From nobody Wed May 14 02:30:11 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1528221621287646.9102332232492; Tue, 5 Jun 2018 11:00:21 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6B3757C08F; Tue, 5 Jun 2018 18:00:19 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1A1732010CF3; Tue, 5 Jun 2018 18:00:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 519F61800FD8; Tue, 5 Jun 2018 18:00:18 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w55I094L029034 for ; Tue, 5 Jun 2018 14:00:10 -0400 Received: by smtp.corp.redhat.com (Postfix) id EF3CE3083326; Tue, 5 Jun 2018 18:00:09 +0000 (UTC) Received: from mx1.redhat.com (ext-mx03.extmail.prod.ext.phx2.redhat.com [10.5.110.27]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D63373001A41 for ; Tue, 5 Jun 2018 18:00:09 +0000 (UTC) Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0085.outbound.protection.outlook.com [104.47.34.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 05E6CAC97 for ; Tue, 5 Jun 2018 18:00:08 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by BL0PR12MB2452.namprd12.prod.outlook.com (2603:10b6:207:4e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.820.11; Tue, 5 Jun 2018 17:59:58 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v+quBozkNeeoyedoE+Z20mYTqPqlQ6u/zhoWo16AquQ=; b=oTm4ZsZBwk0M4g5X3zZhHXbgeOls+1XUttgsmODJE8i6QCmsqwZbbSBwCyUyTlnkSuKCFXtJwiFDlwP7m+3USAy3hmd7lBdyuJg48Q42PEWf10dMakOXVo9IB3ILGOiXvgryDRCBLsFtPT9xUiDMC4iAx77Hlis9rE9+G1pQ1SM= From: Brijesh Singh To: libvir-list@redhat.com Date: Tue, 5 Jun 2018 12:59:29 -0500 Message-Id: <20180605175932.62322-8-brijesh.singh@amd.com> In-Reply-To: <20180605175932.62322-1-brijesh.singh@amd.com> References: <20180605175932.62322-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0018.namprd05.prod.outlook.com (2603:10b6:803:40::31) To BL0PR12MB2452.namprd12.prod.outlook.com (2603:10b6:207:4e::11) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BL0PR12MB2452; X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2452; 3:hjs0qbg6BNkUm0aES7QZrbqWar6ifA2Fr2jTewOD2dG2x2H+uhKAjdcUzwiS60nKl2HvfUL11MK6pSq5/YiKlFxJYms/GHGNcI2W+PXVAKuG0jdWeKI7KBPrVmtYdqVaQn7DAfHxp35uhluhK3/oypfNadDJkp11EArLrvkqvKTaegeQPL4JS5QhaUlcTyfOPEAyHQMwv1HwPnMnuMVy+lpTWLiS9S6B57ri1YQsQMFYpsnSqXIyktcYJhdUuLLo; 25:0mtHDT44XcU4U1TSCOx/vj2zhsFZDvi2t0WC33/H0VQvFg0k3XyiTwam9gc10QvLMdSYtkpOtt9tINkr9iQPfXrM/lE2GGsbBSRNR/lfbc4asaNqwEWqMJghTb+d7W2wJsIk2zTAMFkfriCpyzLqRa3xDiMlO8mV4+ivTTJUgrjIHVMssWdqbNE7txg+kaZKiJtNoeAANm8qnrG4r6WqQ1DuPOkEWjlESfV6JcWInZ/MYnlNkuN6p6m3507QXqauNGcsVwszpPqL4847aXCDCaBkSEYs29WxK6caD0DhGAMIlr7PyFrVsHDABDGULu+FfpnOzMQrfBxEwNMGGtHh1w==; 