNTV7fpLkvzIginuvJiE0Uu/Xix9bqxQttCWuI/EPcEelhkan+jG+8Y9vG X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(3231220)(944501244)(52105095)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011); SRVR:DM2PR12MB0156; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0156; X-Forefront-PRVS: 060503E79B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(366004)(346002)(39860400002)(396003)(376002)(39380400002)(199004)(189003)(5660300001)(16526019)(16586007)(478600001)(3846002)(6116002)(7696005)(52116002)(51416003)(76176011)(6486002)(25786009)(4326008)(316002)(59450400001)(26005)(1076002)(54906003)(86362001)(575784001)(186003)(386003)(6666003)(2361001)(106356001)(2351001)(53416004)(8676002)(81166006)(81156014)(50226002)(53936002)(2950100002)(6916009)(2906002)(97736004)(68736007)(66066001)(47776003)(305945005)(7736002)(8936002)(36756003)(50466002)(48376002)(105586002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0156; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0156; 23:wB9Hjq6yNK48fLoafF7KW2ynCEUECagL74zMzQzha?= =?us-ascii?Q?8mZ4wMg6Jw72GLqhvkkejm9Nm0vNUidd2JYpXO/beUCXr5KLI6tAr1Oz+FZz?= =?us-ascii?Q?/0uNUAyjmI0eoaPKW29EXM0/jHYVvQiIak0OuLMesancfdAm7GEydYNbfUIw?= =?us-ascii?Q?GKoKqWWarz5qfRCbbZ8+ntcQfMBt9a9nAQMMTj+7r3KsykThwUi8j5qxeqyv?= =?us-ascii?Q?wB1HszHJAV27g7tM8f0LkfebrH/Q0o6OCdCRQkAcFEJn/oJjzBIc/Wh9TRcS?= =?us-ascii?Q?vj58ejloJVGRThTcZcTDGAM7gQZHUfYtI75rzCiZzkCYkYrPTs7dCSt2j7cd?= =?us-ascii?Q?RJyFO/BRXV4gif5un3MQYKDrBudQ1MhmDe1N6cYu6dyqX3IQIfvjX/pFj1jh?= =?us-ascii?Q?4aBKHnBoGRltQsmGoaZdesdlSwOxCG5ZuiPVxDsRXsbqqfZND516yAgu8Ltt?= =?us-ascii?Q?v4TBSGh6+9FxWKX+vTChJth0/0HnXHJdWijLwPaygHE0PRsEHyJnkZXNli37?= =?us-ascii?Q?qy2Fr32IdZ6HKJnOywwR8XGP9Ktf7NqdtiVuTlufvR2s1luyUZN7QkL8VpDg?= =?us-ascii?Q?XAmemsKjlmJuuo8dOCijIM3flcMcw0l2X02vztuqdlglOoqQf90ZlMcUqCcm?= =?us-ascii?Q?cyKw8Em5oLWaQgmSRk7scnp57/v6SXXzucRZjY5oGSwfCIUblz+SGsgTehSs?= =?us-ascii?Q?x0h3smKSZOn6Yfu4zxSvrBYGYuppp1AS2UIDEcKG32XZPZPkvEJlFo3Atm/e?= =?us-ascii?Q?FArNRoBOeJtlzqg9WdWEhE5x+9Y6DLHj7S71Zqjz6BjEuaDgURDNk/aZjoWr?= =?us-ascii?Q?W7i+pZRxU8u/XC/YgYKoavdwshqdGuJ7Vju/fNFCZCd2Y9tSxm3vvddhAVEZ?= =?us-ascii?Q?LZgk0lxZX5wu4+w5VS5sPHyRqOn6Dw/5xOQUYGexV0kN7sQwgc30BVaB4aAH?= =?us-ascii?Q?V6WUv7E7b+OQPL8QWlRyDcnxnoGk0VBxQfCf7nVZR4W7RGsZKCvPSEPlBw9j?= =?us-ascii?Q?k2qgB5gynVWRl+ft6sI6vgTAoK0bg3XL/M3CoGyY09HYNI3bJjz/DGiQRVL9?= =?us-ascii?Q?+UYakN4+RzyQ2TF0PP5rTgquqonO4pHIEF00iTng1K0QcbBfvPtJBLB90vrX?= =?us-ascii?Q?R53zIa3FzAeQ4o8HnpdcjPkMfGrzzsd/rwmcavrHFinojYq9EYAJp7oqntop?= =?us-ascii?Q?5kk7ZPVct2okil+Evt7kN0EsJ3Rx3w87YTaB8Moxkj9cdlIleBWJUYl4A=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Antispam-Message-Info: K0f12JAbN+06ESsly4UtF12+LBDpU0I01L4WnXGKfMA5VeAA0UJwx3/uais0DMHFNLvLOkW+t4ka/AWnbIiMGHjpLF2pB7ISb9nmvYvh9IMWoZy/Iv0R7kMQ68Lc6D288eOdYnjtZKsjNU2XExGw7yQ0cCAmLHZ89FyDuMAEY18h0oVNWi8pmwk19pcO3Gbn X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 6:LVJB8ad8qIh4KsB+FoxL/oYUXhSIO/Xt0PG29gig6YLow/vRI/SnlF+v2Ow/0klhr8Oy6LM+TpzinzCyOOxNPQ4dDqSavoHVfteD5lna+M0YNvRH4pbso5j4mtNc9yDGHNrz4atknwLN8aCbSnKf3IrjmD0LDHBEQeWH6cmWVvnCz6nVEKOr32oxrqwNU3yY4MN6drNbnMoVhzzwdTMPZn2XVvcy1XAjH316n0xUt19XL1OMgwUW5ZJsKBq99iKgdtIBLFIygBD3gFstcol4wSAGWJSEXe+HVTTzDI6XRNrl2IKINYCUPM2b1ZvTkAEPo331xx3K5vfzoIlvIZe+0q+c7bbKLR67haFG5O1Y9p8=; 5:P5BGMLKqVLgbE+rJKoHkP6YHozt2ae6ctu4c0tSoJVrs4mGB7GwY+SEYbUDj6BAcAqcF22gXATHm8ezAm23ZxxTkxbDPghmYm6jqZ7a88hXDRSPtWvxlQgIkpGgpwdc4y13J7wR0uME7wg1zGQi+/S6Wc1BkMCe/66Z0GjfQ9LY=; 