From nobody Wed May 14 19:47:38 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1522166181104126.59525387532574; Tue, 27 Mar 2018 08:56:21 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7982A8050B; Tue, 27 Mar 2018 15:56:19 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 23DCE611B0; Tue, 27 Mar 2018 15:56:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A97BE4CA99; Tue, 27 Mar 2018 15:56:18 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w2RFtpbS008756 for ; Tue, 27 Mar 2018 11:55:51 -0400 Received: by smtp.corp.redhat.com (Postfix) id 49F462AE4A; Tue, 27 Mar 2018 15:55:51 +0000 (UTC) Received: from mx1.redhat.com (ext-mx07.extmail.prod.ext.phx2.redhat.com [10.5.110.31]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3EF1F600D2; Tue, 27 Mar 2018 15:55:51 +0000 (UTC) Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0082.outbound.protection.outlook.com [104.47.38.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E7187C03D471; Tue, 27 Mar 2018 15:55:49 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0145.namprd12.prod.outlook.com (2a01:111:e400:585a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.609.10; Tue, 27 Mar 2018 15:55:43 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=a0SnH0gCoSd006HkWTWFD7+4cVF0wq3zc87KNsiAxC4=; b=SLSS6UsYPscdno432d8/n4WxUmWWEr+me99fQ/1enrEKVxcc/Kjn5J3jgJVyXF6AN+UQSCJ1ukTrMrFdYAHV3nJlb7IyuzbPT9XML9CK0O0gc0Gibmxzu7fqoWfYLUWeWfl47xJJy8XrzsEMQf/ctW3Y3B4kj3pOJw/Z2/1GbwI= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Tue, 27 Mar 2018 10:55:10 -0500 Message-Id: <20180327155515.87611-5-brijesh.singh@amd.com> In-Reply-To: <20180327155515.87611-1-brijesh.singh@amd.com> References: <20180327155515.87611-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR17CA0008.namprd17.prod.outlook.com (2603:10b6:404:65::18) To BY2PR12MB0145.namprd12.prod.outlook.com (2a01:111:e400:585a::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: bd87c1c8-74cc-41fd-fac1-08d593fb3301 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BY2PR12MB0145; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 3:CZdeC/dCU/XAPTYzm0g4qQEht9Y4RSEnNnzg7LMvGhItUcQ9jKSw8aZQ3qgGbpBOIfJ8pdyLADkLvho7TYynQBMi+zrD5x3sTQqAYdy0MVTmWEkm+VxkzlaM0yZjM0QtQqLKP1Kw5LrrF3rWLRgS0mSutUBpnIXbAKJrbyYWr8tFQC9QWXEg0dvAJSgS+ZoFpJQovkDStmulqR5ZuLnM0nr0HHg2ns261sZSdBS0Xpisb1+qZve0Oi+7UxTgslqI; 25:mPpjceJ0P8IoiWIzRlUFA9yHtpjF076TyQn0gzb6WEnaTBgXa0j+vAmr1FfbrPzTuH9Usr2LU36yddq/U9WCNiHe+EHP/jne+FXNKuXHpXqMtjJVECQZAUjbd1PAPgvDqoQXlhF2tzpmjuaXDzbDutT7o/jLhNQ9V6WEcCpRP5+/Oq5bL40/6Hg/kIcWJdBnIpOEI7rviGQq9zvHjNeBKrdxt2FsDWyg6YMAulolf6ZfBpzhaU/s/iFF66/4mvZ6J4Zky+8harxzFNJFqUTSF+ItupEniUreuonvwiJKBQo1COVtRbD0IFOxaMocYke33cO76C5q9iunGttYm3Q/Ww==; 