31:c9g2AaDlFqkiMJzI+HXK77Yofy0kStsypwZb6evlWryWTbo7UjUG8D96qrv10pPdGFGszg6E6rqB76MSfZGwWeL2c6L0MWUqP1U6iBxVAX0rPuieQZ4ze6obRxHEiJP/lh4iVsJ0QevFqOpFTwRyWvxbatHXJC1JMqQNNpMRBfXSUTYgMS7Dtw1yFLU70Zyj/j0GXH74MDu8ZeBV7d0rUE8OmxyPMwwLFpXYSzUzeZQ= X-MS-TrafficTypeDiagnostic: BL0PR12MB2452: Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2452; 20:d+Gc4nj2k+Z3T9Owue2shl4UfhC9W7baXd/psbLHeVr6hRVOz1DJQ4NN2Fns5yT56PSL/AK8mJBBO0rGD2GikS8bvj9/ot3GynkXwguBe3Ru1A2PXFCZ5I9Fl4Vefb/fMTcqAk/rOME3oA6lZjuXaVDrKzx8QcJPjkiLMSW+wB36mNomUHrGub+tkRyEvVgJOp/KlsS6NLPcyofA1h4mACB0iZ6Hi638Xk4Ya81Yq3p76JPqv6KxwhfFrg62Ix4P6VDIcsuwZ+Z/xWVoI7XEj0Czrsl6cuTYsphUlEVuQYJlx5TUBFfZLRcYY/DePMwbZZK2iq2uXwRKhnCZgwT0k21k8KYBQ7PAqojuNkuF5SJ0C2Ai19KpWRdGn7MPxz8nt+dcUjYr0XcfVA3lWkX/PLHtBD0JsTOCav2aJWSPBcczxFONx8y7CNGVBtLf6SL3JOHGP7siz/cW3uTE0BxXwo2w+gfkfn5m06XyIijrlGlY3mUwaB+Sx+O927rQuhpw; 4:W96PKLgaRSBpHicyoRfxZR3LcfgS5SB0u0/a3VFB+w1TPH1x3wZ6qLTLTEKzchsqZjWokwqljuaq84GG9FjWqzztukWpGpZybfI7VeF7+SoW+/jlUue52qt3H3iJ8jvPlpEhGMGy5BoGDy36nvy+qoh0L4JcbBfcNzTNmqNHfQDmP1wuURs58cu3P+FXP+kpODzZnvpslmSuRm/z/bHVtmcmwlcT5/L7TEi0rCmzvD37h3Ti+tvzw1iQa2bpswaPqwSptFvFH7chg4el9F7jXCjKrhPPEmbFrRnehd+jK/dkLJCUBXpDI+1z3cmjIidF X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(3231254)(944501410)(52105095)(93006095)(93001095)(10201501046)(6055026)(149027)(150027)(6041310)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:BL0PR12MB2452; BCL:0; PCL:0; RULEID:; SRVR:BL0PR12MB2452; X-Forefront-PRVS: 0694C54398 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39380400002)(366004)(396003)(346002)(39860400002)(376002)(199004)(189003)(6916009)(1076002)(59450400001)(7696005)(2361001)(386003)(106356001)(2906002)(52116002)(53416004)(4326008)(68736007)(105586002)(8676002)(81156014)(76176011)(6486002)(2351001)(25786009)(81166006)(54906003)(36756003)(6116002)(3846002)(97736004)(47776003)(50466002)(6666003)(7736002)(44832011)(305945005)(26005)(51416003)(956004)(446003)(476003)(50226002)(86362001)(486006)(2616005)(575784001)(16586007)(478600001)(8936002)(66066001)(11346002)(53936002)(186003)(16526019)(5660300001)(316002)(48376002)(44824005); DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR12MB2452; H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BL0PR12MB2452; 23:jpy+Hc82TSJPrkFcn2H1IpQQHhfAfWNH/ASYHyja5?= =?us-ascii?Q?HU8hnpmZ+qkJkhv45thx8F28/KEmzjChRtS0OuYrof7ZhAmpgnsvmGgDjCeS?= =?us-ascii?Q?ahAaKP7y2C/xdL2BPhdm1vtzJYoqDhb+EsrYO3Rz9Phnk9NjRGtMzqO2kIqt?= =?us-ascii?Q?i8rn2JK/ZBWQ1cm7fv2ZaBvFhqdLsdGLCAWPmEPClhArykLALsqyg9wEOU/2?= =?us-ascii?Q?bBULQfldEvKEtlRrKrNyWPeYQkE+2RzVxTdFHw6caeibR5KbHP/EkG8xX7Uu?