Qeustion about how to use domsetlaunchsecstate command correctly.

贺培轩 hnythyq at gmail.com
Fri Oct 14 03:11:08 UTC 2022

      I'm new to libvirt. I have tried to launch a sev vm with secret
injection recently, and I found the command domsetlaunchsecstate is what I
need. But I had some problem to make it work. Here is what I did to use
this command.
1. run command: virsh create sev-guest.xml
2. create secret header file and secret file.
3. run command: virsh domsetlaunchsecstate sev-guest-1
--secrethdr <hdr-filename> --secret <secret-filename> .
But it will report this error: SEV: not in correct state.
I think it is because the vm is not in a paused state. So how can I launch
a sev vm which is in a paused state? How should I revise my xml file?

The sev-guest.xml I use is as follows:
 <domain type="kvm">
<libosinfo:libosinfo xmlns:libosinfo="
<libosinfo:os id="http://ubuntu.com/ubuntu/16.04"/>
<cpu mode='custom' match='exact' check='partial'>
<model fallback='forbid'>EPYC</model>
<type arch="x86_64" machine="q35">hvm</type>
<loader readonly="yes" type="pflash">/data01/OVMF.fd</loader>
<boot dev="hd"/>
<clock offset="utc">
<timer name="rtc" tickpolicy="catchup"/>
<timer name="pit" tickpolicy="delay"/>
<timer name="hpet" present="no"/>
<suspend-to-mem enabled="no"/>
<suspend-to-disk enabled="no"/>
<disk type="file" device="disk">
<driver name="qemu" type="qcow2"/>
<source file="/data01/AMDSEV/sev-guest-1.qcow2"/>
<target dev="sda" bus="scsi"/>
<controller type="scsi" index="0" model="virtio-scsi">
<driver iommu="on"/>
<controller type="virtio-serial" index="0">
<driver iommu="on"/>
<controller type="usb" index="0" model="ich9-ehci1"/>
<controller type="usb" index="0" model="ich9-uhci1">
<master startport="0"/>
<controller type="usb" index="0" model="ich9-uhci2">
<master startport="2"/>
<controller type="usb" index="0" model="ich9-uhci3">
<master startport="4"/>
<controller type='pci' index='1' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='1' port='0x8'/>
<alias name='pci.1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'
<controller type='pci' index='2' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='2' port='0x9'/>
<alias name='pci.2'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
<controller type='pci' index='3' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='3' port='0xa'/>
<alias name='pci.3'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
<controller type='pci' index='4' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='4' port='0xb'/>
<alias name='pci.4'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
<console type="pty"/>
<input type="tablet" bus="usb"/>
<graphics type="vnc" port="-1" listen=""/>
<model type="vga"/>
<address type='pci' slot='0x07'/>
<memballoon model="virtio">
<driver iommu="on"/>
<launchSecurity type="sev">

Thank you in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20221014/476e946a/attachment.htm>

More information about the libvirt-users mailing list