31:7KWDY701Ih2ctpqbMdKUwmAJEXr7heUi33ca9A8qJ8aMQCre2mUsFj34R8Ok5Ux4E2y5E6VG1Q++i6Eo68RV9vdpkJREMwci+NryTmt8mlrfmKGWTJduPpR/MWnOqbhhpgIaQMAFe20pQKqtmzsjy0mqCa1N4JG4ueO7cUJvXhakYv6wi9dD76n6ezLZlhiNiOaWsoueU1BXup7X0quVqQby3dDYI3qpbxno8IAWi0A= X-MS-TrafficTypeDiagnostic: BY2PR12MB0145: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 20:XzZmeE08woFZvm29Kr+pkuRu79/n4NnuJ9MOL1+SuobrdimgHAI0XhOutE5vwf5M+zpp5QdA3IHhzD6NL3TYlKRADni72notQSZoqDx33w/53npnCTAlZqa/Rwg3FPeyx/ewfu7E6mPDTZfb42+bg2nAZ9rnkMtkh+gWL1ZIqNv/Ossl3OUF4i9t/+a5PL8zCQJYh1WvwpsGklH/pzfbjiNN1sqJ7Ld8CuLpNUpHlhl29lZI/JdBWTcDitcU8SSPTZujDmku/i8nHLA4RYAWYSOUUhrVbP6QgWJ6AL1WXnwlpfiwU+VYfEXxUVG+rkamboqGdeW5tIt5GmR/MmtspQ3rTC7khXyHJ1O3c52hNsgtiDm2ell/scutR0xJj2Ku4xBzw05f6YIzFdRNND6pGAFb8UW+1/iFygDeS1uykikfPeMdr0DnEsA+/GkjfWAP6mZkzfErSMxmj4DV9zlSPPVTrC3EG2EF8HMEKB1SoiMtPXnNoi68jWQbe1hRBS0I; 4:UbxYljo9ZdEFNwrWxtmOvyS0wRuq7Ao5T4Pl/ChH31/pWZLr8uHZCD9i3gn05Z7WNEhsdMNmOee7fOaGhKg58s2nHH8ougeXLuvPK+owItjLHnzwgS8bDvr+cuHpS/n73DAnRRWIvNy6N4VltzjrOOTry+u9+7efRZKnjBT/d26LmDWdfkoBH+vAyOc9jKmElQWK/lPDUOkBUQeOQRMPWNcwjqaaeddMxDT1SIQjyjEgiZ+HkiZHagZQe09t4ZBWmDt2g/DOiTg6YD33yxlKqhjl+PyRHgnTOZlARs8dqC7d2OPomRySKdumnv0vgF53 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(10201501046)(3231221)(944501327)(52105095)(93006095)(93001095)(6055026)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123560045)(6072148)(201708071742011); SRVR:BY2PR12MB0145; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0145; X-Forefront-PRVS: 0624A2429E X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(39380400002)(39860400002)(346002)(396003)(366004)(189003)(199004)(97736004)(6666003)(48376002)(4326008)(51416003)(6916009)(8936002)(50466002)(316002)(81166006)(50226002)(52116002)(7696005)(16586007)(53936002)(5660300001)(3846002)(16526019)(76176011)(186003)(36756003)(68736007)(486005)(956004)(25786009)(476003)(59450400001)(8676002)(2616005)(6486002)(53416004)(106356001)(486005)(26005)(47776003)(66066001)(54906003)(7736002)(2361001)(305945005)(1076002)(81156014)(6116002)(2906002)(2351001)(575784001)(446003)(86362001)(11346002)(386003)(478600001)(105586002); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0145; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR12MB0145; 23:hyIA6/K/NX3BAPEZE8Q1T3zPRpdeDcnL03+tfptt5?= =?us-ascii?Q?Pqe3yyONdAZeebnA8DItpFj6GfnyRpoKJ+a1z3GPRitaSKGmYSLQ11+Itb14?= =?us-ascii?Q?1FJrw8gdm9PQ1zIFlk9XnovopAcQLMz2MpyR6visHQj+d01hbeC/r0DxDgJ6?= =?us-ascii?Q?1qPtL85/yMuh9WFvvVm88HrAvgBCquCmwnx74Oy2EPWLqrLPhgh6zX2Emduj?= =?us-ascii?Q?4PlrC6rGxNF45+srmmPdKVZF8/B5rE/is3D7XpSx3Fx1RKlp/ozEtyR4/k0M?= =?us-ascii?Q?dIKTBuUrsK0lu9E/RUtRIS1GuDolp6YTQKisvDJVN9shaieAEwOXw1kMIilR?= =?us-ascii?Q?WxaHuOWvV8xIti4xteUqf2UX7CM4TpayTUXbhGbCBNE1NbLk2cKntWFg82EK?