From nobody Wed May 14 02:35:10 2025
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1528221622421575.2782695412328;
 Tue, 5 Jun 2018 11:00:22 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 90047C057F93;
	Tue,  5 Jun 2018 18:00:20 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id EC03F608F6;
	Tue,  5 Jun 2018 18:00:19 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 73F2C4CA82;
	Tue,  5 Jun 2018 18:00:19 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com
	[10.5.11.26])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w55I09LD029032 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 5 Jun 2018 14:00:10 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id EA54A30012D0; Tue,  5 Jun 2018 18:00:09 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx03.extmail.prod.ext.phx2.redhat.com
	[10.5.110.27])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D0DB03001A5F
	for <libvir-list@redhat.com>; Tue,  5 Jun 2018 18:00:07 +0000 (UTC)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com
	(mail-by2nam01on0085.outbound.protection.outlook.com [104.47.34.85])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id CF317AC96
	for <libvir-list@redhat.com>; Tue,  5 Jun 2018 18:00:05 +0000 (UTC)
Received: from wsp141597wss.amd.com (165.204.78.1) by
	BL0PR12MB2452.namprd12.prod.outlook.com (2603:10b6:207:4e::11) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.820.11; Tue, 5 Jun 2018 17:59:57 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=b3Yd4oKaATkstQueETViD8/ddNL9QY8dKxyKqE4CbCI=;
	b=rgePjDQZerrYvq4Koj0EHJPNA5MAX2eGNY9oWhPXqY5+P4Isz8ncgTMOWQi5SXf7vqZxHxknrVNRt5X5eNZhe2EyrIJOVW67wsbXkvF71+GoHs3Vh+2InY5f7EbnYjWl8GftdzyyZDcSzPhBcrEOV3+lQGlTmvOu4NOv8J/qqeg=
From: Brijesh Singh <brijesh.singh@amd.com>
To: libvir-list@redhat.com
Date: Tue,  5 Jun 2018 12:59:27 -0500
Message-Id: <20180605175932.62322-6-brijesh.singh@amd.com>
In-Reply-To: <20180605175932.62322-1-brijesh.singh@amd.com>
References: <20180605175932.62322-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: SN4PR0501CA0018.namprd05.prod.outlook.com
	(2603:10b6:803:40::31) To BL0PR12MB2452.namprd12.prod.outlook.com
	(2603:10b6:207:4e::11)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);
	SRVR:BL0PR12MB2452;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2452;
	3:8Fib1+HZ0sPZAwWSrnMkagfYnUB1omJvV11By+euQw+xcCfngYC0HObuc+H2uVQ8jNQOPTMenrGsl+KJQTKMYFFI2ydBggpa2UP+vZh4RZq/ZFPy9mphgVAQqlb389Hkdr9JXtJ1nJBoCn0tImar6Ko9FUIDhVfkpY3yspoyiB2bkd2bVxhh56EZ5cRrksZtg7hKErgnKgkwH2YkdFcN+EgFAK6rPfYEMAP2Jy3CKWRKx1dnoE03CpsqE8davail;
