From nobody Wed May 14 19:18:39 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1527110376114403.2604452108254; Wed, 23 May 2018 14:19:36 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B096E3082A32; Wed, 23 May 2018 21:19:28 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7A3ED91EBC; Wed, 23 May 2018 21:19:27 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2FF944BB78; Wed, 23 May 2018 21:19:27 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4NLJEij028773 for ; Wed, 23 May 2018 17:19:14 -0400 Received: by smtp.corp.redhat.com (Postfix) id 68AD52010CD3; Wed, 23 May 2018 21:19:14 +0000 (UTC) Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com [10.5.110.45]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2CF2E2010CA0; Wed, 23 May 2018 21:19:12 +0000 (UTC) Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0040.outbound.protection.outlook.com [104.47.36.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F2C3030A6B85; Wed, 23 May 2018 21:19:09 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by BL0PR12MB2449.namprd12.prod.outlook.com (2603:10b6:207:4d::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.797.11; Wed, 23 May 2018 21:19:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5kxst67FWla2R63aEQwoDaV2sEUOas1fSbO8OKs4gUg=; b=IxlJhiNmpSP3Fytdlkv5YJdvbfWJH8S+xr4gflgsfrCbcVIHh8OSSeH7VHdKgWIyK0cn5aoXV4WtSSY+A2osOLeHeSEMncg/HDYLGFZK4Faeap1VA6pLwh85MBUNdnRJKQgMNEYywNeYGaSqvR0FkEqMFq5GesFo0pjAucYridU= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Wed, 23 May 2018 16:18:30 -0500 Message-Id: <20180523211834.15817-6-brijesh.singh@amd.com> In-Reply-To: <20180523211834.15817-1-brijesh.singh@amd.com> References: <20180523211834.15817-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN2PR01CA0050.prod.exchangelabs.com (2603:10b6:800::18) To BL0PR12MB2449.namprd12.prod.outlook.com (2603:10b6:207:4d::31) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BL0PR12MB2449; X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449; 3:rHc4CH/XV6dL+TwNYVZK/zTujOvd6nK09o5dgj0BK1oaxkd2bihvQYK7xGulNXAFrfQHTIAVqf40X0KO7zQouTP0oL2Usk8rQLUx5itjj6Gx4h/WXcWBRA2rfKUwteraYV7fWUEQC+LQFrGbjtH8F6MJADfsu0sgDz+G7xZgEfivb6gnnjLSCeS1XKuaGpHfiJwXnjwp5JOdr6wku3qQFY3fvANghJPrvsPPwj6OysBioYERphoAcLonaIUFmYZE; 25:m/AGN/mG+a1gFeklO9qJZ9dXvAUNX/SzcatjPLLHBjBrUWfAv4qBeoYlEDxsHckU8u7bPpFDc63UTy6ZeNzOwk8cyv5DUT0FvEnTlTAzod8VXCJ/DQ7hijabazGytbDrfjJ859nmBNDWtR2SLgqIWx9Oy9stF5NYbCWXf/KW8K97fxtlL/+FQBvHgQrokEMIn6WB6i8HPXpQr7CgJM3ycO2OHYeffx4N2NSSjsFa84adLuj2jqKq2IFFR67vqWKM8j8aP/Ebm5HTWBb6aQbaeADQYcw/WbPcpKw8A9UloMS4F30y0YisQo38X0A5n6MFX5C1e2RnArNr6XVvbzpFVw==; 31:Jnoo4tHyiPJvzD0gYkb2+tvJ5s1nuLmtsNayNq0Ij40utbFTzVcoX+u9KNS7I7lL4F8MGAiuPz2tHfpsTsacYFJ0LmhfnEFXMeQ1sHKQ2RXB5Yw1pEkRiuGX9HDXgtKFjihL5GkeHZx1w3lAu582/Z/goHLG+KfSd4eVsfU5PRgq3nS7v+u5q7kHPRFXEeyi/navIa/9AeCr+J6Rz4qs5rokj3SdRI1tciWk80H7piM= X-MS-TrafficTypeDiagnostic: BL0PR12MB2449: X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449; 