From nobody Wed May 14 15:38:17 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1521099512373691.8597767252425; Thu, 15 Mar 2018 00:38:32 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D8C727EA90; Thu, 15 Mar 2018 07:38:30 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A182D5D723; Thu, 15 Mar 2018 07:38:30 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 668D2ADAB9; Thu, 15 Mar 2018 07:38:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w2EFkGL3006806 for ; Wed, 14 Mar 2018 11:46:28 -0400 Received: by smtp.corp.redhat.com (Postfix) id D08E160F84; Wed, 14 Mar 2018 15:46:16 +0000 (UTC) Received: from mx1.redhat.com (ext-mx04.extmail.prod.ext.phx2.redhat.com [10.5.110.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C4B4560BE3; Wed, 14 Mar 2018 15:46:16 +0000 (UTC) Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0050.outbound.protection.outlook.com [104.47.37.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9722085545; Wed, 14 Mar 2018 15:46:15 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.588.14; Wed, 14 Mar 2018 15:46:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ZhFGhLLt/AWWxQ/la1rtXBAYrxtOsg+uQ5h43OMA7tI=; b=YkfU3XR11fzWsrUpkkSG1IomjUpgsayQpj722dtGieLEqWA2kWtYlpCHTTOz2VYjVf3rngnBXNdwJ5i14aZNigp5CuNH7GL+NORHpi1xPqXHHVePIUjkP3N2wUnZz4QtbgfYVsVGOUnV+IwBUVFpcOQUO6S4URC3yc71Ar+ATi8= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Wed, 14 Mar 2018 10:44:30 -0500 Message-Id: <20180314154435.17991-5-brijesh.singh@amd.com> In-Reply-To: <20180314154435.17991-1-brijesh.singh@amd.com> References: <20180314154435.17991-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR1701CA0015.namprd17.prod.outlook.com (2603:10b6:301:14::25) To DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 4a1bd356-a0fa-407f-cc10-08d589c2b520 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM2PR12MB0156; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 3:jNGY0uj37sj5ZVDrj2aPP1kgePgBsA37fmJY4qNlciOka4B9bah3v7P0051PliGyGVwRNg59wlnacaLJORktYjyK0JV3nJRfFJ9BRNtCGSTAuJouSt9rsEJznicjn4FsbzpVvbW7N3/U45BznCpfn1VNKfA9pCLQY5pxeLJFsuuIa1K9Onf7W6pYJ49A0T7V/L6Tp9RsS5lX41RVMPseGo218YF0Tdbb+dYIu2qerZtjElaian+78zMae0JUy/bk; 25:bzQ13e+YHJIZEVBg2Dw2x8LzUkjspQ6N0l6fOiqNvi5i1boZfAqKnNCGOzxrtuDTXCR2hw5rcjikPl9UYAY4xv/VAH+2jvQabAc0AB+3qm6r4gE5C5p1HbTcGsVdw0ojW92+0h9xkfm/E1ZNVujbZL4A/bJEXZnL3EAhBTsHRnSQvXmBIIX0XWvCmt/yJPz6VO6j6cF3fTuX4musAoCUqomkmvTEM7Y0h7fSGebBVGwTSDYo2lWXUVaXUebGGhCHEKnDyOCfylI2YyNxR3a9QeekGMTgh44ndL5zQ9Vh/jRUFl9zlWEub4B+FJOn/lNKtFU8tv8L1I39FnsMnx/GBA==; 