	25:mg/IwoN3rWqUMg2ELMWWX0IRZdzg0jQgBLycD4f7rQZEUXpKWXul2EKeRLn65u7mcsnoWCoVsHb6Q3bxW6njJa/ytYWEPMT3bK0bv2RpsGrE7j84XZ1iOBc6yK11K1hjatvZEWLYkBik8VjY3cFdj8Cbk5bXj11xQVVCc30vyQNMRO3zCKRx/Iwu48YjKw0h4RHz48rYRX+z/LrSI+Tx5uDNk9solLfwPX3Hu1Fx15GjKWt1nXxNn8PuUqJCvaP36DFCRh2pDClM2dO6VJQDyrTSCExi4yJ2rLqx0oAGEwd+zxE/25GqvhLMQwJYAQ4hItsmXlmZjb9r6yYNs8y6DA==;
	31:Z03523gY/E1Hc9pdhuLlanjFc2FBG9HKu4FHqntblIdih7u7ctu3dmTb6G1eRLy9+Vnuin9wrBLjgenkUydhJi+abokTR52OEVrKxmITzz19yEQworl2na8folpRoRL4zOobV9x0JlccqFqoeK5xhprnHRmVrfFJwWQfig6l+1UBYbarxHnWLHrpAQ6oKulVC/M7lI//nnpgmE9u4rhzj2Mh7f7J56nCO5BD8V+JI5Q=
X-MS-TrafficTypeDiagnostic: BL0PR12MB2452:
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2452;
	20:f5NgakgeG4dWXGrBOzhZa451TNudkNIkteHnf5+9CfaElzk+vc6DkEcJ2/I/zSzovXWs6rNwryzjff/S0tEAoaDc8IUn57hGm2LtQAjyY1CG/iSLFj/Uf7/vEPblo0NCtJPh+TNLuRYH1eheeal1V+R3xGejMzAdl31skjdUgXFfLRAzXn/CFuaK91kvGUyGWrHa8vZFSaqZF3+4AGwLBzxa12kpZStZD32Q9CkQhjE9BqmFhBwSiD/ENeMqnmS7bcznkv96ku7/XugMYRJ3v8R6mU4fnnrBbYkprwhZ0srbYKXFRQwh+LqlLWj6tSMLlKJpyR//vnI2NkiXgff3elMZBOM17UX1OSbrHeQWkJV8VQqIVY9ITTgJxXeHok8TnHRDh70OsWRcxMu6fKmzcrUSypooJ2Tt7RS0YkrDZQwLhRM83YbDrf57q8N6NLz1/RhNcJ9r8FWnifnbjtpvTkQQWKkKIrhnJ/TE/mqicB4DJS3FxAcnsd0tUituD39v;
	4:pkk8IpsoUVccbGVkjeq6hEt+7lRu4wZCl5lzbA/ZAfb2jd0upkMckWS3eVC5zJuV0q4ecgKNt/Qk8HrtwFi/B6JnBkk/G16+PQTglXg9DXfazyrIDaJSxGekHloaSSv0uRDUCOb8neFWCcnPFDEsEecbPhwKu5DIZShMcwrHr8Atw4ykEejMosTBTPXQ7RjONecQU7I3bgYGZHxTRgzB+jZDG3PADg5ZzcIt0YJWQxLWXzawgw+tYB31Wrddt1TSNGC4i8feEQV1h3GjH+sYKzLr4edggp/G3efY5dCGqNDrbu3b/mHTjCo4b6KLda4IuCm3iL+Lpp1azk1kYmz70EesCZBRbTLhzC6Uky8mKT4=
X-Microsoft-Antispam-PRVS: 
 <BL0PR12MB245235548ED8E4549BA5E9F4E5660@BL0PR12MB2452.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(767451399110);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(3231254)(944501410)(52105095)(93006095)(93001095)(10201501046)(6055026)(149027)(150027)(6041310)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(6072148)(201708071742011)(7699016);
	SRVR:BL0PR12MB2452; BCL:0; PCL:0; RULEID:; SRVR:BL0PR12MB2452;
X-Forefront-PRVS: 0694C54398
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(39380400002)(366004)(396003)(346002)(39860400002)(376002)(199004)(189003)(15404003)(6916009)(1076002)(59450400001)(7696005)(2361001)(386003)(106356001)(2906002)(52116002)(53416004)(4326008)(68736007)(105586002)(8676002)(81156014)(76176011)(6486002)(2351001)(25786009)(81166006)(54906003)(36756003)(6116002)(3846002)(97736004)(47776003)(15650500001)(50466002)(6666003)(7736002)(236005)(44832011)(305945005)(26005)(51416003)(956004)(606006)(446003)(476003)(50226002)(86362001)(486006)(2616005)(16586007)(478600001)(8936002)(66066001)(966005)(11346002)(53936002)(186003)(16526019)(5660300001)(316002)(48376002)(6306002)(44824005)(19607625011);
	DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR12MB2452;
	H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en;
	PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BL0PR12MB2452;
	23:WaGV4KF+nCi85659Fpv2cD/RkHFhduTCmg/KLSmNf?=
	=?us-ascii?Q?6dpCT0QNbQsAADX3e6G7QgeJcILgdddZEwymiBGHFmfhZvteVV55k+FdCuHX?=
	=?us-ascii?Q?8WBWpYfZK8GxgH3hrS7DnPnJZHbB9uYcpIWM3dZxhQHfjYZYyKaVwMH9NmQ7?=
	=?us-ascii?Q?/YXg9KyY+bVnbBekrjXGd7cEgY+ddFAgu9Qoko4Ev8epBQ23Unob0NCNAM0K?=
	=?us-ascii?Q?ki+7SzL0s+naw+XwSEGiS5PXUtLavpNQRE+FDY+BesE3lSRcR66ev1RY5GIi?=
	=?us-ascii?Q?Ukv8R9bZ36gX3AbwPGg5OkT1yKWD6IycoMGhBqPx8BW6ymVAP7+Rt2LYUzTP?=
	=?us-ascii?Q?WOGw1tNgGLiGNPBYpBaGD/f9k21/n7Ex5fXUjiv6/JxA6HwzhDIO/mkyC8Ub?=
	=?us-ascii?Q?NVFInDu+rSBPOVMzIrlW4HhAkBodpWVekfNUrlFDRZbJ3sPTPIfAhEwyhfO1?=
	=?us-ascii?Q?3hUst3dGYB006bm7SHmoIOk7/eZjfjlxI4vKTFjuxn9YjZXp3CYiNX/CNy5h?=
	=?us-ascii?Q?pUq7+KrfRnj/PEzaGSPPtnA9M3OFeSoj3H67f3KuleUon3NDBhk1WAcj4OL+?=
	=?us-ascii?Q?fM7OCD3z4AZDaVYGNA4bvBWfDNMzf5602v9rznugTYRSHJZ/8+miEH2pvLs8?=
	=?us-ascii?Q?y4viwrqNVDY/bsOEoSfrQmRRYwlqEc55LRlTTAR+8CqeMPaK9TLiYVxnb6lx?=
	=?us-ascii?Q?51uP/dW4HaugB4J46j9zIU+ZNi0pSU7Rf+4MYsYLD2lkhMA6XwLoU81bGZWq?=
	=?us-ascii?Q?ljygTufDejA6ykxsL0RMJV7a9zzHB0BfM+dlJzAxmRtaFbD1TVuJphvI01nQ?=
	=?us-ascii?Q?s1OfVZDrD9z7t+72o54ipv/koDkZraKmCqgkP7QjZ/RyQzsKP45hVh7F/25m?=
	=?us-ascii?Q?GPVOW9H7xC7DqYrPQGLyWTYxS5IuIU5HhUApvX5kS4tMyX1XQU+p3R7y/kkR?=
	=?us-ascii?Q?f1cRchQib0unobZIG14QZoGxif5kliGU+nFaYvbZBvCX1EgVI+1mUUSYGwxM?=
	=?us-ascii?Q?SxnXF7U+1Gb5tXXOTqTNihmKjuTV1wWBeUypUH5hYBj62GNiOOSddLLdfdwQ?=
	=?us-ascii?Q?KiV8eQpnaT0jCzZNH6B5jqkWos0rFVjh4xlZoUhSsIdnbwREVFojkCh1KyIU?=
	=?us-ascii?Q?SfxJehG5RxQVsKjs76+k81wd7pRVQTMOFPhwWu0DKdQXKDWoSnxBlUXZxF8D?=
	=?us-ascii?Q?x798mmUvuwQ7zldxHFKR5zVpsOxwGgtzSN+S1SEWXUyibNb3zn4zFpS5NmdP?=
	=?us-ascii?Q?D/mJAd5OhOu5k77QxOv1L5C8gebR201S4Nz25UIgB0XpaA4PK5SahSe2sfO4?=
	=?us-ascii?Q?77KjahPmE52nVOp3xA39/EHRH+RPFSQOxfI5mkh58o71Dn/R1joJ7mzGvvWS?=
	=?us-ascii?Q?AcTEdWG+oa3I+uqKguPnhWPTDxqAPnYkJxTtVhMfLzwFbpxWEBSthkZkXxka?=
	=?us-ascii?Q?Ew8kxr2aqprhrpKkqIRnqllgpBIJIX4wu2jI0BQkwbYnr9bNF9A?=
X-Microsoft-Antispam-Message-Info: 
 6xBJsq6qZ1o8NWaQBKJlekTfF7KmR3+DevwJ73QhQBYooCFsi2I6BgVEMLzQ6v7eH5siCRHGLCtVRQ0iiP/WqNIMdItP9HL5lrsA0mwZMniQQvCVQNNtGm4KjwVPzFJsRTLTBS60HYNAzX7M2Gn9gi6mfg82ctgwJsbE7Qds2af6yAW5inBRe4QzqeP7UzX2
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2452;
	6:Yph+rdIQP97qCDD0y1kXEVtCNavhr0bL0RZfHRNOdOtVM1J4WRlRqIBZMiIjwmO8jbUaPJs8LbTjTlULyVYLvBxWP3b3HuLTY4iO0DUF1//Uh7Venh87su47Ex7/738F68pmg/AY8Wz6E64h5KClHz10PGfFIOA4eBwKZ5IQch5EdzoCjLXyhUCwBwyVuRCahU3x/Qp8JXkzocV+Mm8kevgue/6MNzyRKZovT49xcWXhwM8yUdengvs4NYzNw4czXSkBWNu1D/eaFENkUdjMClB5BXF8gpGSeawF1ZzP/YCRoa7GJbP5Nr+CO6Ylr9jDkXZIHi8IRVLiy00McOiKOoFPK+IKSsLXJQjnL4IBbzbnS66tyAA3AqYa/C9EFhwO71XmEfxBLensN0jUJIGY5Yqt+Lydncj4wJPGZDP7tf2d9Ao0PvY3DppvEvXUXFume4CvWvpngbEBNXD7k0uLPw==;