24:kimVfl47rZ/+PXPkfPgrxAIJ9J9RRArCD4x1uiz6jOH3WGOY2Mr+Wu996h6ww88ieQj/+D6vG3mnVWwKYuo06kgLW8FjGv1fUffSu/BZm+U=; 7:7Bhze9FCGT3IFYQFltsZX5nUTI4/c89Z/Ir37acS45uF20MmSqggsjKSq7VqAIJ2b4a7VArE/X+LPOCUHzcm49zNU0xB9mYIwKbPltC25/S2pAJxTYVDmhGsh7ed14mz8vQgrqjECRpVsGxNvCQ8zMV1u/jrvUeyKNFyLPEz/VLwufFHXQY+o6Vv53Tp/ihcY7x4hCa7wC1sQH2F8jg3JWk8dHPZ3XcSnfYtjL4cv1uBBECPm9DLXd7+o61hik+0 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:IkDMiOKEk9pO2ld9pWJ0o1SRItg6Z3Zq/2gPg5PK6g+2mdNEBCEwdN9e/J9MvXC2P5ufbFvdH1vNunL5qg4KgTNIZqcRdIbGrnYxXWI7iDYiQ5Kf6rUSvYSEiE6Angn6WSx106Bpm5EWBO5wasiQhko+vU9uO8Vc1scdEQJz3yyJZ36F6hWDpZdogbCIGt+OrXKyuPYnWYm2b9xWKB3yd5lRlu9/yQ9nuQGeQL7a6JD/EJYhLMMWh516Cj9+2pZ0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2018 17:12:34.9918 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8f881977-f259-4a57-6b97-08d58517c9c7 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 08 Mar 2018 17:12:39 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 08 Mar 2018 17:12:39 +0000 (UTC) for IP:'104.47.37.43' DOMAIN:'mail-cys01nam02on0043.outbound.protection.outlook.com' HELO:'NAM02-CY1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.011 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS) 104.47.37.43 mail-cys01nam02on0043.outbound.protection.outlook.com 104.47.37.43 mail-cys01nam02on0043.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.83 on 10.5.110.25 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Peter Krempa , Xiaogang Chen , Jon Grimm , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v2 4/9] qemu: add support to launch SEV guest X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Thu, 08 Mar 2018 17:13:49 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" QEMU >=3D 2.12 provides 'sev-guest' object which is used to launch encrypted VMs on AMD platform using SEV feature. The various inputs required to launch SEV guest is provided through the tag. A typical SEV guest launch command line looks like this: # $QEMU ...\ -object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D5 ...\ -machine memory-encryption=3Dsev0 \ Signed-off-by: Brijesh Singh --- src/qemu/qemu_command.c | 33 ++++++++++++++++++ src/qemu/qemu_process.c | 91 +++++++++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 124 insertions(+) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index fa0aa5d5c3d4..39f136a389cb 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9663,6 +9663,36 @@ qemuBuildTPMCommandLine(virCommandPtr cmd, return 0; } =20 +static void +qemuBuildSevCommandLine(virCommandPtr cmd, + virDomainSevDefPtr sev) +{ + virBuffer obj =3D VIR_BUFFER_INITIALIZER; + char *path =3D NULL; + + VIR_DEBUG("policy=3D0x%x cbitpos=3D%d reduced_phys_bits=3D%d", + sev->policy, sev->cbitpos, sev->reduced_phys_bits); + + virCommandAddArgList(cmd, "-machine", "memory-encryption=3Dsev0", NULL= ); + + virBufferAsprintf(&obj, "sev-guest,id=3Dsev0,cbitpos=3D%d", sev->cbitp= os); + virBufferAsprintf(&obj, ",reduced-phys-bits=3D%d", sev->reduced_phys_b= its); + virBufferAsprintf(&obj, ",policy=3D0x%x", sev->policy); + + if (sev->dh_cert) { + ignore_value(virAsprintf(&path, "%s/dh_cert.base64", sev->configDi= r)); + virBufferAsprintf(&obj, ",dh-cert-file=3D%s", path); + VIR_FREE(path); + } + + if (sev->session) { + ignore_value(virAsprintf(&path, "%s/session.base64", sev->configDi= r)); + virBufferAsprintf(&obj, ",session-file=3D%s", path); + VIR_FREE(path); + } + + virCommandAddArgList(cmd, "-object", virBufferContentAndReset(&obj), N= ULL); +} =20 