= =?us-ascii?Q?supmr361Np7Qs/UW1zdD0uUYRDLiLVS7n2oX/cOeiCRpqsKXTfh5QKQfgfQW?= =?us-ascii?Q?4Nc9RqkG4D9ZbzIm9Jo0lCqY9slPZV1qfHxoZfNwZ9X0Lx0QQoyZ6wNpSt7Y?= =?us-ascii?Q?DZ2ucfhmCKNcLWveJPRe6o+w28kVR3X5vOcytUq2Dy9K84c1Bc4D2937MTmp?= =?us-ascii?Q?she3E7oRIkDo5bsMhtQ4Lys3X9EjViRmI/W9nl06B5B03ZGDJo+mkqAlg0dO?= =?us-ascii?Q?KjCnrbvwCBz46KjWb3I2fczqBBsnH+mlc87UdtbeNkj0HanCw0Wy6AnzGYdU?= =?us-ascii?Q?Qk5tePYm0lidGjKs9qUZAdrEyDYi6NR9R3V1Jo7UY6e44P3WTPMjcIuHSw0O?= =?us-ascii?Q?NRVO5r1EzvNQCf/TpGKerD6WLXiGhKE3SUtk03IBr5I+Fo+iBgDewkc9l6N3?= =?us-ascii?Q?g09JGcGXts5bqE8VOfOPzF7/CzTTUErocZZ8gksYt+1btJqPbHhjq3XG5JP5?= =?us-ascii?Q?AdDRGMLofKPzb/R7jcsildu8L3EDn1MpA94LC9IkSIFPdvL+H8xL7e4/TdVS?= =?us-ascii?Q?FAVdUqmxwKg/5v+1EDdgSD2kkx1JsTUoA0dgVfOWIE9QWLiUqFisoyptxKaE?= =?us-ascii?Q?lBtbJq0Sg5nOT3TlcJBFS+HzHf4cZQCieF1xawC4mpqhasvV/ZqDsWY1pWLD?= =?us-ascii?Q?m0RUknao58fF8trMsRK3f2tHzsaj/Qk2HwDZG1QRiK1IPEmH7nnDki2yXCuY?= =?us-ascii?Q?Weu5Z0G6MGkfsnJtQgcKOqVxgv9oUbigrS7Z3dpT/q6DDrWiH37hJVwTrhpQ?= =?us-ascii?Q?gnNfV6yFW7SV9fPs0aUGJWdVyETRUXd04D7Sp3kkJ65b6Sx4o0lB253jI676?= =?us-ascii?Q?CLH6qTqMyp+atyxTMc23cq6JaFr12VVLyy8QVZxpKw1HVcPY5ZP5zVVRuSIz?= =?us-ascii?Q?Hnfp7HlIeBRHGP2zTr4POVXDezsp4PjgR3/+37HqRAwFqcMesytDu7VVOLOr?= =?us-ascii?Q?wwzlKeRyfhPlpFvECxSZ/6RFVSHtZn/wggqKStt/nxglD25M9HCwL1ej8xpr?= =?us-ascii?Q?hMRSlH01aqIVN2OjED3UjAgqW7WdRcUKhEqJneihXmB2tf3WudtkoOAnCp+D?= =?us-ascii?Q?mBtsw=3D=3D?= X-Microsoft-Antispam-Message-Info: CnfXE0LZdcWkKTRXja0dg5jWvPM/4cbUDn7g0iLmfsW+vcSzQn+ttgdyDQK2mo4sZ8pnW2+Jon8RnJFkNnP/NlUmbzslJhoGCj0V2tD5ARxx+h2Y4H35tBd5aZw6p/qqwNzr3wNXOo404v8J1crdelwbEZIxamQZQ+uHO/4s6cd1H9da1NHo/9e1nhhoU6vI X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2452; 6:izSVyCBgFrqSa9ltgDn0oSWoplus9GbEmDJ+/y1WrBDaf8oDP8v3U6Kml9qG/8FJeMlfQeHz2lGEF5i7bQ4XBFHoKtuZlRmXdOpzNLaKjpnhmUARY0JJmpfzjjYKezZcyr0xKVEJZP1OFwNrwEasxGE1fdf1IiOCeE3se9JzsY7YEqPsbEJl6Y/ReOP+0CUPzJhqbxSF7QPn7nnqZisd1NhA0s437YhsSO59UvPR9S8CWoP5QclbsBdBzApq2AwSSYKuWzjTfKYETo43bZHLFAsfmUyxtMHufzdCZE17AAgyxncaYLUEPYTRinGgtJwZEwEvHBSyq4TBqcvaqR6g8L+/fqs/eu8r1jRCYp1JzqnSaPulDHdaaFLV5qs1pGcP7D/bwK9TzuSUGowYdqjKAwGg3BfCgNuKU5sdMfV6vapabGtbptbH3t4x6QfSsGZSC4jBmd96zunkM0gtF+beHg==; 5:CsmUY7APeJKAF8BrrTvcnoSpXFihBJrvuI7hXMQhA+8M9p0wwGXD6X8cTVCtcA/nUmWteLpGSf5z8KootP7CJbQJ6O3KBLHUb2Txz8uFl+PCspDxklxoOfJRq4vv/ZAfOw53dhN73kLy/Qmpkmy7pDksP3S7fioZz0D2Yj1FirI=; 24:DVYU8gg/SZLdoZ9EdW0FNjYzhiRhZSySh3lrxz+mJuJNO8yeXvs76HrMStTUngVksb5QqdWBM+bla4GUoxaZuruvvcjA/38uXGPcbpeXAdQ= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2452; 7:BrgXLGt4B7VAgYD3IYf6UhYj+s+IMlbLSUPrc4TzGfXMVi+A8e0BehVWKvrk/5MzYmhrUdFaqlsuzpjsrG0EbqOvEYcPovfDaeUNqn+W32bFAK7WjNgaX+2QNg2gODHJEVxDSOnUqFwf2Hy3xPiXXFOvDhOz6Vr+7NEShY61Nh4Wt+pMN3ofXIccgXxI6CbbZ37S+MTqLa5ouT1G4OUpuPWrPcuO/KsxTftps/+SPEM+5bRJGof6Z7gzkjxTH9Qi; 