31:qYm7R17EkJRhWfYkyBotVQL40Rf20awFsrIoN57HRfAujijg3WtZ0eJKkjyJkSpqFAAf0K/BxKYgvG8q9+ZoU9g4lP/95cC3jgR35lBxUzdkHet/zKwwHn/jqJzNBwt7hoUGpQgnpYAgabpugvi/Xfd9xRIY12hTm57escL6WrMr3SZM0cYjvRkuDQmZDjwE/K/vjDEjjlYTJQOUU9QNyPLv1S8tOhiZK8wJl3xqNs0= X-MS-TrafficTypeDiagnostic: DM2PR12MB0156: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:YCkj89vWSceRkk94mItZUs5sm/MPkMqGjKYb4W1rULIJ2CoT5Kf7kIvJT4vFYHBQAj4GQ0LWLbSGO297WvO04BmnbTAUUBqhv/pS5O2IGBCf+H0QTD0+ZmXOHm6owa+sk4vdoyW//a7pjDXDkhOgvRZGRMU21gJ8alZvMqfQNBsE26mSyL7pSNhSSVQqp3jmNeyMsmAd2CvwkGwH6ROropA8IPR6M0ae188lqEBhQAQgakpiW45nhTi+M+9cguzi5MJ+MulGE6M2ZOz8Zo6nvURiRPZ2hKhIArWduECqO/+oamukZ7InI/GCDYgF7DkCuFO9WjDP/Zj30s26utbnH88PfofwdfmoIkNg6khkKhOMQvbcd90YEDH9qGPOsniUafYtJ80vWeJ0jApi5RDeOn6hnZIOXJb8cj4YihUcC6FefMTwsPT82Ue8Qgkp/uWkTzVDvAFcTguBsMkDzOSj4wcEcJRtDMJxHIdczzCaf5QN/zV4Ua91U1tulpG9RidV; 4:rMh03i0YFDiUgfjGgN+qc6JeTquyVa1PNOq/Y+0UfoKkAzjLak0v2eXQmcZZRUcZclMlGxTZuwE8DpFtVJkk2q1raqva44jg7gw5U4fqIEYTjyNUWiYS2hsV+8ziH3Of0uYerXix8GMsOVQuUpysvXWWuKqDnyM5vJ2lTEpprdtznJBpmIKx+uk3J22hiqNXh3uDbZV41J47bfE4qNFvbB7t8WswByUJelJWGC7h2C7fppBNPwhQh2ko4hlL0WJVNwMhAPNgRbmGUZf9XiZYaPOk0f6vLJcUkrLnFUEsy33zH8UyQQyOyYUWdmrP2b5p X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(3231221)(944501244)(52105095)(93006095)(93001095)(6055026)(6041310)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM2PR12MB0156; BCL:0; PCL:0; RULEID:; SRVR:DM2PR12MB0156; X-Forefront-PRVS: 0611A21987 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(366004)(39860400002)(376002)(346002)(396003)(39380400002)(199004)(189003)(59450400001)(2950100002)(6916009)(81166006)(2351001)(81156014)(4326008)(6116002)(478600001)(6666003)(52116002)(51416003)(7736002)(8676002)(3846002)(7696005)(305945005)(48376002)(106356001)(2361001)(50466002)(53936002)(16586007)(76176011)(47776003)(5660300001)(316002)(6486002)(54906003)(53416004)(68736007)(105586002)(97736004)(1076002)(66066001)(8936002)(50226002)(186003)(16526019)(386003)(36756003)(26005)(2906002)(86362001)(575784001)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0156; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM2PR12MB0156; 23:Zobw+1XhaRfkqqwUi9msg3jm9cbMgg9pHo9syN3IT?= =?us-ascii?Q?a+3GodHqzqQOLBuFbsmpJZhZypb6GEKpdV+DJ48uF6JLmM1gClG7q5AjgxH1?= =?us-ascii?Q?6THyplOcNW+b+ZZauIdv8PLoXIR/OqJ93Sk9UPF8HrDoQ3hYVdf6sMwBpdgn?= =?us-ascii?Q?3D/kWC8a+2i8e/wy7OXa0MCRCxtaAyj996Z0Xh7M3dg/an7B8WUwmEcnJwF3?= =?us-ascii?Q?uTtSCam9J4C84aiefyy+HnPAUysVatq+ioKqexD10B+OKQeLn90IDRGdFtWq?= =?us-ascii?Q?11wa6W+Ww5MrFYvEaMsxA3+X/0e0BXvm+gr76UyJeli+hhDDAeiyhQhr/K75?= =?us-ascii?Q?fHXElB24mFYwhZ58He9lyVqeoMy7paCgg6gg31Ca8ViQiLN3NgzTcnEL2L0y?= =?us-ascii?Q?CdG/RI+giQqRoGBfqK+1B1Lrsw5yDI/3xQ5az9vhd7NenKl6kiPq6aDYaHFx?