[libvirt] [PATCH v8 06/11] conf: introduce launch-security element in domain
Erik Skultety
eskultet at redhat.com
Thu Jun 7 16:41:29 UTC 2018
On Wed, Jun 06, 2018 at 12:50:12PM -0500, Brijesh Singh wrote:
> The launch-security element can be used to define the security
> model to use when launching a domain. Currently we support 'sev'.
>
> When 'sev' is used, the VM will be launched with AMD SEV feature enabled.
> SEV feature supports running encrypted VM under the control of KVM.
> Encrypted VMs have their pages (code and data) secured such that only the
> guest itself has access to the unencrypted version. Each encrypted VM is
> associated with a unique encryption key; if its data is accessed to a
> different entity using a different key the encrypted guests data will be
> incorrectly decrypted, leading to unintelligible data.
>
> Signed-off-by: Brijesh Singh <brijesh.singh at amd.com>
> ---
> docs/formatdomain.html.in | 115 ++++++++++++++++++
> docs/schemas/domaincommon.rng | 37 ++++++
> src/conf/domain_conf.c | 133 +++++++++++++++++++++
> src/conf/domain_conf.h | 27 +++++
> tests/genericxml2xmlindata/launch-security-sev.xml | 24 ++++
> tests/genericxml2xmltest.c | 2 +
> 6 files changed, 338 insertions(+)
> create mode 100644 tests/genericxml2xmlindata/launch-security-sev.xml
There were a few minor alignment issues, please squash in the diff below, with
that:
Reviewed-by: Erik Skultety <eskultet at redhat.com>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 05b3ffa689..051c54a609 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -15868,25 +15868,25 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
def->sectype = virDomainLaunchSecurityTypeFromString(type);
switch ((virDomainLaunchSecurity) def->sectype) {
- case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
- break;
- case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
- case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
- default:
- virReportError(VIR_ERR_XML_ERROR,
- _("unsupported launch-security type '%s'"),
- type);
- goto error;
+ case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
+ break;
+ case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+ case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+ default:
+ virReportError(VIR_ERR_XML_ERROR,
+ _("unsupported launch-security type '%s'"),
+ type);
+ goto error;
}
if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) {
virReportError(VIR_ERR_XML_ERROR, "%s",
- _("failed to get launch-security cbitpos"));
+ _("failed to get launch-security cbitpos"));
goto error;
}
if (virXPathUInt("string(./reduced-phys-bits)", ctxt,
- &def->reduced_phys_bits) < 0) {
+ &def->reduced_phys_bits) < 0) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("failed to get launch-security reduced-phys-bits"));
goto error;
@@ -15894,7 +15894,7 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) {
virReportError(VIR_ERR_XML_ERROR, "%s",
- _("failed to get launch-security policy"));
+ _("failed to get launch-security policy"));
goto error;
}
More information about the libvir-list
mailing list