	5:1uQai3db7KoiFjrJVZf4KUqHwq1f15H9A8L9VxNIOrYTF94YThOOJw4GrjvYi9kLGlp9X5fyyQ+JXi4OLA+fAstv07aQtUWlFUvuiEPEKumx1RnfqknFS9/d0oNHpHUfbKYLnw47N+HOv5pVhnlNk6WRbn75yvVDrEKIa/4m8fY=;
	24:P0gN2k2YC9MhnPStu9QTTFguYWVcqWNyJd0jE3mqYgO7joMxzOzuctLgyKWwDUDPLW6lV6UMPNO1f4I45BZoGckFaHZVsLPBlzyfaiFyuuY=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2452;
	7:5eJNJJPeRzdtGwdpytIiUBJoFFjtEM24PmSEH8J2FrzxDRw8/RkQ+nFPz01NujIGNxFlNdraTI+YJ+UE6VW4uuo5Qox1KM45YFLqUD5R1o094I9ZYFvpDEveOSod1UKpRjAHcs9cx0lHW7Se55Ec8O0SVXU67g38jvpNm2oXp8UuAHJjZ+ndZV8gGOPu/cqu1TmQ3YH8UuFbdrBNiyFQPMzvDhzLj73HXR3FRGsqd1IsRQ+oTuOtRE63FmHJi5U7;
	20:UTtkhAe7LQXeSKTbVVaIkMz+RimVlMLd0wWevRj+7KXONnGONgl7riojpYCFl241vHXSDftEnMlmLtpStBIs9p4kfZ1veR8+KztMaEv6zxZDHp8HAGvdfeRTIoOe3BiVD20fftQ1nEGnbyrDLax1k/mj7DNF09v7OHbHk8INZh0X1kh9Ps40Lx7UtRQYDttX0EszdakoiUvAZLnugLdTMcpwJthJQft+kFf4igtmMA0MLaz/eRVjulh3ysKjh8JM
X-MS-Office365-Filtering-Correlation-Id: 87897822-d97e-44ac-5b1f-08d5cb0e2648
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jun 2018 17:59:57.0506 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 87897822-d97e-44ac-5b1f-08d5cb0e2648
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2452
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.27]); Tue, 05 Jun 2018 18:00:06 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.27]);
	Tue, 05 Jun 2018 18:00:06 +0000 (UTC) for IP:'104.47.34.85'
	DOMAIN:'mail-by2nam01on0085.outbound.protection.outlook.com'
	HELO:'NAM01-BY2-obe.outbound.protection.outlook.com'
	FROM:'brijesh.singh@amd.com' RCPT:''
X-RedHat-Spam-Score: -0.021  (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE,
	SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.34.85
	mail-by2nam01on0085.outbound.protection.outlook.com
	104.47.34.85
	mail-by2nam01on0085.outbound.protection.outlook.com
	<brijesh.singh@amd.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.27
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26
X-loop: libvir-list@redhat.com
Cc: Tom Lendacky <thomas.lendacky@amd.com>, Jon Grimm <Jon.Grimm@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>, Borislav Petkov <bp@suse.de>
Subject: [libvirt] [PATCH v7 4/9] conf: introduce launch-security element in
	domain
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]);
 Tue, 05 Jun 2018 18:00:21 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

The launch-security element can be used to define the security
model to use when launching a domain. Currently we support 'sev'.