= =?us-ascii?Q?82ilh/VH8Sn4E+pfXrbBKcNqjsMhCYNcvsCF8gIwoGcp20lw93qNGSzbLrVz?= =?us-ascii?Q?YVFAPm+1Jofm0j4x9qiz597Z+gTgmEmAKMhorQywL7KO3+USh3Uf8LzRkua/?= =?us-ascii?Q?Gauc2XwYtUf2krpUd9NjRRwjHsaN9gNM8sWzbMjT2ZA6Iv+7glfZ4W4DTgwf?= =?us-ascii?Q?bIm/hO2prVcAUiApFQUjAMPbHf7QhA0KX872lVN+yzpIz9nHY7MhLbM1IuRC?= =?us-ascii?Q?+6xml6VIR2Pt0nt4a7P/3ABIuOpSp5WsHOMFk1VtVg3M4Xs5u3I1enyZMFeI?= =?us-ascii?Q?Xp9+7xbadM9w8mZDXLIQrncYD2OZG/5cisOmFiB08wz7DYTTPuwTS6CYvjIb?= =?us-ascii?Q?J9XbE77ZWeM/GuoQ5jAV8OJHrv0VojY/lDta5NReokeq6YmIsVWZkREwQfqZ?= =?us-ascii?Q?h87et3ZFwz2IqeD9/byZStcZisxUIgQJefU8NsQkkz+y02XZ5VQYx4o78bJj?= =?us-ascii?Q?+kfULIK6Dsq3f1Yi9AwkbYRODSU0gfvl6sWw5rYnCSIWwYvrLmlurTwx4rCD?= =?us-ascii?Q?IESl7mXRPyhWFUaBoZNZKPkVbx3+cL04NqF7FXs60pGp5l8kX7oMoErqofLh?= =?us-ascii?Q?zQLVFQc8O8M//BcVRGqD+FyakKggAJANjNMDtkKI4TdM07huwb1uMlVwKycn?= =?us-ascii?Q?5bNcfXVu/EyHGjrX4GFlZ89YTQZtVqi8F9HLObayEmBIHqNVsvKe8GMTmYoZ?= =?us-ascii?Q?hjazYTzYQhQ4DrOnBjhgJAeTOtYdsdtHF2Obh9BRTswq6uwB75AUdKFUg=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Antispam-Message-Info: YruFa3dxr72jmG9iy4cjSmKlZ5cyaFBeHBOwDSP4yD4IKfDadjAJkMbiBRoh5khwt/nqkrd94EVfj9xniX4X2wdWJStZMxbkXI2eZ25w8LNM8wkeDmr2DKTSgvl61h1BNhwr0ywvjlCI9uE6rrxnL+mMSuXAdZBASQSnMqCrgB44dmyfhY7oj3KtcgTDbO1K X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 6:9EgALaVbMVuTDwe+q+74PObdjPJluCDbJDg/GOem8R3RLvPP/KFn6wBtlAtaW58UgS03bu7wZWni9cHe2N1+eWX9+bNf7wQ9mWs9NZoaind/q8mCnL/tkv9sWiTveLadrnyVdokwAZzdh9y5Zjktcg8rirkvPLJ4mw0kjPth8uuIQGWwjWieCFS9+rU8gy9kgME3eyl8omXaXdMCVgOh00BbhsnJVPuatYIOdc2GAMxd2EJVZhIRFX0kVgUDUb519IdDC7iwLTYRIUv1p1+AbutpHtT+vU/7AqkxogjT940Pe4txINFjYzqDaVuskpC42XkTki+Q+yShcNOULBecWJ9Ut3FaPr3V7/h9aiSahsQ=; 5:x/DoMSYvtKW7pYVCVai1qtDLNVpmcghUgXVx9qomYce4Gx4ndMkkb83j5QMpbaGgkKYVDDFSLkcJpEpF1b2gs7Pt79pq1l3HFPNXcu4Dch3JYVwEm8NVuQeF/JECgE4YhuoijkVXqRWmd2mm+0LhPyFerGei07hcE0OcZ2TyKpY=; 24:fLQxHHPjAeJXq2M+zVKNSZ/X5CwA5mHdqogzfzN5cV621YkldRea98IJcviMPSlN/82zplwRQmrLu1Nsw5UKTDfiyHZ+lcqzUEOJ752bCcA=; 7:cnZRMqEDjXq2jf/mfGrY3Yxk3hvnMjAMjs7IZk39bQPQtRbydXr03uNRxsURj9P7tMagbBEkF1sUD4cNGe9uGwJtGgnapMnEyDAQsRxcM4xVWo80ZBbeG7+YIXN4lEHga2gLFwnZaNPaDlQu0AXAmIw8obsVceIpIS17rnbfp2jLIGdpuv8+dadS0/r+bWxyj0ZvHleIV9D+Wgmv9V1oLxzV/L1hqbo0hKvcBSmRhKL5LtUytorUcZWPsaQq5PJR SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0156; 20:uV+ixy9Ke9LMuECwlI854UuGCY8krLKIX6NV1erD5cipHOYcFuCBa6D5jmR5wqdSvI5kGmAYffJWSJk2R57XrphA3gO+uMu+338Uj6UomxXmm7RoQoobE2kSqoO98jNXKYQw/o9ulUFF55TR21Ev3HqiXrL50rpzUnYXXNaUfXf5wmSWGHh4vs7+lZIJ3SVGDRirE2zpamT+C5HgRCGnE6i0MUudECgyIq3BUCtWqvCS4R8sumO0acBtcZ5F7OeH X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Mar 2018 