From nobody Wed May 14 15:58:25 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 152267880328090.28071335548452; Mon, 2 Apr 2018 07:20:03 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3FC5080463; Mon, 2 Apr 2018 14:20:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 02E965D753; Mon, 2 Apr 2018 14:20:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C03094CA9F; Mon, 2 Apr 2018 14:20:00 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w32EJx2E024238 for ; Mon, 2 Apr 2018 10:19:59 -0400 Received: by smtp.corp.redhat.com (Postfix) id C41365FCA3; Mon, 2 Apr 2018 14:19:59 +0000 (UTC) Received: from mx1.redhat.com (ext-mx02.extmail.prod.ext.phx2.redhat.com [10.5.110.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8B53260C80; Mon, 2 Apr 2018 14:19:58 +0000 (UTC) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0087.outbound.protection.outlook.com [104.47.32.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 50ED3883B8; Mon, 2 Apr 2018 14:19:57 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0145.namprd12.prod.outlook.com (2a01:111:e400:585a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.631.10; Mon, 2 Apr 2018 14:19:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=lmVyRLcxH9EaMYsqGqEevc6jQTu+1ZcSZFdJ4c5Zb4U=; b=g4mTyjIMWvMox3fZxzWf+NbJ1O75pgtFQCcCSzkNwpMUIcqyeQu3Swyz0eda6cu12SoPW5/ygoP4D6/A3snfM7pEB6o0ZdZnqpBhHKukb5JAMoaDbADnV+l123OnuoNu16GyLP7JdGk17AFmjTBR6qSCXskO6mgywIspch9GaH4= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Mon, 2 Apr 2018 09:18:51 -0500 Message-Id: <20180402141856.4596-6-brijesh.singh@amd.com> In-Reply-To: <20180402141856.4596-1-brijesh.singh@amd.com> References: <20180402141856.4596-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0001.namprd05.prod.outlook.com (2603:10b6:803:40::14) To BY2PR12MB0145.namprd12.prod.outlook.com (2a01:111:e400:585a::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 92043ffe-37a9-4aff-ac68-08d598a4cbfa X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BY2PR12MB0145; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 3:8BshWHeo4lB/V3WdSLVnrkYUKR2QEdKZW33XKBgyRfnwf/ufGXENUoAEiMFpIkxtznh5HB+bsLGv/ZYwYxinyYgSrvm1nAj8iFJrTQ8Z8AzluwZub5Tmkqi0f2X7cdtaqVjKWW4IlKhDBdh1cXJoVo/sTK0y6P4rVAV1qgcLpiyusx/MDnKjXmep5p+76n/TLNkA9OzjDC5/xtTAIk0VVKV6pKZ9y+5G4wjndk4KLnKHMnIVuu2OpAh8cgAYfJCf; 25:guaEGwkqaCWRq8FAtmu/L2nWl9zxp03Sgq0H74ONAplA1v4/dLEBO9Z6AB0brQ15PMkR27g6/CqYE7FEAA1k5d02klKtEtuYCGIz8NRzw3Nkpy/FtarpKmUO+hyK3cr290IdauEbt/6LxsXHwo2yLjf7QAjkgCXrYCWCv2gdc22XYUKgbGMjBUKxXJHCLMwH5pILHGh++GY5yQpoZWQtaBiYUaoW//4wpICysZrk+P3vd1NAIznBEIhyRKN6Vs/Cyjtzzr7+40WOsAz2AaXPbEibyJuxmnH+fBPffv0AsOqD3LB52iVMzJn7X21a+f6Jq3nt/uj+DxmStieaML9Sdg==; 