[PATCH v5 10/11] qemu: Use common id lsec0 for launchSecurity

Friday, 16 July 2021

Use the common id 'lsec0' for all launchSecurity types in the QEMU
command line construction.

Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com&gt;
---
 src/qemu/qemu_command.c                                | 10 +++++-----
 .../launch-security-s390-pv.s390x-latest.args          |  4 ++--
 ...curity-sev-missing-platform-info.x86_64-2.12.0.args |  4 ++--
 .../launch-security-sev.x86_64-2.12.0.args             |  4 ++--
 .../launch-security-sev.x86_64-6.0.0.args              |  4 ++--
 5 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 513bd52a6c..db78deb122 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6971,13 +6971,13 @@ qemuBuildMachineCommandLine(virCommand *cmd,
         switch ((virDomainLaunchSecurity) def->sec->sectype) {
         case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
             if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT)) {
-                virBufferAddLit(&buf, ",confidential-guest-support=sev0");
+                virBufferAddLit(&buf,
",confidential-guest-support=lsec0");
             } else {
-                virBufferAddLit(&buf, ",memory-encryption=sev0");
+                virBufferAddLit(&buf, ",memory-encryption=lsec0");
             }
             break;
         case VIR_DOMAIN_LAUNCH_SECURITY_PV:
-            virBufferAddLit(&buf, ",confidential-guest-support=pv0");
+            virBufferAddLit(&buf, ",confidential-guest-support=lsec0");
             break;
         case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
             break;
@@ -9859,7 +9859,7 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
     if (sev->session)
         sessionpath = g_strdup_printf("%s/session.base64", priv->libDir);
 
-    if (qemuMonitorCreateObjectProps(&props, "sev-guest",
"sev0",
+    if (qemuMonitorCreateObjectProps(&props, "sev-guest",
"lsec0",
                                      "u:cbitpos", sev->cbitpos,
                                      "u:reduced-phys-bits",
sev->reduced_phys_bits,
                                      "u:policy", sev->policy,
@@ -9884,7 +9884,7 @@ qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd)
     g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
     qemuDomainObjPrivate *priv = vm->privateData;
 
-    if (qemuMonitorCreateObjectProps(&props, "s390-pv-guest",
"pv0",
+    if (qemuMonitorCreateObjectProps(&props, "s390-pv-guest",
"lsec0",
                                      NULL) < 0)
         return -1;
 
diff --git a/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
b/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
index c9d9b84dd3..cb0dac0149 100644
--- a/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
+++ b/tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
@@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
 -name guest=QEMUGuest1,debug-threads=on \
 -S \
 -object
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}'
\
--machine
s390-ccw-virtio,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=pv0,memory-backend=s390.ram
\
+-machine
s390-ccw-virtio,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=lsec0,memory-backend=s390.ram
\
 -cpu
gen15a-base,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apqi=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on,cmm=on
\
 -m 214 \
 -object
'{"qom-type":"memory-backend-ram","id":"s390.ram","size":224395264}'
\
@@ -30,6 +30,6 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
 -device virtio-blk-ccw,devno=fe.0.0000,drive=libvirt-1-format,id=virtio-disk0,bootindex=1
\
 -audiodev id=audio1,driver=none \
 -device virtio-balloon-ccw,id=balloon0,devno=fe.0.0001 \
--object
'{"qom-type":"s390-pv-guest","id":"pv0"}'
\
+-object
'{"qom-type":"s390-pv-guest","id":"lsec0"}'
\
 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
 -msg timestamp=on
diff --git
a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args
b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args
index 4e281e2e59..daa271c35c 100644
--- a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args
+++ b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args
@@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \
 -name guest=QEMUGuest1,debug-threads=on \
 -S \
 -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes
\
--machine pc-1.0,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=sev0 \
+-machine pc-1.0,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=lsec0 \
 -m 214 \
 -realtime mlock=off \
 -smp 1,sockets=1,cores=1,threads=1 \
@@ -28,6 +28,6 @@ QEMU_AUDIO_DRV=none \
 -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
 -drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
--object
sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=1,dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64
\
+-object
sev-guest,id=lsec0,cbitpos=47,reduced-phys-bits=1,policy=1,dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64
\
 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
 -msg timestamp=on
diff --git a/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
b/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
index 40f79d377b..818d29be9f 100644
--- a/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
+++ b/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
@@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \
 -name guest=QEMUGuest1,debug-threads=on \
 -S \
 -object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes
\
--machine pc-i440fx-2.12,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=sev0 \
+-machine pc-i440fx-2.12,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=lsec0 \
 -m 214 \
 -realtime mlock=off \
 -smp 1,sockets=1,cores=1,threads=1 \
@@ -28,6 +28,6 @@ QEMU_AUDIO_DRV=none \
 -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
 -drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
--object
sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=1,dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64
\
+-object
sev-guest,id=lsec0,cbitpos=47,reduced-phys-bits=1,policy=1,dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64
\
 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
 -msg timestamp=on
diff --git a/tests/qemuxml2argvdata/launch-security-sev.x86_64-6.0.0.args
b/tests/qemuxml2argvdata/launch-security-sev.x86_64-6.0.0.args
index f3330719dd..f2bb147a14 100644
--- a/tests/qemuxml2argvdata/launch-security-sev.x86_64-6.0.0.args
+++ b/tests/qemuxml2argvdata/launch-security-sev.x86_64-6.0.0.args
@@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
 -name guest=QEMUGuest1,debug-threads=on \
 -S \
 -object
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}'
\
--machine
pc-i440fx-6.0,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=sev0,memory-backend=pc.ram
\
+-machine
pc-i440fx-6.0,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=lsec0,memory-backend=pc.ram
\
 -cpu qemu64 \
 -m 214 \
 -object
'{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}'
\
@@ -31,6 +31,6 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
 -blockdev
'{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}'
\
 -device ide-hd,bus=ide.0,unit=0,drive=libvirt-1-format,id=ide0-0-0,bootindex=1 \
 -audiodev id=audio1,driver=none \
--object
'{"qom-type":"sev-guest","id":"sev0","cbitpos":47,"reduced-phys-bits":1,"policy":1,"dh-cert-file":"/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64","session-file":"/tmp/lib/domain--1-QEMUGuest1/session.base64"}'
\
+-object
'{"qom-type":"sev-guest","id":"lsec0","cbitpos":47,"reduced-phys-bits":1,"policy":1,"dh-cert-file":"/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64","session-file":"/tmp/lib/domain--1-QEMUGuest1/session.base64"}'
\
 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
 -msg timestamp=on
-- 
2.31.1


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH v5 10/11] qemu: Use common id lsec0 for launchSecurity