[PATCH v5 10/11] qemu: Use common id lsec0 for launchSecurity
Boris Fiuczynski
fiuczy at linux.ibm.com
Fri Jul 16 09:44:34 UTC 2021
Use the common id 'lsec0' for all launchSecurity types in the QEMU
command line construction.
Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
---
src/qemu/qemu_command.c | 10 +++++-----
.../launch-security-s390-pv.s390x-latest.args | 4 ++--
...curity-sev-missing-platform-info.x86_64-2.12.0.args | 4 ++--
.../launch-security-sev.x86_64-2.12.0.args | 4 ++--
.../launch-security-sev.x86_64-6.0.0.args | 4 ++--
5 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 513bd52a6c..db78deb122 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6971,13 +6971,13 @@ qemuBuildMachineCommandLine(virCommand *cmd,
switch ((virDomainLaunchSecurity) def->sec->sectype) {
case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT)) {
- virBufferAddLit(&buf, ",confidential-guest-support=sev0");
+ virBufferAddLit(&buf, ",confidential-guest-support=lsec0");
} else {
- virBufferAddLit(&buf, ",memory-encryption=sev0");
+ virBufferAddLit(&buf, ",memory-encryption=lsec0");
}
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
- virBufferAddLit(&buf, ",confidential-guest-support=pv0");
+ virBufferAddLit(&buf, ",confidential-guest-support=lsec0");
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
break;
@@ -9859,7 +9859,7 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
if (sev->session)
sessionpath = g_strdup_printf("%s/session.base64", priv->libDir);
- if (qemuMonitorCreateObjectProps(&props, "sev-guest", "sev0",
+ if (qemuMonitorCreateObjectProps(&props, "sev-guest", "lsec0",
"u:cbitpos", sev->cbitpos,
"u:reduced-phys-bits", sev->reduced_phys_bits,
"u:policy", sev->policy,
@@ -9884,7 +9884,7 @@ qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd)
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
qemuDomainObjPrivate *priv = vm->privateData;
- if (qemuMonitorCreateObjectProps(&props, "s390-pv-guest", "pv0",
+ if (qemuMonitorCreateObjectProps(&props, "s390-pv-guest", "lsec0",
NULL) < 0)
return -1;
diff --git a/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args b/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
index c9d9b84dd3..cb0dac0149 100644
--- a/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
+++ b/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
@@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \
--machine s390-ccw-virtio,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=pv0,memory-backend=s390.ram \
+-machine s390-ccw-virtio,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=lsec0,memory-backend=s390.ram \
-cpu gen15a-base,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apqi=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on,cmm=on \
-m 214 \
-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":224395264}' \
@@ -30,6 +30,6 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-device virtio-blk-ccw,devno=fe.0.0000,drive=libvirt-1-format,id=virtio-disk0,bootindex=1 \
-audiodev id=audio1,driver=none \
-device virtio-balloon-ccw,id=balloon0,devno=fe.0.0001 \
--object '{"qom-type":"s390-pv-guest","id":"pv0"}' \
+-object '{"qom-type":"s390-pv-guest","id":"lsec0"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args
index 4e281e2e59..daa271c35c 100644
--- a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args
+++ b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args
@@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
--machine pc-1.0,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=sev0 \
+-machine pc-1.0,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=lsec0 \
-m 214 \
-realtime mlock=off \
-smp 1,sockets=1,cores=1,threads=1 \
@@ -28,6 +28,6 @@ QEMU_AUDIO_DRV=none \
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
--object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=1,dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \
+-object sev-guest,id=lsec0,cbitpos=47,reduced-phys-bits=1,policy=1,dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args b/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
index 40f79d377b..818d29be9f 100644
--- a/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
+++ b/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
@@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
--machine pc-i440fx-2.12,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=sev0 \
+-machine pc-i440fx-2.12,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=lsec0 \
-m 214 \
-realtime mlock=off \
-smp 1,sockets=1,cores=1,threads=1 \
@@ -28,6 +28,6 @@ QEMU_AUDIO_DRV=none \
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
--object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=1,dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \
+-object sev-guest,id=lsec0,cbitpos=47,reduced-phys-bits=1,policy=1,dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/launch-security-sev.x86_64-6.0.0.args b/tests/qemuxml2argvdata/launch-security-sev.x86_64-6.0.0.args
index f3330719dd..f2bb147a14 100644
--- a/tests/qemuxml2argvdata/launch-security-sev.x86_64-6.0.0.args
+++ b/tests/qemuxml2argvdata/launch-security-sev.x86_64-6.0.0.args
@@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \
--machine pc-i440fx-6.0,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=sev0,memory-backend=pc.ram \
+-machine pc-i440fx-6.0,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=lsec0,memory-backend=pc.ram \
-cpu qemu64 \
-m 214 \
-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
@@ -31,6 +31,6 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
-device ide-hd,bus=ide.0,unit=0,drive=libvirt-1-format,id=ide0-0-0,bootindex=1 \
-audiodev id=audio1,driver=none \
--object '{"qom-type":"sev-guest","id":"sev0","cbitpos":47,"reduced-phys-bits":1,"policy":1,"dh-cert-file":"/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64","session-file":"/tmp/lib/domain--1-QEMUGuest1/session.base64"}' \
+-object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":47,"reduced-phys-bits":1,"policy":1,"dh-cert-file":"/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64","session-file":"/tmp/lib/domain--1-QEMUGuest1/session.base64"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
--
2.31.1
More information about the libvir-list
mailing list