31:HdaWBvO2UhA4AvPcf3sVBmgKu/TQRTCqvIjMr/2qLG20DKD80A154WRvG3722HJzSo2vSH39l7k6zi8Cdzz2PxiBz5v48f4sDNarWJYA9oB3On/wzt+Tskm/fVp4kEnUM6NEo5pH6RBClZa2K46MHJVaaeX77nit/Nx8K1qiOMk37l5Mdl92+zkco6vf+wmramFc5DIOnncMIMGVhivrBIimUCcKOBxWZK3yfJNSoE4= X-MS-TrafficTypeDiagnostic: BY2PR12MB0145: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 20:jtllQOuIaAm2FWYpBkvJw2DeaClwkwYiTn6ei05Y1paF1qW4rzseDDpcTNYl+e0auBxPzpvsB5eodoSg871BmZd2rHlJDUEwqVoDqlIs/8VzlL7VvVjgw8wnVf3uWQGyPU5BhhWZEywEff+9gXXCu2oVM69WHw19TXCf5CNhVgNNyVUdwc5utG2RH7gZlraDycQw3uTnMeHS8Sr4A2nHAZRHRDk8cpFSJl8UYFkgtcOUh1n1pickgkzJLuRJEdlPMi880TCxIVFYLHwl4BidafRGxhRbvGLLg5eZNwP44QScC0fvjsbBaUYBW7ru9k0C0UqRiNZ+b/YIo0Zpyot5D7AHAVgjJcR/+aa5UZ/HU0ljQokHS5o2GCwtiiOW+l8ZTzS3rElBqwlUcFV0oKYrXz9xf7fSGShXwEmiX/qIdcDHjhE41meLRK17QKef93swK9DM1+RnPUVhaGugI7fn+kJ36VC4xPNJ/7XKOgb2NZ856nFseKhYE6A6rQ3s1q2N; 4:fPlSLZd5NP8O4lgrDjb5Ce2gyYi23ToGdTR7qgsBICw+gEe2SJ3/8jiwDyoI1lTRGvLQod2h2FUJK+bsXAR+l89sW+FSdrw/rOix3Ra5lizmN3ejsmGbShMddpFO2EOz2d8LKT+Nj6pKour1fpuqVbMvTM0OWCrLCN3Cd1H3ylXXiWm7Hss5n712NxBAojBrIw2NzddkH1Atk0Kgf023Ea6kEW7az1TZFBqdn+lPN8HAI9j4B/gQc3iynZkzHoaQNd6cde/x+78ovJnvV71cxzIPd33T1tWa/tJpNicJmwt2gVB4iwNZF8rZNf8nfD+n X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231221)(944501327)(52105095)(6055026)(6041310)(20161123564045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(6072148)(201708071742011); SRVR:BY2PR12MB0145; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0145; X-Forefront-PRVS: 0630013541 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(396003)(366004)(346002)(376002)(39860400002)(39380400002)(199004)(189003)(25786009)(956004)(486005)(6916009)(48376002)(36756003)(81166006)(50226002)(186003)(97736004)(54906003)(16586007)(316002)(478600001)(26005)(1076002)(8676002)(6486002)(2351001)(50466002)(8936002)(16526019)(106356001)(47776003)(66066001)(53936002)(4326008)(81156014)(2616005)(2361001)(486005)(476003)(7736002)(51416003)(446003)(53416004)(59450400001)(6116002)(11346002)(5660300001)(68736007)(86362001)(76176011)(105586002)(7696005)(2906002)(52116002)(305945005)(3846002)(386003); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0145; H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR12MB0145; 23:th8iQB5rK/3ihEpxDKycQINjfftXcoAvfBw2FcDYS?= =?us-ascii?Q?nHm42lpUPkPpkShn+/h+03zSPs0r662+6zHyI/XgkiSUP+NDNVvHV7DdmrS5?= =?us-ascii?Q?aXc4MxZyZgIn6MH0Tt4lejYfYDNxaybnGJJ9hZQ8lsmqsuYVjm7LgZkujRhH?= =?us-ascii?Q?U1QY1HLmtcWg29TcFOtKSQPdBBlfO8CrZK+IoyADnPFbhfZnUl9US9vTh77E?= =?us-ascii?Q?HoMX48bKDe54TeqtmVL+nKUPbK5zrGYQJhNX5FbAfbe1+36T32MxjLJikE3T?= =?us-ascii?Q?/IAaWnCJHl+F0Lwc/PHXcugIISHrE0eS/wHOKy5gvEsXs3cV509VvvPlL+fX?= =?us-ascii?Q?mLCms9cw9E+d1pnhSAxnG8CNburmIQyFY1ggU3NeujRlcBetiCLE6GoUF2Oj?