20:PPzFneqWzaWs1NUz9AqWH5wPX9aGAvCmM0VXeqI0ew/S40LTtEIuCkq6G/k8TFmXVdfcLKIqsgZBpBBscTMcf/hlgraKKxY3Re4kDIo/i317YPQVCJB5okmMBL4sUFy/3g4VQ2vFi7C+0plBApLDZg8L6edOfAekaCCNeULskmf89cJjqYkYPXZvor75o40fgQocfLCEsqtwtml2x6fA7JzET5NtHv04G1ctx89rz9rS1JnlAyblBH+kOFL0TWhBjkQax19JqtApFq6/wq45n8N91K+sYMHqUZwQXAivUCVoUTKj7sJ42gEKMSLaKDkeDiD83DUCp1fbf0W9mw89gaYCdNCgBdiIrLPwemUAPibiEvvbZwwvkjUEKjGThtdx2sN3FDyUtIjRQN/7rkZzZw4V/3chmgmM9mGW19nHMj72I/dOq+LDew9r1eibmW1/oScd2auQr6Plg1CgHUMhBipeB6Qd8aKVnA/xHYXyvalK2fZxvX506zZ2gNp6zH2G; 4:xFanpfod3yKXBb6d0TLgjJFBE6yGEpOkoY0NlUjjCSHKBxWqIZWJh9bmH9esnFLtPHLiiTHjOSjDV758KTXbrJ7VMFtyQbcbNJr7U1TlgxRsVIE8HDtQ3WGM36lieQpI4YR7zZg3kvxMEAielgeQYxM+p2NumwsSxNaZmsTh22vgqxLAn/j7gCgkMf6zXHVVWX76BodiMrHIpobhnCx2k344rI/gLnmkkvT8Z6YuSr4qFhW7rhBuX3Pfuw9YWBjCKb5Wm7UfLKReVqVEiZ9y4gU2OTRxKqsyrRacBjBE6uPzoj2+80NO4E3AeCOnS11z X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:BL0PR12MB2449; BCL:0; PCL:0; RULEID:; SRVR:BL0PR12MB2449; X-Forefront-PRVS: 06818431B9 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(346002)(376002)(396003)(366004)(39380400002)(39860400002)(199004)(189003)(956004)(6116002)(53936002)(1076002)(3846002)(4326008)(2616005)(36756003)(446003)(97736004)(11346002)(5660300001)(66066001)(16526019)(47776003)(186003)(6916009)(6666003)(44832011)(6486002)(86362001)(575784001)(16586007)(2351001)(26005)(478600001)(59450400001)(2906002)(76176011)(2361001)(51416003)(68736007)(50466002)(25786009)(476003)(52116002)(7696005)(54906003)(48376002)(7736002)(305945005)(106356001)(386003)(316002)(53416004)(486006)(81166006)(81156014)(8676002)(105586002)(50226002)(8936002)(44824005); DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR12MB2449; H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BL0PR12MB2449; 23:d4hZsN6cyILr4PGXNniqBhjr8NFcn5Cd+sKI1uFdP?= =?us-ascii?Q?ZH/pW1uofwIy0jwReCKXbi25Vn82t6/1arzYRotKLqFgac+mtc7v6ofeqj6m?= =?us-ascii?Q?OQfYEv76spBf/SDMYPOiCOxK1D/RDyKb5lVlQs3A5zNKsRqr7KnV6cpyodtj?= =?us-ascii?Q?ftliQNxCgrvEXlbYEWMLt5dBQEz704Sdc6421xD6exxFFTBckJgIjhnkEhSM?= =?us-ascii?Q?An55GQ34i+XPtUIneVSMkFKzNFjwoySYxwRVZyU8RL5AmePYT0EpRYGE4cy9?= =?us-ascii?Q?VcHwdzGV1Wf1alFVeIUidIevqkTbst48+u3amTw3YGqBTk/EevjGF7mJOLEs?= =?us-ascii?Q?BQw5N9I0rRFKxMc8YMlZNS+9iZCjF2WPflj2S/MYI8gL/s6NdsDgmLLuiuxB?= =?us-ascii?Q?NCpsxEjhiVHDDtRHdWr583htbMgzPfipeONkOigqd7mKcgR9CTGISYKPQjgR?= =?us-ascii?Q?QsMSAs6B7APrCQk375MlCqnxrwtQwoW1eiYQjGU0c1hlmap5SXBZ1o2kQoam?= =?us-ascii?Q?My22C/8lTtCq8DrUndAh7yb75lioT2H0ski87BioTGo+//F9aKNeJ/8iCKPI?= =?us-ascii?Q?rQX6H/lOutFkCr4FEpSslpFRSFSIaahhwpn+Pb7uIeN8pyUz7aog3bNPrq2l?= =?us-ascii?Q?uzUxGJxVB85fbPJ9rDgIPH4kQxJQFqcd60HVFDcwfIWB76HeBM1hOdybqFSu?= =?us-ascii?Q?NTiAk6xYjANrRo8LzqSkp1P/YnDuN9/fKCCqOaaQuXyIJ6wmQTLU3PAS8rU0?= =?us-ascii?Q?ZNgSa8e22ILyieDrA9UOW7OKhkJNfEKg2kpc3mcXAYg5CTSHBHgJAPVD8VTP?= =?us-ascii?Q?NyVxxoEsslPeU3SaBJ2dP5taSPUzH6dEZwn4QFsw5SQ1aCQoVRWUzWpy9b+w?= =?us-ascii?Q?Dgr9nWtl7WwSkhO0VeuUVQkzOpYWgm63FfKes+dYAnHgoQzfazQUPv6C1vlZ?= =?us-ascii?Q?vmUOzXac2HLU+XfmnBEaF8g5hz6JTmxIcppRAieSlXECz22pkDXYdpjjlsa3?= =?us-ascii?Q?P71XPvv2A62pqys+ViCo5bxrFnnK01hAdIr3/3vgxj1ZdwdqDpmVk410xJmJ?= =?us-ascii?Q?ZuNIAG0tZF5BZQJm2G+43ucC9pL0XCYtDFiCe0vG0Uz2eAJvdgdktsKlHYIv?= =?us-ascii?Q?kHp9IgVTbCfmSV9/ZMtfN1hvqY1EG3eZ+U/75VjcKtw+xAk/lJ6XqHTkiATy?= =?us-ascii?Q?QYSy0Cc6RTiH4WI0IZsagMpbWnJo1BhS6JdN9vVFMwp6zYzafqeuFkEKxPZi?