[libvirt] [PATCH v8 08/11] qemu: add support to launch SEV guest
Ján Tomko
jtomko at redhat.com
Thu Jun 7 17:53:45 UTC 2018
On Wed, Jun 06, 2018 at 12:50:14PM -0500, Brijesh Singh wrote:
>QEMU >= 2.12 provides 'sev-guest' object which is used to launch encrypted
>VMs on AMD platform using SEV feature. The various inputs required to
>launch SEV guest is provided through the <launch-security> tag. A typical
>SEV guest launch command line looks like this:
>
># $QEMU ...\
> -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 ...\
> -machine memory-encryption=sev0 \
>
>Signed-off-by: Brijesh Singh <brijesh.singh at amd.com>
>Reviewed-by: Erik Skultety <eskultet at redhat.com>
>---
> src/qemu/qemu_command.c | 41 ++++++++++++++++
> src/qemu/qemu_process.c | 62 +++++++++++++++++++++++++
> tests/qemuxml2argvdata/launch-security-sev.args | 29 ++++++++++++
> tests/qemuxml2argvdata/launch-security-sev.xml | 37 +++++++++++++++
> tests/qemuxml2argvtest.c | 4 ++
> 5 files changed, 173 insertions(+)
> create mode 100644 tests/qemuxml2argvdata/launch-security-sev.args
> create mode 100644 tests/qemuxml2argvdata/launch-security-sev.xml
>
>diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
>index 1324c67..6ffdf63 100644
>--- a/src/qemu/qemu_command.c
>+++ b/src/qemu/qemu_command.c
>@@ -7295,6 +7295,9 @@ qemuBuildMachineCommandLine(virCommandPtr cmd,
> virQEMUCapsGet(qemuCaps, QEMU_CAPS_LOADPARM))
> qemuAppendLoadparmMachineParm(&buf, def);
>
>+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev)
No need to check the capability again, it was checked while preparing
the host.
And a handy diff, per the custom in this thread:
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index cb6afd8c1c..8a71db9d2c 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7295,7 +7295,7 @@ qemuBuildMachineCommandLine(virCommandPtr cmd,
virQEMUCapsGet(qemuCaps, QEMU_CAPS_LOADPARM))
qemuAppendLoadparmMachineParm(&buf, def);
- if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev)
+ if (def->sev)
virBufferAddLit(&buf, ",memory-encryption=sev0");
virCommandAddArgBuffer(cmd, &buf);
Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180607/b18b7ffb/attachment-0001.sig>
More information about the libvir-list
mailing list