= =?us-ascii?Q?ubTN22KvBFBaYbyglg2urqzyiDPqxBexH//xFkMYSggDqvFc0tR9AHnJO8mX?= =?us-ascii?Q?3mXWyTQ+XF41NBjSt+ADQ/6kz9OltYLvpN7855DSMaQhau3Pfs3KLE0VvAIb?= =?us-ascii?Q?v1cRTXpP6P80ZOV4T/If38GSlmbFeeaajn77c36V0fflKJ3So6lsG3i6xOe7?= =?us-ascii?Q?mgdQFaEjuVIzST284Lu4MJYNgxKEDHDNWfqDd0HVNL1phdw3VpBmoFwTJZpy?= =?us-ascii?Q?gqmSFiChxBl2+63SsQ0MdnVgKAXutmsAV5ZBNN1SZzmOr8EdA9CoEV5qITnM?= =?us-ascii?Q?grSD931IyZb8ANEurH02v2x6OT58AxSqKC5/RLl2Kto4k7prBfSzBjjVU2FB?= =?us-ascii?Q?L9lR4Zy6YCmhqRtCuWLOIcHNiTenqy7PZ4zfYUN5C90IwG5vyagiomowQ7Oi?= =?us-ascii?Q?RYIznQD3FBfvr8LVmWqmXonorOaQ7XZpFG5KPxT8VQs+WqMpmPpmr8S0py+D?= =?us-ascii?Q?KB6Spx/46tner0rjWYHQZ6m79G7Hw9oP4/vf2Pbs983gUCCVSRes8lCxlzNk?= =?us-ascii?Q?tqX3XSh8N7p+ja8UBUw8YBImnBQ2H9nvAwNc+/nCP9sQTv7YCbzg05qHxjpX?= =?us-ascii?Q?wmHMr3RmAVg5PEQ9o/4xDwH9G8LhUxgdSDuAwulg44YuPrFc5aSmITLdtvAT?= =?us-ascii?Q?LIIBYAEQ3SORx+dcRiMUOH9g/Ul6isfEHvTfZIvIO633knS4HVWfhpMfqrqf?= =?us-ascii?Q?afinIQhQR5woNfxJZlJ3z52MaePNnGhSEgvr5YDZG3XYrwuMzUH/N2q+n2QB?= =?us-ascii?Q?zpNCIcAbc1cfWl4Rz2LH5ySWfjdgY8KnlqA2P68t5tmSBplbZ4iXfiyQWipf?= =?us-ascii?Q?pJLHVwfiXbPAL3L6dLDgWQu9ZmnrRYggtzC5igXLnWNAHe8Geuvp3hTpGeuU?= =?us-ascii?B?Zz09?= X-Microsoft-Antispam-Message-Info: ZFbBLC+K21mUJ5ibDThijYwa+yk9R7KyIVU0gVlLbDWftP5h/XVLQtu04GpyYwYbBcUhzRDI6M4aCYF/Jbn9otJddxc5fPufZeTUAJptNMmR4F227vM4zQL75st2SbzqGtgcWETD1YUfWF6idAvdIaqmE2SR+5Id2NEyIdVQW7F1r+P6Mm2PPFwL3xPmmesu X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 6:e3IXoFb5voivo/+T7Ay59rZB7CC2AQ3s17XfHTOnjUQpo0sNL6mQi88C5kaQB+Rsgp91YQ4J8Ek/rUWOCIZrIt8T9BjTedAjQF+5eWKKa04NkkG/NR9amoo6PPXYrh6D7PvPbBHWCKlEfk14Rdx7TBTQV5HeO9K96M7SJzjT4ufmI/Fc/6Q4kx0SWlnE2n4E0Nwz4F3MQY/g0HKnWaX/pMrdrvj+k3u09VR8CEsyTk2tMRU+6TR1n3vH0JJZxN5LKlpK2Hb5qx1Min5UDFJvEwqZXdXr2oC5TnQYatEHduRSKIup4jDvn/EbW0TD/nU38sW8HecD1bnFg4Y7hw6FtjdVi1S1IARM5Wp9XrmSF7T3YMO3zm6jPgGEk/2ZESZl0WUXtChrHt8XIZ0wAr2ZNgxbzPldwI4IcrSuUp3JTH4TotL22XCHPnvl/cMnrzHZ6BxHwhxQsY9vZwoJv4itog==; 5:ZVKjGe5u+XI2rPkMQfHRwLLJ7YxOGmT2nuHftds8QU8VHalONjiCwl6VfLiwK9Q5hYhbdm+oTQpJIbHIKeOwXgru+TXyemMIOwsOz3TMkUrN3CV6OGNQ7oBVffV5Ja+ABnml6Z7OZkhpKWDMGLPFlw/uHLvcddvAmxzS52s+hmQ=; 24:Zrowt4HiNbZp7ryMkG/39iSai5xkdxdAO42BYM9BceSj2Ca+4zcifo8r0j8sNtXsoxo+C3tkxZIBUSWB4EwyVzaZllA19iCvXoilwU+JnMc= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 7:YOnyFFHE7VGj1GM3w9CoFZN8Q4b5UhxDBGQEWM+C9jjSMB4Xo/XJ15AtoHXHXTZDgHFk25vAdFtF9+VDDB6edAw6qBWbsd/QKXOdWTnaRZDOKXJ+G6AMufRuVE+cJFydlHfSoG4iH8RCJMelEaayj1Sygr7n065QTtPGFBMzqy/3358aeExyJXDeQI3l8Aws9Hk/0zXrgjsRoWT198r50b6OnVu3M1K1ZC+c/R+SCDAs6XTAKIkOAJCkaP+sspGu; 20:hHIoaZQZ+16770Sj/HIfsKHskVo1apnS4WQcG9n5VR6Dhf/iC4pV9v3EhSaI/hlacjlt73E05SDspkdhLts3Ha88C7rlxrQanboJjmUb8+1dyKX7BBTG7Upiv+WOsH0IcmPXzM8LMI9IPpIqp/z4wQEboU7VNUv9vPROmpyZvBX3A5+fbI0XsNImkIrOh5SivJTQ5qb/qpXqffj2wa6fwda+Sg94PdYDdGe2SWVH5XQhCUYVuV1c5ysSryNYOlmM