20:+dZdxEuNZoQK+Rd8G3H8248zjQxZbd4wv20nUHGMBNwKiAFso7XQQMxDNHPFrpIgH+4iVLf0iNwU8l9OhZMMKhj5LcDSWqfJx15EYPBM2DNa6hBTpaeAIJS6KEd24Ys64rzE1Iv6NMjFcPxCZxya9HjnakJchXBbhuVRTc3eyMpI9DfktPZMl9ZgXBvF1Zxgn54H6DbQnC8ZFxmoRbrT9OOxtmG4QcxzLjqYoI8/vDvyKPtxwO1mdNdwIxUtJugY X-MS-Office365-Filtering-Correlation-Id: bd32b439-75f2-4f8f-9186-08d5cb0e273f X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jun 2018 17:59:58.6748 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bd32b439-75f2-4f8f-9186-08d5cb0e273f X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2452 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Tue, 05 Jun 2018 18:00:08 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Tue, 05 Jun 2018 18:00:08 +0000 (UTC) for IP:'104.47.34.85' DOMAIN:'mail-by2nam01on0085.outbound.protection.outlook.com' HELO:'NAM01-BY2-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.021 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.34.85 mail-by2nam01on0085.outbound.protection.outlook.com 104.47.34.85 mail-by2nam01on0085.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.27 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Jon Grimm , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v7 6/9] qemu: add support to launch SEV guest X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 05 Jun 2018 18:00:20 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" QEMU >=3D 2.12 provides 'sev-guest' object which is used to launch encrypted VMs on AMD platform using SEV feature. The various inputs required to launch SEV guest is provided through the tag. A typical SEV guest launch command line looks like this: # $QEMU ...\ -object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D5 ...\ -machine memory-encryption=3Dsev0 \ Signed-off-by: Brijesh Singh Reviewed-by: Erik Skultety --- src/qemu/qemu_command.c | 41 ++++++++++++++++ src/qemu/qemu_process.c | 62 +++++++++++++++++++++= ++++ tests/qemuxml2argvdata/launch-security-sev.args | 29 ++++++++++++ tests/qemuxml2argvdata/launch-security-sev.xml | 37 +++++++++++++++ tests/qemuxml2argvtest.c | 4 ++ 5 files changed, 173 insertions(+) create mode 100644 tests/qemuxml2argvdata/launch-security-sev.args create mode 100644 tests/qemuxml2argvdata/launch-security-sev.xml diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2f5cf4e..142455a 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -7235,6 +7235,9 @@ qemuBuildMachineCommandLine(virCommandPtr cmd, virQEMUCapsGet(qemuCaps, QEMU_CAPS_LOADPARM)) qemuAppendLoadparmMachineParm(&buf, def); =20 + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev) + virBufferAddLit(&buf, ",memory-encryption=3Dsev0"); + virCommandAddArgBuffer(cmd, &buf); =20 ret =3D 0; @@ -9594,6 +9597,41 @@ qemuBuildTPMCommandLine(virCommandPtr cmd, return 0; } =20 +static int +qemuBuildSevCommandLine(virDomainObjPtr vm, virCommandPtr cmd, + virDomainSevDefPtr sev) +{ + virBuffer obj =3D VIR_BUFFER_INITIALIZER; + qemuDomainObjPrivatePtr priv =3D vm->privateData; + char *path =3D NULL; + + if (!sev) + return 0; + + VIR_DEBUG("policy=3D0x%x cbitpos=3D%d reduced_phys_bits=3D%d", + sev->policy, sev->cbitpos, sev->reduced_phys_bits); + + virBufferAsprintf(&obj, "sev-guest,id=3Dsev0,cbitpos=3D%d", sev->cbitp= os); + virBufferAsprintf(&obj, ",reduced-phys-bits=3D%d", sev->reduced_phys_b= its); + virBufferAsprintf(&obj, ",policy=3D0x%x", sev->policy); + + if (sev->dh_cert) { + if (virAsprintf(&path, "%s/dh_cert.base64", priv->libDir) < 0) + return -1; + virBufferAsprintf(&obj, ",dh-cert-file=3D%s", path); + VIR_FREE(path); + } + + if (sev->session) { + if (virAsprintf(&path, "%s/session.base64", priv->libDir) < 0) + return -1; + virBufferAsprintf(&obj, ",session-file=3D%s", path); + VIR_FREE(path); + } + + virCommandAddArgList(cmd, "-object", virBufferContentAndReset(&obj), N= ULL); + return 0; +} =20 static int qemuBuildVMCoreInfoCommandLine(virCommandPtr cmd, @@ -10188,6 +10226,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildVMCoreInfoCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 + if (qemuBuildSevCommandLine(vm, cmd, def->sev) < 0) + goto error; + if (snapshot) virCommandAddArgList(cmd, "-loadvm", snapshot->def->name, NULL); =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 3e97971..c624d63 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -5818,6 +5818,65 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver, =20 =20 static int +qemuBuildSevCreateFile(const char *configDir, + const char *name, + const char *data) +{ + char *configFile; + + if (!(configFile =3D virFileBuildPath(configDir, name, ".base64"))) + return -1; + + if (virFileRewriteStr(configFile, S_IRUSR | S_IWUSR, data) < 0) { + virReportSystemError(errno, _("failed to write data to config '%s'= "), + configFile); + goto error; + } + + VIR_FREE(configFile); + return 0; + + error: + VIR_FREE(configFile); + return -1; +} + + +static int +qemuProcessPrepareSevGuestInput(virDomainObjPtr vm) +{ + qemuDomainObjPrivatePtr priv =3D vm->privateData; + virDomainDefPtr def =3D vm->def; + virQEMUCapsPtr qemuCaps =3D priv->qemuCaps; + virDomainSevDefPtr sev =3D def->sev; + + if (!sev) + return 0; + + VIR_DEBUG("Prepare