On 03/12/2018 08:31 AM, Daniel P. Berrangé wrote:
On Thu, Mar 08, 2018 at 11:12:00AM -0600, Brijesh Singh wrote:
QEMU version >= 2.12 provides support for launching an encrypted VMs on AMD x86 platform using Secure Encrypted Virtualization (SEV) feature. This patch adds support to query the SEV capability from the qemu.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- src/conf/domain_capabilities.h | 13 ++++++++ src/qemu/qemu_capabilities.c | 43 +++++++++++++++++++++++++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_capspriv.h | 4 +++ src/qemu/qemu_monitor.c | 9 ++++++ src/qemu/qemu_monitor.h | 3 ++ src/qemu/qemu_monitor_json.c | 73 ++++++++++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 3 ++ 8 files changed, 149 insertions(+)
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index fa4c1e442f57..83d04d4c8506 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -137,6 +137,19 @@ struct _virDomainCapsCPU { virDomainCapsCPUModelsPtr custom; };
+/* + * SEV capabilities + */ +typedef struct _virSEVCapability virSEVCapability; +typedef virSEVCapability *virSEVCapabilityPtr; +struct _virSEVCapability { + char *pdh; + char *cert_chain; + int cbitpos; + int reduced_phys_bits;
If you have any reason to re-spin this patch series, lets make these two be unsigned int, since IIUC -ve values are not possible.
Will make the changes in next rev.
+ /* no way to query -object sev-guest */ + if (ARCH_IS_X86(qemuCaps->arch) && + qemuCaps->version >= 2012000) { + virQEMUCapsSet(qemuCaps, QEMU_CAPS_SEV); + }
Sigh, we really need to fix introspection of -object types one day...
I will take Peter's suggestion and look at -secret object and see how its probed and will do similar thing for sev-guest. Thanks