When 'sev' is used, the VM will be launched with AMD SEV feature enabled.
SEV feature supports running encrypted VM under the control of KVM.
Encrypted VMs have their pages (code and data) secured such that only the
guest itself has access to the unencrypted version. Each encrypted VM is
associated with a unique encryption key; if its data is accessed to a
different entity using a different key the encrypted guests data will be
incorrectly decrypted, leading to unintelligible data.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 docs/formatdomain.html.in                          | 115 ++++++++++++++++++
 docs/schemas/domaincommon.rng                      |  37 ++++++
 src/conf/domain_conf.c                             | 133 +++++++++++++++++=
++++
 src/conf/domain_conf.h                             |  27 +++++
 tests/genericxml2xmlindata/launch-security-sev.xml |  24 ++++
 tests/genericxml2xmltest.c                         |   2 +
 6 files changed, 338 insertions(+)
 create mode 100644 tests/genericxml2xmlindata/launch-security-sev.xml

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 7f4de65..decd854 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -8367,6 +8367,121 @@ qemu-kvm -net nic,model=3D? /dev/null
=20
     <p>Note: DEA/TDEA is synonymous with DES/TDES.</p>
=20
+    <h3><a id=3D"sev">Secure Encrypted Virtualization (SEV)</a></h3>
+
+    <p>
+       The contents of the <code>&lt;launch-security type=3D'sev'&gt;</cod=
e> element
+       is used to provide the guest owners input used for creating an encr=
ypted
+       VM using the AMD SEV feature.
+
+       SEV is an extension to the AMD-V architecture which supports running
+       encrypted virtual machine (VMs) under the control of KVM. Encrypted
+       VMs have their pages (code and data) secured such that only the gue=
st
+       itself has access to the unencrypted version. Each encrypted VM is
+       associated with a unique encryption key; if its data is accessed to=
 a
+       different entity using a different key the encrypted guests data wi=
ll
+       be incorrectly decrypted, leading to unintelligible data.
+
+       For more information see various input parameters and its format se=
e the SEV API spec
+       <a href=3D"https://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec=
ification.pdf"> https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specifi=
cation.pdf </a>
+       <span class=3D"since">Since 4.4.0</span>
+       </p>
+    <pre>
+&lt;domain&gt;
+  ...
+  &lt;launch-security type=3D'sev'&gt;
+    &lt;policy&gt; 0x0001 &lt;/policy&gt;
+    &lt;cbitpos&gt; 47 &lt;/cbitpos&gt;
+    &lt;reduced-phys-bits&gt; 1 &lt;/reduced-phys-bits&gt;
+    &lt;session&gt; AAACCCDD=3DFFFCCCDSDS &lt;/session&gt;
+    &lt;dh-cert&gt; RBBBSDDD=3DFDDCCCDDDG &lt;/dh&gt;
+  &lt;/sev&gt;
+  ...
+&lt;/domain&gt;
+</pre>
+
+    <dl>
+      <dt><code>cbitpos</code></dt>
+      <dd>The required <code>cbitpos</code> element provides the C-bit (ak=
a encryption bit)
+      location in guest page table entry. The value of <code>cbitpos</code=
> is
+      hypervisor dependent and can be obtained through the <code>sev</code=
> element
+      from the domain capabilities.
+      </dd>
+      <dt><code>reduced-phys-bits</code></dt>
+      <dd>The required <code>reduced-phys-bits</code> element provides the=
 physical
+      address bit reducation. Similar to <code>cbitpos</code> the value of=
 <code>
+      reduced-phys-bit</code> is hypervisor dependent and can be obtained
+      through the <code>sev</code> element from the domain capabilities.
+      </dd>
+      <dt><code>policy</code></dt>
+      <dd>The required <code>policy</code> element provides the guest poli=
cy
+      which must be maintained by the SEV firmware. This policy is enforce=
d by
+      the firmware and restricts what configuration and operational comman=
ds
+      can be performed on this guest by the hypervisor. The guest policy
+      provided during guest launch is bound to the guest and cannot be cha=
nged
+      throughout the lifetime of the guest. The policy is also transmitted
+      during snapshot and migration flows and enforced on the destination =
platform.