= =?us-ascii?Q?MEt7Q+k1aKwtzPOUiLhR5CwI78LbIm6Tut16vP3+1liON97uU8MrGW3xM7zo?= =?us-ascii?Q?hZylUpNjcS6bSm6dUnFTX7bmyBSgm9J5j7lSdqqbAvFaZSvChrHRswbu3jyp?= =?us-ascii?Q?aMIMe5pVAaiYxDGUrP7J29lqjjgOm2z83A1W0830YHvHtnW5mCvzZnQdGq0g?= =?us-ascii?Q?jbmOONRvi1Ydq+a6Vb6DnUyyuLqAR6kWWRO4h0DUKKzXyF+3ZRVJ5uJgOola?= =?us-ascii?Q?4fcHUGrBhg51qNgfbWHXFAjYMSnjAfo8OxFXlySYpMfiSKqTzl6kxcgUg7ci?= =?us-ascii?Q?a6XstJTXHofFlCWKumnDRHeVtEJ1mF+9lCOwR8K7N5IMmjvAvqtgDmGjBwyA?= =?us-ascii?Q?QIujuJZfFGEuPE8joPKEyALp9dYAJH71PC+Rgcet9pf7bFhmxP1K7HYK8pVv?= =?us-ascii?Q?KAlcvgycJwsGTRU3N98VQQ8VfrYldNPDVCcjD8usmGFXP4h1QCMJC7AH+LO/?= =?us-ascii?Q?/Wx5DScKhInBaOSIbbj7siPtZL9HBX+hYSEDL7HjiO1Vnj5F8GeE1O98INhK?= =?us-ascii?Q?HWhrc28ZYVRpJANahaXxgpo40g0uDmenMnFiJ6qOKPn7pElfpYzwXOX656+O?= =?us-ascii?Q?Z3ZShZ3UhFNU8AJKm8HrzJGkOACS2oKhWlWWXbMrDn4ZznMILrA+TZUBriIl?= =?us-ascii?Q?BhoUIvMFsDtd0WXtHRCe0ObUYwwNus1QM6/x2yuEpEwvplGn/1Qx8m3MrHjm?= =?us-ascii?Q?6I/AivH4/V1ZGAg8YoOIHkOrHzcvahMzf3KM+sis3EcJS6U2wmtI5fMPPCzT?= =?us-ascii?Q?xIprgIZCJD+C+SStjbmPZNDHV0jCIzHCAXCMca8UK+YJ/fCOeFRMq3op8SUa?= =?us-ascii?Q?azfhHRpWgepGP21Un48ZW9UQ6zN4IwmAeDjpqSxx5nXSu/WNvndveOAoBlKw?= =?us-ascii?Q?kOs16VCtkRCg+aNVRNoW7yC9OaD+1zD2pGe3r1A7NYG?= X-Microsoft-Antispam-Message-Info: 2mTRrZx8PsB0XL4kJ3JgixLHgPrZD00jxEg7qBvGok/iazhZgWYQnO5snjoUSI892dmKbsTXzsUR8uYfkdOQ3TMbKda3+g/Nygo9/ofVZRAw0t4AtOqvyfq3I7Ow3fpjMi4N1h97J13fDHLeFqle9sZQvjTfgFoEvKViqMP6/5jmcF2AfoQB5oSy6STmEcBn X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 6:sojx0pER3QEvBbd0iBEq7V80ABBGaht1h9T46k1Q8DPejXLR+zukmOMIp1C2kKT6vHlpnlUrC5bzsu+36KWspXy9LkYNApXjyBQ7dBF4yNBs5xqxE9ZPxIC8elwfoe/j0Wmp70fRAHrrWm+sKcEP9mBwA3OHiwU3MLJQE3ruVjZ0sQKaXDEvbIn/FYizZYcAchwdPP5NrO5eLrUZMm9BKsrSd1Hczw3lQO8cPj9DYGNa4J3eMnUiZ81JHDDkvHp1EtiaKMdkXvG1F/wQt8Ocg5VQ6l8k/h1S7rLZPAyNzVXQqvP8X4yvFmP+n8l9HikpJpvCvfnAKbW51GnHBK10sbibaOLNXQqrwoTktxE0KCoitrXT0lSPBrcm+9Tjis+ItBO1iUqlWY9c9wmsc7wqzY+DNN5+8+AjyaeVxg53t5mT30wHkp+P4FBYa+v3bPsVbcniZ04Mwo8Riz0TdCIGjg==; 5:+LoYes01wCb1iX4rlX0CWPqFCGAS506zjQpvo2HVb0VqSecziMhMnerqDn+ByRfBPHVW9gnnPDN3713U3XaeLNN0mS2lSwLpH8cQG1ZqJ2dgEJCs3p3bHu5ac6MmZ+IhgGXTY9b+1+fkS4gTFeemuWxImgOo1CyPD4xkh4mL4yU=; 24:JnH5o6IQGAMScZnM5ZFoGxSqPnS6aNWAY+2re55czenlFVhB2CFNnqNTZAn3MAokomkDvCepo6lGC54lDoCtycFTbpHBaMsKzztjwm2kZ9I= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 7:d1LGYa23k+vI/TkjBTW3mdHAdLjQVI3a+qsUbVpQqtHdJFkzQUpSuZEmGGKZf72GsL3Tfr8sr9a+6WFrpyyb5TxVRmncUYh1oNoIHfrQ07Bc2XpSRsCy9Mwx/FjIQt7E6y1kRxU8ArzZmhKO6KZbvHBUSZTDp3W0z6zJg98/U05WXjM6RBDF+co5ShapRK00K8XT3RM6NytaW29xVLiQN2+JKEjjisam/U6X0m2Gx9yEpi7dSguzhKTu4yNOvTYf; 20:twJyXp/HNGSYM4oVBuAUQXzwe6QyreMFg3FU8X2Cglji1Pl/Jpk6kQDeICvIRhQAQ/AKLXNriTGYJTgA37HpWi5IFLXmyFqIgpfhVWL/cQi7XBKZFN6PQdeb5G+Ic1/NIb82yPjZF2UzwkIr4FgC3v0QPe6LESPyIl7lLkK+2L7jTk8H/9pODVm75m9tpoVmcEiM3tEqcKFyyRm9Ph9ho0iDviqS4S+abZX8K7WoHNvDaO2v5F72Po9XOEb7Sx2Q