X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2018 14:19:50.0023 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 92043ffe-37a9-4aff-ac68-08d598a4cbfa X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0145 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 02 Apr 2018 14:19:57 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 02 Apr 2018 14:19:57 +0000 (UTC) for IP:'104.47.32.87' DOMAIN:'mail-sn1nam01on0087.outbound.protection.outlook.com' HELO:'NAM01-SN1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.011 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS) 104.47.32.87 mail-sn1nam01on0087.outbound.protection.outlook.com 104.47.32.87 mail-sn1nam01on0087.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.26 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Peter Krempa , Jon Grimm , Andrea Bolognani , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v5 05/10] qemu: add support to launch SEV guest X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 02 Apr 2018 14:20:02 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" QEMU >=3D 2.12 provides 'sev-guest' object which is used to launch encrypted VMs on AMD platform using SEV feature. The various inputs required to launch SEV guest is provided through the tag. A typical SEV guest launch command line looks like this: # $QEMU ...\ -object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D5 ...\ -machine memory-encryption=3Dsev0 \ Signed-off-by: Brijesh Singh --- src/qemu/qemu_command.c | 35 +++++++++++++++++++++++++++++ src/qemu/qemu_process.c | 58 +++++++++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 93 insertions(+) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 682d714..55bbfa2 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7405,6 +7405,9 @@ qemuBuildMachineCommandLine(virCommandPtr cmd, virQEMUCapsGet(qemuCaps, QEMU_CAPS_LOADPARM)) qemuAppendLoadparmMachineParm(&buf, def); =20 + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev) + virBufferAddLit(&buf, ",memory-encryption=3Dsev0"); + virCommandAddArgBuffer(cmd, &buf); } =20 @@ -9750,6 +9753,35 @@ qemuBuildTPMCommandLine(virCommandPtr cmd, return 0; } =20 +static void +qemuBuildSevCommandLine(virDomainObjPtr vm, virCommandPtr cmd, + virDomainSevDefPtr sev) +{ + virBuffer obj =3D VIR_BUFFER_INITIALIZER; + qemuDomainObjPrivatePtr priv =3D vm->privateData; + char *path =3D NULL; + + VIR_DEBUG("policy=3D0x%x cbitpos=3D%d reduced_phys_bits=3D%d", + sev->policy, sev->cbitpos, sev->reduced_phys_bits); + + virBufferAsprintf(&obj, "sev-guest,id=3Dsev0,cbitpos=3D%d", sev->cbitp= os); + virBufferAsprintf(&obj, ",reduced-phys-bits=3D%d", sev->reduced_phys_b= its); + virBufferAsprintf(&obj, ",policy=3D0x%x", sev->policy); + + if (sev->dh_cert) { + ignore_value(virAsprintf(&path, "%s/dh_cert.base64", priv->libDir)= ); + virBufferAsprintf(&obj, ",dh-cert-file=3D%s", path); + VIR_FREE(path); + } + + if (sev->session) { + ignore_value(virAsprintf(&path, "%s/session.base64", priv->libDir)= ); + virBufferAsprintf(&obj, ",session-file=3D%s", path); + VIR_FREE(path); + } + + virCommandAddArgList(cmd, "-object", virBufferContentAndReset(&obj), N= ULL); +} =20 static int qemuBuildVMCoreInfoCommandLine(virCommandPtr cmd, @@ -10195,6 +10227,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildVMCoreInfoCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev) + qemuBuildSevCommandLine(vm, cmd, def->sev); + if (snapshot) virCommandAddArgList(cmd, "-loadvm", snapshot->def->name, NULL); =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index c0105c8..0c93f15 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -5745,6 +5745,61 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver, return ret; } =20 +static int +qemuBuildSevCreateFile(const char *configDir, const char *name, + const char *data) +{ + char *configFile; + + if (!(configFile =3D virFileBuildPath(configDir, name, ".base64"))) + return -1; + + if (virFileRewriteStr(configFile, S_IRUSR | S_IWUSR, data) < 0) { + virReportSystemError(errno, _("failed to write data to config '%s'= "), + configFile); + goto error; + } + + VIR_FREE(configFile); + return 0; + + error: + VIR_FREE(configFile); + return -1; +} + +static int +qemuProcessPrepareSevGuestInput(virDomainObjPtr vm) +{ + qemuDomainObjPrivatePtr priv =3D vm->privateData; + virDomainDefPtr def =3D vm->def; + virQEMUCapsPtr qemuCaps =3D priv->qemuCaps; + virDomainSevDefPtr sev =3D def->sev; + + if (!sev) + return 0; + + VIR_DEBUG("Prepare SEV guest"); + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Domain %s asked for 'sev' launch but " + "QEMU does not support SEV feature"), vm->def->n= ame); + return -1; + } + + if (sev->dh_cert) { + if (qemuBuildSevCreateFile(priv->libDir, "dh_cert", sev->dh_cert) = < 0) + return -1; + } + + if (sev->session) { + if (qemuBuildSevCreateFile(priv->libDir, "session", sev->session) = < 0) + return -1; + } + + return 0; +} =20 static int qemuProcessPrepareHostStorage(virQEMUDriverPtr driver, @@ -5870,6 +5925,9 @@ qemuProcessPrepareHost(virQEMUDriverPtr driver, if (qemuProcessPrepareHostStorage(driver, vm, flags) < 0) goto cleanup; =20 + if (qemuProcessPrepareSevGuestInput(vm) < 0) + goto cleanup; + ret =3D 0; cleanup: virObjectUnref(cfg); --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list