[libvirt] [PATCH v5 05/10] qemu: add support to launch SEV guest
Brijesh Singh
brijesh.singh at amd.com
Thu Apr 5 14:47:16 UTC 2018
On 04/04/2018 09:22 AM, John Ferlan wrote:
>
> I understand - your other option is to make required. This is one of
> those cases where there is a gray area with respect to libvirt picking
> some default or policy that we generally prefer to avoid.
>
I think now I am more inclined towards making it required from libvirt
-- this matches with SEV spec.
> As noted before/elsewhere - what happens when the default changes...
>
Theoretically speaking, change in default policy should not cause any
issue when creating the guest. But the policy change can limit us what a
hypervisor can do after the boots, e.g disable or disable debug,
migration or save/restore etc.
On side note, I will be going on 4 weeks of paternity leave starting
next week and will submit the series after I am back from leave.
>>>> + }
>>> Check out storageBackendCreateQemuImgSecretPath which just goes straight
>>> to safewrite when writing to the file or qemuDomainWriteMasterKeyFile
>>> which is a similar w/r/t a single key file for the domain.
>>>
>>> The one thing to think about being the privileges for the file being
>>> created and written and the expectations for QEMU's usage. I think this
>>> is more like the storage secret code, but I could be wrong!
>>
>> The data is public in this case, we do not need to protect it with
>> secret. Hence I am keeping all this certificate keys in unsecure place.
>
> It wasn't so much the public keys as it was me (more or less) thinking
> out loud about the protections on the file that you're "temporarily"
> creating and using to pass the keys.
>
> I noted two other areas which libvirt does something similarly - one is
> the master public key file for decrypting the AES secrets for
> libvirt/qemu secret manipulation. The second is the "temporary" file we
> create in the storage driver to handle the luks encryption password for
> create/resize of a luks encrypted file when using qemu-img. Now that is
> slightly different than using a temporary file for the emulator binary.
>
> In any case, since you're creating in libDir it's probably OK as is, but
> I know when reading files libvirt creates which qemu will use there have
> been issues in the past - I always have to refresh my memory what those
> issues are though.
>
IIRC, Daniel recommended to use libDir in previous reviews, if its not a
big deal then we lets use libDir in initial patches and if need arises
then we can revisit it later.
thanks for all your feedback.
More information about the libvir-list
mailing list