X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2018 15:55:43.0104 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bd87c1c8-74cc-41fd-fac1-08d593fb3301 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0145 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 27 Mar 2018 15:55:50 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 27 Mar 2018 15:55:50 +0000 (UTC) for IP:'104.47.38.82' DOMAIN:'mail-bl2nam02on0082.outbound.protection.outlook.com' HELO:'NAM02-BL2-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.011 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS) 104.47.38.82 mail-bl2nam02on0082.outbound.protection.outlook.com 104.47.38.82 mail-bl2nam02on0082.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.31 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Peter Krempa , Xiaogang Chen , Jon Grimm , Andrea Bolognani , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v4 4/9] qemu: add support to launch SEV guest X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Tue, 27 Mar 2018 15:56:20 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" QEMU >=3D 2.12 provides 'sev-guest' object which is used to launch encrypted VMs on AMD platform using SEV feature. The various inputs required to launch SEV guest is provided through the tag. A typical SEV guest launch command line looks like this: # $QEMU ...\ -object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D5 ...\ -machine memory-encryption=3Dsev0 \ Signed-off-by: Brijesh Singh --- src/qemu/qemu_command.c | 35 +++++++++++++++++++++++++++++ src/qemu/qemu_process.c | 58 +++++++++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 93 insertions(+) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 89fd08b..13d54e4 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7405,6 +7405,9 @@ qemuBuildMachineCommandLine(virCommandPtr cmd, virQEMUCapsGet(qemuCaps, QEMU_CAPS_LOADPARM)) qemuAppendLoadparmMachineParm(&buf, def); =20 + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev) + virBufferAddLit(&buf, ",memory-encryption=3Dsev0"); + virCommandAddArgBuffer(cmd, &buf); } =20 @@ -9750,6 +9753,35 @@ qemuBuildTPMCommandLine(virCommandPtr cmd, return 0; } =20 +static void +qemuBuildSevCommandLine(virDomainObjPtr vm, virCommandPtr cmd, + virDomainSevDefPtr sev) +{ + virBuffer obj =3D VIR_BUFFER_INITIALIZER; + qemuDomainObjPrivatePtr priv =3D vm->privateData; + char *path =3D NULL; + + VIR_DEBUG("policy=3D0x%x cbitpos=3D%d