SEV guest"); + + if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Domain %s asked for 'sev' launch but this " + "QEMU does not support SEV feature"), vm->def->n= ame); + return -1; + } + + if (sev->dh_cert) { + if (qemuBuildSevCreateFile(priv->libDir, "dh_cert", sev->dh_cert) = < 0) + return -1; + } + + if (sev->session) { + if (qemuBuildSevCreateFile(priv->libDir, "session", sev->session) = < 0) + return -1; + } + + return 0; +} + + +static int qemuProcessPrepareHostStorage(virQEMUDriverPtr driver, virDomainObjPtr vm, unsigned int flags) @@ -5975,6 +6034,9 @@ qemuProcessPrepareHost(virQEMUDriverPtr driver, if (qemuProcessPrepareHostStorage(driver, vm, flags) < 0) goto cleanup; =20 + if (qemuProcessPrepareSevGuestInput(vm) < 0) + goto cleanup; + ret =3D 0; cleanup: virObjectUnref(cfg); diff --git a/tests/qemuxml2argvdata/launch-security-sev.args b/tests/qemuxm= l2argvdata/launch-security-sev.args new file mode 100644 index 0000000..db0be1a --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev.args @@ -0,0 +1,29 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name QEMUGuest1 \ +-S \ +-machine pc-1.0,accel=3Dkvm,usb=3Doff,dump-guest-core=3Doff,memory-encrypt= ion=3Dsev0 \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest1/moni= tor.sock,\ +server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-no-acpi \ +-boot c \ +-usb \ +-drive file=3D/dev/HostVG/QEMUGuest1,format=3Draw,if=3Dnone,id=3Ddrive-ide= 0-0-0 \ +-device ide-drive,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-= 0 \ +-object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D1,policy=3D0x= 1,\ +dh-cert-file=3D/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\ +session-file=3D/tmp/lib/domain--1-QEMUGuest1/session.base64 diff --git a/tests/qemuxml2argvdata/launch-security-sev.xml b/tests/qemuxml= 2argvdata/launch-security-sev.xml new file mode 100644 index 0000000..5ae83f6 --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev.xml @@ -0,0 +1,37 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + +
+ + + + + + + + + + 47 + 1 + 0x0001 + AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA + IHAVENOIDEABUTJUSTPROVIDINGASTRING + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 36bff26..b4cf47f 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -2857,6 +2857,10 @@ mymain(void) DO_TEST_CAPS_LATEST("vhost-vsock"); DO_TEST_CAPS_LATEST("vhost-vsock-auto"); =20 + DO_TEST("launch-security-sev", + QEMU_CAPS_KVM, + QEMU_CAPS_SEV_GUEST); + if (getenv("LIBVIRT_SKIP_CLEANUP") =3D=3D NULL) virFileDeleteTree(fakerootdir); =20 --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list