15:46:08.6560 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4a1bd356-a0fa-407f-cc10-08d589c2b520 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 14 Mar 2018 15:46:15 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 14 Mar 2018 15:46:15 +0000 (UTC) for IP:'104.47.37.50' DOMAIN:'mail-cys01nam02on0050.outbound.protection.outlook.com' HELO:'NAM02-CY1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.031 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS) 104.47.37.50 mail-cys01nam02on0050.outbound.protection.outlook.com 104.47.37.50 mail-cys01nam02on0050.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.28 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Peter Krempa , Xiaogang Chen , Jon Grimm , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v3 4/9] qemu: add support to launch SEV guest X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 15 Mar 2018 07:38:31 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" QEMU >=3D 2.12 provides 'sev-guest' object which is used to launch encrypted VMs on AMD platform using SEV feature. The various inputs required to launch SEV guest is provided through the tag. A typical SEV guest launch command line looks like this: # $QEMU ...\ -object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D5 ...\ -machine memory-encryption=3Dsev0 \ Signed-off-by: Brijesh Singh --- src/qemu/qemu_command.c | 35 +++++++++++++++++++++++++++++ src/qemu/qemu_process.c | 58 +++++++++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 93 insertions(+) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index fa0aa5d5c3d4..7e0f515d0d7e 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7354,6 +7354,9 @@ qemuBuildMachineCommandLine(virCommandPtr cmd, virQEMUCapsGet(qemuCaps, QEMU_CAPS_LOADPARM)) qemuAppendLoadparmMachineParm(&buf, def); =20 + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV) && def->sev) + virBufferAddLit(&buf, ",memory-encryption=3Dsev0"); + virCommandAddArgBuffer(cmd, &buf); } =20 @@ -9663,6 +9666,35 @@ qemuBuildTPMCommandLine(virCommandPtr cmd, return 0; } =20 +static void +qemuBuildSevCommandLine(virDomainObjPtr vm, virCommandPtr cmd, + virDomainSevDefPtr sev) +{ + virBuffer obj =3D VIR_BUFFER_INITIALIZER; + qemuDomainObjPrivatePtr priv =3D vm->privateData; + char *path =3D NULL; + + VIR_DEBUG("policy=3D0x%x cbitpos=3D%d reduced_phys_bits=3D%d", + sev->policy, sev->cbitpos, sev->reduced_phys_bits); + + virBufferAsprintf(&obj, "sev-guest,id=3Dsev0,cbitpos=3D%d", sev->cbitp= os); + virBufferAsprintf(&obj, ",reduced-phys-bits=3D%d", sev->reduced_phys_b= its); + virBufferAsprintf(&obj, ",policy=3D0x%x", sev->policy); + + if (sev->dh_cert) { + ignore_value(virAsprintf(&path, "%s/dh_cert.base64", priv->libDir)= ); + virBufferAsprintf(&obj, ",dh-cert-file=3D%s", path); + VIR_FREE(path); + } + + if (sev->session) { + ignore_value(virAsprintf(&path, "%s/session.base64", priv->libDir)= ); + virBufferAsprintf(&obj, ",session-file=3D%s", path); + VIR_FREE(path); + } + + virCommandAddArgList(cmd, "-object", virBufferContentAndReset(&obj), N= ULL); +} =20 static int qemuBuildVMCoreInfoCommandLine(virCommandPtr cmd, @@ -10108,6 +10140,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildVMCoreInfoCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV) && def->sev) + qemuBuildSevCommandLine(vm, cmd, def->sev); + if (snapshot) virCommandAddArgList(cmd, "-loadvm", snapshot->def->name, NULL); =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 57c06c7c1550..5c102de03582 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -5741,6 +5741,61 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver, return ret; } =20 +static int +qemuBuildSevCreateFile(const char *configDir, const char *name, + const char *data) +{ + char *configFile; + + if (!(configFile =3D virFileBuildPath(configDir, name, ".base64"))) + return -1; + + if (virFileRewriteStr(configFile, S_IRUSR | S_IWUSR, data) < 0) { + virReportSystemError(errno, _("failed to write data to config '%s'= "), + configFile); + goto error; + } + + VIR_FREE(configFile); + return 0; + + error: + VIR_FREE(configFile); + return -1; +} + +static int +qemuProcessPrepareSevGuestInput(virDomainObjPtr vm) +{ + qemuDomainObjPrivatePtr priv =3D vm->privateData; + virDomainDefPtr def =3D vm->def; + virQEMUCapsPtr qemuCaps =3D priv->qemuCaps; + virDomainSevDefPtr sev =3D def->sev; + + if (!sev) + return 0; + + VIR_DEBUG("Prepare SEV guest"); + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Domain %s asked for 'sev' launch but " + "QEMU does not support SEV feature"), vm->def->n= ame); + return -1; + } + + if (sev->dh_cert) { + if (qemuBuildSevCreateFile(priv->libDir, "dh_cert", sev->dh_cert) = < 0) + return -1; + } + + if (sev->session) { + if (qemuBuildSevCreateFile(priv->libDir, "session", sev->session) = < 0) + return -1; + } + + return 0; +} =20 static int qemuProcessPrepareHostStorage(virQEMUDriverPtr driver, @@ -5866,6 +5921,9 @@ qemuProcessPrepareHost(virQEMUDriverPtr driver, if (qemuProcessPrepareHostStorage(driver, vm, flags) < 0) goto cleanup; =20 + if (qemuProcessPrepareSevGuestInput(vm) < 0) + goto cleanup; + ret =3D 0; cleanup: virObjectUnref(cfg); --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list