+
+      The guest policy is a 4 unsigned byte with the fields shown in Table:
+
+      <table class=3D"top_table">
+        <tr>
+          <th> Bit(s) </th>
+          <th> Description </th>
+        </tr>
+        <tr>
+          <td> 0 </td>
+          <td> Debugging of the guest is disallowed when set </td>
+        </tr>
+        <tr>
+          <td> 1 </td>
+          <td> Sharing keys with other guests is disallowed when set </td>
+        </tr>
+        <tr>
+          <td> 2 </td>
+          <td> SEV-ES is required when set</td>
+        </tr>
+        <tr>
+          <td> 3 </td>
+          <td> Sending the guest to another platform is disallowed when se=
t</td>
+        </tr>
+        <tr>
+          <td> 4 </td>
+          <td> The guest must not be transmitted to another platform that =
is
+               not in the domain when set. </td>
+        </tr>
+        <tr>
+          <td> 5 </td>
+          <td> The guest must not be transmitted to another platform that =
is
+               not SEV capable when set. </td>
+        </tr>
+        <tr>
+          <td> 6:15 </td>
+          <td> reserved </td>
+        </tr>
+        <tr>
+          <td> 16:32 </td>
+          <td> The guest must not be transmitted to another platform with a
+               lower firmware version. </td>
+        </tr>
+      </table>
+
+      </dd>
+      <dt><code>dh-cert</code></dt>
+      <dd>The optional <code>dh-cert</code> element provides the guest own=
ers
+      base64 encoded Diffie-Hellman (DH) key. The key is used to negotiate=
 a
+      master secret key between the SEV firmware and guest owner. This mas=
ter
+      secret key is then used to establish a trusted channel between SEV
+      firmware and guest owner.
+      </dd>
+      <dt><code>session</code></dt>
+      <dd>The optional <code>session</code> element provides the guest own=
ers
+      base64 encoded session blob defined in the SEV API spec.
+
+      See SEV spec LAUNCH_START section for the session blob format.
+      </dd>
+    </dl>
+
     <h2><a id=3D"examples">Example configs</a></h2>
=20
     <p>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 6379ab1..c6f3c7d 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -77,6 +77,9 @@
         <optional>
           <ref name=3D'keywrap'/>
         </optional>
+        <optional>
+          <ref name=3D'launch-security'/>
+        </optional>
       </interleave>
     </element>
   </define>
@@ -436,6 +439,40 @@
     </element>
   </define>
=20
+  <define name=3D"launch-security">
+    <element name=3D"launch-security">
+      <attribute name=3D"type">
+        <value>sev</value>
+      </attribute>
+      <interleave>
+        <element name=3D"cbitpos">
+          <data type=3D'unsignedInt'/>
+        </element>
+        <element name=3D"reduced-phys-bits">
+          <data type=3D'unsignedInt'/>
+        </element>
+        <element name=3D"policy">
+          <ref name=3D'hexuint'/>
+        </element>
+        <optional>
+          <element name=3D"handle">
+            <ref name=3D'unsignedInt'/>
+          </element>
+        </optional>
+        <optional>
+          <element name=3D"dh-cert">
+            <data type=3D"string"/>
+          </element>
+        </optional>
+        <optional>
+          <element name=3D"session">
+            <data type=3D"string"/>
+          </element>
+        </optional>
+      </interleave>
+    </element>
+  </define>
+
   <!--
       Enable or disable perf events for the domain. For each
       of the events the following rules apply:
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 4aaad2a..e03ac7f 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -938,6 +938,10 @@ VIR_ENUM_IMPL(virDomainShmemModel, VIR_DOMAIN_SHMEM_MO=
DEL_LAST,
               "ivshmem-plain",
               "ivshmem-doorbell")
=20
+VIR_ENUM_IMPL(virDomainLaunchSecurity, VIR_DOMAIN_LAUNCH_SECURITY_LAST,
+              "",
+              "sev")
+