= =?us-ascii?Q?qcmFp59AIZ5FP/8kL1K+1PKU4rDpnxJm63OrX0wKSZx0twmU4qJ/2VoWr5lF?= =?us-ascii?Q?LvfpPvXSC7PjAeh6T43N1aNCqS1PJOzLqgkoJVbFRFJoXRO74qfWE0aY5Ier?= =?us-ascii?Q?sPfJw=3D=3D?= X-Microsoft-Antispam-Message-Info: wcLnBt4qFDVexX8QXEqgfm39pqelcFmIcKT8eFwHAZfXxfZ64FXc0khvbMpkv91FN5JB3LjKIt5CZbe7HThwyTLyUBdQrm6IYKe7/i7XTQHXK2cO5wt1wO1YkbEhdNDy8oIb+UGLNVMz4tR9wuJxjBjjE7MJCLSoyxdFFITPDnpa4KkVZ0S2oeCHOHsfERF4 X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449; 6:+lYWrvebXFyWPfJ7zyR0GsMilNux3ClbUdIKpSQY1WnsYwCgrDdMIGiFT3eMoKbtXRAus1zbDh9L912iX6yxJV5uL6WJZbQHyBZGcD9O048upQGZu0EieSH5XId4+9KTsZvyQaAXSuwIfj16/gtC8QCAnhXfwvCiTGpLd77/WkOJwfL1izAJ0FBMlgAQY45tO5zPIHfhkIxkLqAzI6Z21zR38PdBozyYI3BN5giwseY38JLckxgaLdNyncRZX68iszThJiLj6e+YQxw9N+IzRyjsvXBXBFDGgk7230OgfysMPRD0R+HqXymOhsKjEkxPZfxxv7hphE+xGIaZid0dWbb3ODii0SBLsynHdK6v4RG5HAhU5grIDW+0x1GGuRU6o6m2rkoU+PC5Bjyfs5LQ+Di3+DoW3MUEAuTIxykgP5rKdqgMH4YmoYYtbXGepbpmrq99TB5xdbXGGUIrprXZCA==; 5:FQiUlCCQwtVzt1fB93jdnow3sZ8yymm9IQuMkOqawtjsB45Wczz1lpAWDpyi5qWRoOFASriKVjzRE/Oa3OZQ+vWrjV3yPXJfDz3TslKEQ2UihaM0MhslJEMcEhfPTjkeDhHKfgGGxj765F3f9ffqVJPivfaj6lr2O7K0Stwinjg=; 24:gci0WSzeT2j5q64r1OVjqnSKh5qWtpZPyCnyitlBtJZKJOgxgFSmGEJgfM5J8mGZK9fEvz6Yr7pWUh/xqboQO2z01/guf3a3y2GIV4SSdw0= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449; 7:lUc7+GYlTCVuoXFgsjDjgAhLWF6MGePTiRM3C/dHUbBSfyF55FZLIZeZtrYx0HN3o8MLZl3hljNl7eYxYYL4222+LPpqY6dvXrRpNlOLJJ+DE5k5zUGKcIvar+i/bP/xANqPc9y61Umo68FoTktbNMRyxMM4SozehpHtG/T+zwuS4Yw5WLbFnU0XnX1aFXRtRKwXUoUF582jhvu9xC+Gv7tguIzMUjh13xz4PnrUlOZxj8DTvGGhCTMOdz9bV+5g; 20:opsqhE0SjbTbgyF0UlOvyYa57hGpMyWznumZypwCctlRTzoXe8KuV38Bwgf0ZkC3eVXdlD9b6+HY7cka5+KtekckDu3tPrUH6Jjd6a2vqT56nJg51dx6/94X3DGsR878ErxPC88JYUjDVNkf447rpZZfDWh80SaxhXLERnvTiZLW1WZxfmGr6BkY5Ao+e7mvYEuujmii1Vq1xpsWm+OQi6ucMY6vqY7hr/KObWb/oItow2YWsY+Fix0gRgdzr0P8 X-MS-Office365-Filtering-Correlation-Id: 09a6e690-52b2-4166-e693-08d5c0f2cdb7 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2018 21:19:00.1978 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 09a6e690-52b2-4166-e693-08d5c0f2cdb7 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2449 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Wed, 23 May 2018 21:19:10 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Wed, 23 May 2018 21:19:10 +0000 (UTC) for IP:'104.47.36.40' DOMAIN:'mail-sn1nam02on0040.outbound.protection.outlook.com' HELO:'NAM02-SN1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -1.031 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.36.40 mail-sn1nam02on0040.outbound.protection.outlook.com 104.47.36.40 mail-sn1nam02on0040.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.45 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Peter Krempa , Erik Skultety , Jon Grimm , Andrea Bolognani , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v6 5/9] qemu: add support to launch SEV guest X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Wed, 23 May 2018 21:19:34 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" QEMU >=3D 2.12 provides 'sev-guest' object which is used to launch encrypted VMs on AMD platform using SEV feature. The various inputs required to launch SEV guest is provided through the tag. A typical SEV guest launch command line looks like this: # $QEMU ...