On Thu, Jun 20, 2024 at 01:22:48PM +0200, Michal Privoznik wrote:
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_driver.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index fc1704f4fc..3a76df8ddb 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -19185,9 +19185,10 @@ qemuDomainSetLaunchSecurityState(virDomainPtr domain,
/* Currently only SEV is supported */ if (!vm->def->sec || - vm->def->sec->sectype != VIR_DOMAIN_LAUNCH_SECURITY_SEV) { + (vm->def->sec->sectype != VIR_DOMAIN_LAUNCH_SECURITY_SEV && + vm->def->sec->sectype != VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP)) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", - _("setting a launch secret is only supported in SEV-enabled domains")); + _("setting a launch secret is only supported in SEV/SEV-SNP enabled domains")); goto cleanup; }
I've not tested to be 100% sure, but I'm thinking this method is not supportable on SNP. Its use case is related to host initiated attestation workflow, where you inject a secret after attesting. Conceptually this workflow isn't relevant for SNP with guest initiated attestation workflows. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|