 static virClassPtr virDomainObjClass;
 static virClassPtr virDomainXMLOptionClass;
 static void virDomainObjDispose(void *obj);
@@ -2946,6 +2950,19 @@ virDomainCachetuneDefFree(virDomainCachetuneDefPtr c=
achetune)
 }
=20
=20
+static void
+virDomainSEVDefFree(virDomainSevDefPtr def)
+{
+    if (!def)
+        return;
+
+    VIR_FREE(def->dh_cert);
+    VIR_FREE(def->session);
+
+    VIR_FREE(def);
+}
+
+
 void virDomainDefFree(virDomainDefPtr def)
 {
     size_t i;
@@ -3128,6 +3145,8 @@ void virDomainDefFree(virDomainDefPtr def)
     if (def->namespaceData && def->ns.free)
         (def->ns.free)(def->namespaceData);
=20
+    virDomainSEVDefFree(def->sev);
+
     xmlFreeNode(def->metadata);
=20
     VIR_FREE(def);
@@ -15794,6 +15813,85 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node,
 }
=20
=20
+static virDomainSevDefPtr
+virDomainSEVDefParseXML(xmlNodePtr sevNode,
+                        xmlXPathContextPtr ctxt)
+{
+    char *tmp =3D NULL;
+    char *type =3D NULL;
+    xmlNodePtr save =3D ctxt->node;
+    virDomainSevDefPtr def;
+    unsigned long policy;
+
+    ctxt->node =3D sevNode;
+
+    if (VIR_ALLOC(def) < 0)
+        return NULL;
+
+    if (!(type =3D virXMLPropString(sevNode, "type"))) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("missing launch-security type"));
+        goto error;
+    }
+
+    def->sectype =3D virDomainLaunchSecurityTypeFromString(type);
+    switch ((virDomainLaunchSecurity) def->sectype) {
+        case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
+            break;
+        case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+        case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+        default:
+            virReportError(VIR_ERR_XML_ERROR,
+                            _("unsupported launch-security type '%s'"),
+                            type);
+            goto error;
+    }
+
+    if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                        _("failed to get launch-security cbitpos"));
+        goto error;
+    }
+
+    if (virXPathUInt("string(./reduced-phys-bits)", ctxt,
+                    &def->reduced_phys_bits) < 0) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("failed to get launch-security reduced-phys-bits"=
));
+        goto error;
+    }
+
+    if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                        _("failed to get launch-security policy"));
+        goto error;
+    }
+
+    def->policy =3D policy;
+
+    if ((tmp =3D virXPathString("string(./dh-cert)", ctxt))) {
+        if (VIR_STRDUP(def->dh_cert, tmp) < 0)
+            goto error;
+
+        VIR_FREE(tmp);
+    }
+
+    if ((tmp =3D virXPathString("string(./session)", ctxt))) {
+        if (VIR_STRDUP(def->session, tmp) < 0)
+            goto error;
+
+        VIR_FREE(tmp);
+    }
+
+    ctxt->node =3D save;
+    return def;
+
+ error:
+    VIR_FREE(tmp);
+    virDomainSEVDefFree(def);
+    ctxt->node =3D save;
+    return NULL;
+}
+
 static virDomainMemoryDefPtr
 virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt,
                            xmlNodePtr memdevNode,
@@ -20586,6 +20684,13 @@ virDomainDefParseXML(xmlDocPtr xml,
     ctxt->node =3D node;
     VIR_FREE(nodes);
=20
+    /* Check for SEV feature */
+    if ((node =3D virXPathNode("./launch-security", ctxt)) !=3D NULL) {
+        def->sev =3D virDomainSEVDefParseXML(node, ctxt);
+        if (!def->sev)
+            goto error;
+    }
+
     /* analysis of memory devices */
     if ((n =3D virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0)
         goto error;
@@ -26560,6 +26665,32 @@ virDomainKeyWrapDefFormat(virBufferPtr buf, virDom=
ainKeyWrapDefPtr keywrap)
     virBufferAddLit(buf, "</keywrap>\n");
 }
=20
+
+static void
+virDomainSEVDefFormat(virBufferPtr buf, virDomainSevDefPtr sev)
+{
+    if (!sev)
+        return;
+
+    virBufferAsprintf(buf, "<launch-security type=3D'%s'>\n",
+                      virDomainLaunchSecurityTypeToString(sev->sectype));
