Add support for enabling Secure Encrypted Virtualization in the GUI
Charles Arnold
carnold at suse.com
Fri Apr 1 18:13:17 UTC 2022
From d700e8cee7cd525c0022b5a9a440f64c4ab149f0 Mon Sep 17 00:00:00 2001
From: Charles Arnold <carnold at suse.com>
Date: Fri, 1 Apr 2022 12:01:21 -0600
Subject: [PATCH 1/1] Add support for enabling Secure Encrypted
Virtualization
in the GUI
Add an "Enable Launch Security" checkbox on the Details memory tab.
Do the minimal configuration required for libvirt to enable this feature
on compatible hardware.
Signed-off-by: Charles Arnold <carnold at suse.com>
---
ui/details.ui | 15 ++++++++++++++-
virtManager/details/details.py | 15 ++++++++++++++-
virtManager/object/domain.py | 14 +++++++++++++-
virtinst/domain/memorybacking.py | 3 +++
4 files changed, 44 insertions(+), 3 deletions(-)
diff --git a/ui/details.ui b/ui/details.ui
index 10b30824..6acf72c6 100644
--- a/ui/details.ui
+++ b/ui/details.ui
@@ -1925,7 +1925,20 @@
</packing>
</child>
<child>
- <placeholder/>
+ <object class="GtkCheckButton"
id="launch-security">
+ <property name="label"
translatable="yes">Enable Launch Security</property>
+ <property
name="visible">True</property>
+ <property
name="can-focus">True</property>
+ <property
name="receives-default">False</property>
+ <property
name="halign">start</property>
+ <property
name="use-underline">True</property>
+ <property
name="draw-indicator">True</property>
+ <signal name="toggled"
handler="on_mem_launch_security_toggled" swapped="no"/>
+ </object>
+ <packing>
+ <property
name="left-attach">1</property>
+ <property
name="top-attach">4</property>
+ </packing>
</child>
</object>
<packing>
diff --git a/virtManager/details/details.py b/virtManager/details/details.py
index 24810f0f..c22a10fb 100644
--- a/virtManager/details/details.py
+++ b/virtManager/details/details.py
@@ -47,6 +47,7 @@ from ..delete import vmmDeleteStorage
EDIT_MEM,
EDIT_MEM_SHARED,
+ EDIT_MEM_SEV,
EDIT_AUTOSTART,
EDIT_BOOTORDER,
@@ -84,7 +85,7 @@ from ..delete import vmmDeleteStorage
EDIT_FS,
- EDIT_HOSTDEV_ROMBAR) = range(1, 38)
+ EDIT_HOSTDEV_ROMBAR) = range(1, 39)
# Columns in hw list model
@@ -437,6 +438,7 @@ class vmmDetails(vmmGObjectUI):
"on_mem_maxmem_changed": _e(EDIT_MEM),
"on_mem_memory_changed": self._curmem_changed_cb,
"on_mem_shared_access_toggled": _e(EDIT_MEM_SHARED),
+ "on_mem_launch_security_toggled": _e(EDIT_MEM_SEV),
"on_boot_list_changed": self._boot_list_changed_cb,
"on_boot_moveup_clicked": self._boot_moveup_clicked_cb,
@@ -1467,6 +1469,9 @@ class vmmDetails(vmmGObjectUI):
if self._edited(EDIT_MEM_SHARED):
kwargs["mem_shared"] =
self.widget("shared-memory").get_active()
+ if self._edited(EDIT_MEM_SEV):
+ kwargs["sevmem"] = self.widget("launch-security").get_active()
+
return self._change_config(
self.vm.define_memory, kwargs,
hotplug_args=hotplug_args)
@@ -1972,6 +1977,14 @@ class vmmDetails(vmmGObjectUI):
curmem.set_value(int(round(vm_cur_mem)))
maxmem.set_value(int(round(vm_max_mem)))
+ domcaps = self.vm.get_domain_capabilities()
+ show_sev = domcaps.supports_sev_launch_security()
+ self.widget("launch-security").set_sensitive(show_sev)
+ if self.vm.get_launch_security_type():
+ self.widget("launch-security").set_active(True)
+ else:
+ self.widget("launch-security").set_active(False)
+
shared_mem, shared_mem_err = self.vm.has_shared_mem()
self.widget("shared-memory").set_active(shared_mem)
self.widget("shared-memory").set_sensitive(not
bool(shared_mem_err))
diff --git a/virtManager/object/domain.py b/virtManager/object/domain.py
index 70e4e49f..feb43bd2 100644
--- a/virtManager/object/domain.py
+++ b/virtManager/object/domain.py
@@ -688,7 +688,7 @@ class vmmDomain(vmmLibvirtObject):
guest.memoryBacking.access_mode = access_mode
def define_memory(self, memory=_SENTINEL, maxmem=_SENTINEL,
- mem_shared=_SENTINEL):
+ mem_shared=_SENTINEL, sevmem=_SENTINEL):
guest = self._make_xmlobj_to_define()
if memory != _SENTINEL:
@@ -697,6 +697,15 @@ class vmmDomain(vmmLibvirtObject):
guest.memory = int(maxmem)
if mem_shared != _SENTINEL:
self._edit_shared_mem(guest, mem_shared)
+ if sevmem != _SENTINEL:
+ if sevmem is True:
+ guest.launchSecurity.type = "sev"
+ guest.launchSecurity.set_defaults(guest)
+ guest.memoryBacking.set_locked(True)
+ else:
+ guest.launchSecurity.type = None
+ guest.launchSecurity.policy = None
+ guest.memoryBacking.set_locked(False)
self._redefine_xmlobj(guest)
@@ -1310,6 +1319,9 @@ class vmmDomain(vmmLibvirtObject):
def get_description(self):
return self.get_xmlobj().description
+ def get_launch_security_type(self):
+ return self.get_xmlobj().launchSecurity.type
+
def get_boot_order(self):
legacy = not self.can_use_device_boot_order()
return self.xmlobj.get_boot_order(legacy=legacy)
diff --git a/virtinst/domain/memorybacking.py
b/virtinst/domain/memorybacking.py
index c883c57d..4ddd3865 100644
--- a/virtinst/domain/memorybacking.py
+++ b/virtinst/domain/memorybacking.py
@@ -27,6 +27,9 @@ class DomainMemoryBacking(XMLBuilder):
XML_NAME = "memoryBacking"
_XML_PROP_ORDER = ["hugepages", "nosharepages", "locked", "pages"]
+ def set_locked(self, value):
+ self.locked = value
+
hugepages = XMLProperty("./hugepages", is_bool=True)
nosharepages = XMLProperty("./nosharepages", is_bool=True)
locked = XMLProperty("./locked", is_bool=True)
--
2.31.1
More information about the virt-tools-list
mailing list