static int qemuBuildVMCoreInfoCommandLine(virCommandPtr cmd, @@ -10108,6 +10138,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildVMCoreInfoCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV) && def->sev) + qemuBuildSevCommandLine(cmd, def->sev); + if (snapshot) virCommandAddArgList(cmd, "-loadvm", snapshot->def->name, NULL); =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 57c06c7c1550..349e12b6dc12 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -3457,6 +3457,16 @@ qemuProcessBuildDestroyMemoryPathsImpl(virQEMUDriver= Ptr driver, } =20 =20 +static void +qemuProcessDestroySevPaths(virDomainSevDefPtr sev) +{ + if (!sev) + return; + + virFileDeleteTree(sev->configDir); + VIR_FREE(sev->configDir); +} + int qemuProcessBuildDestroyMemoryPaths(virQEMUDriverPtr driver, virDomainObjPtr vm, @@ -5741,6 +5751,83 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver, return ret; } =20 +static int +qemuBuildSevCreateFile(const char *configDir, const char *name, + const char *data) +{ + char *configFile; + + if (!(configFile =3D virFileBuildPath(configDir, name, ".base64"))) + return -1; + + if (virFileRewriteStr(configFile, S_IRUSR | S_IWUSR, data) < 0) { + virReportSystemError(errno, _("failed to write data to config '%s'= "), + configFile); + goto error; + } + + VIR_FREE(configFile); + return 0; + + error: + VIR_FREE(configFile); + return -1; +} + +static int +qemuProcessPrepareSevGuestInput(virQEMUDriverPtr driver, + virDomainObjPtr vm) +{ + qemuDomainObjPrivatePtr priv =3D vm->privateData; + virDomainDefPtr def =3D vm->def; + virQEMUCapsPtr qemuCaps =3D priv->qemuCaps; + virDomainSevDefPtr sev =3D def->sev; + char *configDir =3D NULL; + char *domPath =3D virDomainDefGetShortName(def); + virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver); + + if (!sev) + return 0; + + VIR_DEBUG("Prepare SEV guest"); + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Domain %s asked for 'sev' launch but " + "QEMU does not support SEV feature"), vm->def->n= ame); + return -1; + } + + if (virAsprintf(&configDir, "%s/sev/%s", cfg->configDir, domPath) < 0) + goto error; + + if (virFileMakePathWithMode(configDir, S_IRWXU) < 0) { + virReportSystemError(errno, _("cannot create config directory '%s'= "), + configDir); + goto error; + } + + if (sev->dh_cert) { + if (qemuBuildSevCreateFile(configDir, "dh_cert", sev->dh_cert) < 0) + goto error1; + } + + if (sev->session) { + if (qemuBuildSevCreateFile(configDir, "session", sev->session) < 0) + goto error1; + } + + VIR_FREE(domPath); + sev->configDir =3D configDir; + return 0; + + error1: + virFileDeleteTree(configDir); + error: + VIR_FREE(configDir); + VIR_FREE(domPath); + return -1; +} =20 static int qemuProcessPrepareHostStorage(virQEMUDriverPtr driver, @@ -5866,6 +5953,9 @@ qemuProcessPrepareHost(virQEMUDriverPtr driver, if (qemuProcessPrepareHostStorage(driver, vm, flags) < 0) goto cleanup; =20 + if (qemuProcessPrepareSevGuestInput(driver, vm) < 0) + goto cleanup; + ret =3D 0; cleanup: virObjectUnref(cfg); @@ -6535,6 +6625,7 @@ void qemuProcessStop(virQEMUDriverPtr driver, } =20 qemuProcessBuildDestroyMemoryPaths(driver, vm, NULL, false); + qemuProcessDestroySevPaths(vm->def->sev); =20 vm->def->id =3D -1; =20 --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list