+    virBufferAdjustIndent(buf, 2);
+
+    virBufferAsprintf(buf, "<cbitpos>%d</cbitpos>\n", sev->cbitpos);
+    virBufferAsprintf(buf, "<reduced-phys-bits>%d</reduced-phys-bits>\n",
+                      sev->reduced_phys_bits);
+    virBufferAsprintf(buf, "<policy>0x%04x</policy>\n", sev->policy);
+    if (sev->dh_cert)
+        virBufferEscapeString(buf, "<dh-cert>%s</dh-cert>\n", sev->dh_cert=
);
+
+    if (sev->session)
+        virBufferEscapeString(buf, "<session>%s</session>\n", sev->session=
);
+
+    virBufferAdjustIndent(buf, -2);
+    virBufferAddLit(buf, "</launch-security>\n");
+}
+
+
 static void
 virDomainPerfDefFormat(virBufferPtr buf, virDomainPerfDefPtr perf)
 {
@@ -27799,6 +27930,8 @@ virDomainDefFormatInternal(virDomainDefPtr def,
     if (def->keywrap)
         virDomainKeyWrapDefFormat(buf, def->keywrap);
=20
+    virDomainSEVDefFormat(buf, def->sev);
+
     virBufferAdjustIndent(buf, -2);
     virBufferAddLit(buf, "</domain>\n");
=20
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index b6c4090..7babbaa 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -142,6 +142,9 @@ typedef virDomainPanicDef *virDomainPanicDefPtr;
 typedef struct _virDomainMemoryDef virDomainMemoryDef;
 typedef virDomainMemoryDef *virDomainMemoryDefPtr;
=20
+typedef struct _virDomainSevDef virDomainSevDef;
+typedef virDomainSevDef *virDomainSevDefPtr;
+
 /* forward declarations virDomainChrSourceDef, required by
  * virDomainNetDef
  */
@@ -2303,6 +2306,26 @@ struct _virDomainKeyWrapDef {
 };
=20
 typedef enum {
+    VIR_DOMAIN_LAUNCH_SECURITY_NONE,
+    VIR_DOMAIN_LAUNCH_SECURITY_SEV,
+
+    VIR_DOMAIN_LAUNCH_SECURITY_LAST,
+} virDomainLaunchSecurity;
+
+typedef struct _virDomainSevDef virDomainSevDef;
+typedef virDomainSevDef *virDomainSevDefPtr;
+
+struct _virDomainSevDef {
+    int sectype; /* enum virDomainLaunchSecurity */
+    char *dh_cert;
+    char *session;
+    unsigned int policy;
+    unsigned int cbitpos;
+    unsigned int reduced_phys_bits;
+};
+
+
+typedef enum {
     VIR_DOMAIN_IOMMU_MODEL_INTEL,
=20
     VIR_DOMAIN_IOMMU_MODEL_LAST
@@ -2490,6 +2513,9 @@ struct _virDomainDef {
=20
     virDomainKeyWrapDefPtr keywrap;
=20
+    /* SEV-specific domain */
+    virDomainSevDefPtr sev;
+
     /* Application-specific custom metadata */
     xmlNodePtr metadata;
=20
@@ -3399,6 +3425,7 @@ VIR_ENUM_DECL(virDomainMemoryAllocation)
 VIR_ENUM_DECL(virDomainIOMMUModel)
 VIR_ENUM_DECL(virDomainVsockModel)
 VIR_ENUM_DECL(virDomainShmemModel)
+VIR_ENUM_DECL(virDomainLaunchSecurity)
 /* from libvirt.h */
 VIR_ENUM_DECL(virDomainState)
 VIR_ENUM_DECL(virDomainNostateReason)
diff --git a/tests/genericxml2xmlindata/launch-security-sev.xml b/tests/gen=
ericxml2xmlindata/launch-security-sev.xml
new file mode 100644
index 0000000..fb64e1e
--- /dev/null
+++ b/tests/genericxml2xmlindata/launch-security-sev.xml
@@ -0,0 +1,24 @@
+<domain type=3D'kvm'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit=3D'KiB'>219100</memory>
+  <currentMemory unit=3D'KiB'>219100</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-1.0'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+  </devices>
+  <launch-security type=3D'sev'>
+    <cbitpos>47</cbitpos>
+    <reduced-phys-bits>1</reduced-phys-bits>
+    <policy>0x0001</policy>
+    <dh-cert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dh-c=
ert>
+    <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
+  </launch-security>
+</domain>
diff --git a/tests/genericxml2xmltest.c b/tests/genericxml2xmltest.c
index d8270a6..366ac6f 100644
--- a/tests/genericxml2xmltest.c
+++ b/tests/genericxml2xmltest.c
@@ -141,6 +141,8 @@ mymain(void)
     DO_TEST_FULL("cachetune-colliding-types", false, true,
                  TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE);
=20
+    DO_TEST("launch-security-sev");
+
     virObjectUnref(caps);
     virObjectUnref(xmlopt);
=20
--=20
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list