reduced_phys_bits=3D%d", + sev->policy, sev->cbitpos, sev->reduced_phys_bits); + + virBufferAsprintf(&obj, "sev-guest,id=3Dsev0,cbitpos=3D%d", sev->cbitp= os); + virBufferAsprintf(&obj, ",reduced-phys-bits=3D%d", sev->reduced_phys_b= its); + virBufferAsprintf(&obj, ",policy=3D0x%x", sev->policy); + + if (sev->dh_cert) { + ignore_value(virAsprintf(&path, "%s/dh_cert.base64", priv->libDir)= ); + virBufferAsprintf(&obj, ",dh-cert-file=3D%s", path); + VIR_FREE(path); + } + + if (sev->session) { + ignore_value(virAsprintf(&path, "%s/session.base64", priv->libDir)= ); + virBufferAsprintf(&obj, ",session-file=3D%s", path); + VIR_FREE(path); + } + + virCommandAddArgList(cmd, "-object", virBufferContentAndReset(&obj), N= ULL); +} =20 static int qemuBuildVMCoreInfoCommandLine(virCommandPtr cmd, @@ -10195,6 +10227,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildVMCoreInfoCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev) + qemuBuildSevCommandLine(vm, cmd, def->sev); + if (snapshot) virCommandAddArgList(cmd, "-loadvm", snapshot->def->name, NULL); =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 1afb71f..f0e32fd 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -5744,6 +5744,61 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver, return ret; } =20 +static int +qemuBuildSevCreateFile(const char *configDir, const char *name, + const char *data) +{ + char *configFile; + + if (!(configFile =3D virFileBuildPath(configDir, name, ".base64"))) + return -1; + + if (virFileRewriteStr(configFile, S_IRUSR | S_IWUSR, data) < 0) { + virReportSystemError(errno, _("failed to write data to config '%s'= "), + configFile); + goto error; + } + + VIR_FREE(configFile); + return 0; + + error: + VIR_FREE(configFile); + return -1; +} + +static int +qemuProcessPrepareSevGuestInput(virDomainObjPtr vm) +{ + qemuDomainObjPrivatePtr priv =3D vm->privateData; + virDomainDefPtr def =3D vm->def; + virQEMUCapsPtr qemuCaps =3D priv->qemuCaps; + virDomainSevDefPtr sev =3D def->sev; + + if (!sev) + return 0; + + VIR_DEBUG("Prepare SEV guest"); + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Domain %s asked for 'sev' launch but " + "QEMU does not support SEV feature"), vm->def->n= ame); + return -1; + } + + if (sev->dh_cert) { + if (qemuBuildSevCreateFile(priv->libDir, "dh_cert", sev->dh_cert) = < 0) + return -1; + } + + if (sev->session) { + if (qemuBuildSevCreateFile(priv->libDir, "session", sev->session) = < 0) + return -1; + } + + return 0; +} =20 static int qemuProcessPrepareHostStorage(virQEMUDriverPtr driver, @@ -5869,6 +5924,9 @@ qemuProcessPrepareHost(virQEMUDriverPtr driver, if (qemuProcessPrepareHostStorage(driver, vm, flags) < 0) goto cleanup; =20 + if (qemuProcessPrepareSevGuestInput(vm) < 0) + goto cleanup; + ret =3D 0; cleanup: virObjectUnref(cfg); --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list