\ -object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D5 ...\ -machine memory-encryption=3Dsev0 \ Signed-off-by: Brijesh Singh Reviewed-by: Erik Skultety --- src/qemu/qemu_command.c | 41 ++++++++++++++++ src/qemu/qemu_process.c | 62 +++++++++++++++++++++= ++++ tests/qemuxml2argvdata/launch-security-sev.args | 29 ++++++++++++ tests/qemuxml2argvdata/launch-security-sev.xml | 37 +++++++++++++++ tests/qemuxml2argvtest.c | 4 ++ 5 files changed, 173 insertions(+) create mode 100644 tests/qemuxml2argvdata/launch-security-sev.args create mode 100644 tests/qemuxml2argvdata/launch-security-sev.xml diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index cb397c75586a..63941e10ad83 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7203,6 +7203,9 @@ qemuBuildMachineCommandLine(virCommandPtr cmd, virQEMUCapsGet(qemuCaps, QEMU_CAPS_LOADPARM)) qemuAppendLoadparmMachineParm(&buf, def); =20 + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev) + virBufferAddLit(&buf, ",memory-encryption=3Dsev0"); + virCommandAddArgBuffer(cmd, &buf); =20 ret =3D 0; @@ -9566,6 +9569,41 @@ qemuBuildTPMCommandLine(virCommandPtr cmd, return 0; } =20 +static int +qemuBuildSevCommandLine(virDomainObjPtr vm, virCommandPtr cmd, + virDomainSevDefPtr sev) +{ + virBuffer obj =3D VIR_BUFFER_INITIALIZER; + qemuDomainObjPrivatePtr priv =3D vm->privateData; + char *path =3D NULL; + + if (!sev) + return 0; + + VIR_DEBUG("policy=3D0x%x cbitpos=3D%d reduced_phys_bits=3D%d", + sev->policy, sev->cbitpos, sev->reduced_phys_bits); + + virBufferAsprintf(&obj, "sev-guest,id=3Dsev0,cbitpos=3D%d", sev->cbitp= os); + virBufferAsprintf(&obj, ",reduced-phys-bits=3D%d", sev->reduced_phys_b= its); + virBufferAsprintf(&obj, ",policy=3D0x%x", sev->policy); + + if (sev->dh_cert) { + if (virAsprintf(&path, "%s/dh_cert.base64", priv->libDir) < 0) + return -1; + virBufferAsprintf(&obj, ",dh-cert-file=3D%s", path); + VIR_FREE(path); + } + + if (sev->session) { + if (virAsprintf(&path, "%s/session.base64", priv->libDir) < 0) + return -1; + virBufferAsprintf(&obj, ",session-file=3D%s", path); + VIR_FREE(path); + } + + virCommandAddArgList(cmd, "-object", virBufferContentAndReset(&obj), N= ULL); + return 0; +} =20 static int qemuBuildVMCoreInfoCommandLine(virCommandPtr cmd, @@ -10097,6 +10135,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildVMCoreInfoCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 + if (qemuBuildSevCommandLine(vm, cmd, def->sev) < 0) + goto error; + if (snapshot) virCommandAddArgList(cmd, "-loadvm", snapshot->def->name, NULL); =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index ac2049b95df5..3cf818aee034 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -5919,6 +5919,65 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver, } =20 =20 +static int +qemuBuildSevCreateFile(const char *configDir, + const char *name, + const char *data) +{ + char *configFile; + + if (!(configFile =3D virFileBuildPath(configDir, name, ".base64"))) + return -1; + + if (virFileRewriteStr(configFile, S_IRUSR | S_IWUSR, data) < 0) { + virReportSystemError(errno, _("failed to write data to config '%s'= "), + configFile); + goto error; + } + + VIR_FREE(configFile); + return 0; + + error: + VIR_FREE(configFile); + return -1; +} + + +static int +qemuProcessPrepareSevGuestInput(virDomainObjPtr vm) +{ + qemuDomainObjPrivatePtr priv =3D vm->privateData; + virDomainDefPtr def =3D vm->def; + virQEMUCapsPtr qemuCaps =3D priv->qemuCaps; + virDomainSevDefPtr sev =3D def->sev; + + if (!sev) + return 0; + + VIR_DEBUG("Prepare SEV guest"); + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Domain %s asked for 'sev' launch but this " + "QEMU does not support SEV feature"), vm->def->n= ame); + return -1; + } + + if (sev->dh_cert) { + if (qemuBuildSevCreateFile(priv->libDir, "dh_cert", sev->dh_cert) = < 0) + return -1; + } + + if (sev->session) { + if (qemuBuildSevCreateFile(priv->libDir, "session", sev->session) = < 0) + return -1; + } + + return 0; +} + + static int qemuProcessPrepareHostStorage(virQEMUDriverPtr driver, virDomainObjPtr vm, @@ -6043,6 +6102,9 @@ qemuProcessPrepareHost(virQEMUDriverPtr driver, if (qemuProcessPrepareHostStorage(driver, vm, flags) < 0) goto cleanup; =20 + if (qemuProcessPrepareSevGuestInput(vm) < 0) + goto cleanup; + ret =3D 0; cleanup: virObjectUnref(cfg); diff --git a/tests/qemuxml2argvdata/launch-security-sev.args b/tests/qemuxm= l2argvdata/launch-security-sev.args new file mode 100644 index 000000000000..db0be1a27d14 --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev.args @@ -0,0 +1,29 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name QEMUGuest1 \ +-S \ +-machine pc-1.0,accel=3Dkvm,usb=3Doff,dump-guest-core=3Doff,memory-encrypt= ion=3Dsev0 \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest1/moni= tor.sock,\ +server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-no-acpi \ +-boot c \ +-usb \ +-drive file=3D/dev/HostVG/QEMUGuest1,format=3Draw,if=3Dnone,id=3Ddrive-ide= 0-0-0 \ +-device ide-drive,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-= 0 \ +-object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D1,policy=3D0x= 1,\ +dh-cert-file=3D/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\ +session-file=3D/tmp/lib/domain--1-QEMUGuest1/session.base64 diff --git a/tests/qemuxml2argvdata/launch-security-sev.xml b/tests/qemuxml= 2argvdata/launch-security-sev.xml new file mode 100644 index 000000000000..5ae83f61c122 --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev.xml @@ -0,0 +1,37 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + +
+ + + + + + + + + + 47 + 1 + 0x0001 + AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA + IHAVENOIDEABUTJUSTPROVIDINGASTRING + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 1d023129aca5..f4eb9465ab76 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -2852,6 +2852,10 @@ mymain(void) QEMU_CAPS_DEVICE_VIRTIO_MOUSE_CCW, QEMU_CAPS_DEVICE_VIRTIO_TABLET_CCW); =20 + DO_TEST("launch-security-sev", + QEMU_CAPS_KVM, + QEMU_CAPS_SEV_GUEST); + if (getenv("LIBVIRT_SKIP_CLEANUP") =3D=3D NULL) virFileDeleteTree(fakerootdir); =20 --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list