If a user tries to pass the optional "dhCert" or
"session" data to the SEV
firmware, these are in form of a base64-encoded strings which libvirt then
takes and creates files with those strings as content under
/var/lib/libvirt/qemu/<domain>. Libvirt then puts paths to these files on to
QEMU cmdline. QEMU then uses these files within its communication with SEV
firmware, provided it has access to those files.
https://bugzilla.redhat.com/show_bug.cgi?id=1658112
Erik Skultety (2):
qemu: process: SEV: Assume libDir to be the directory to create files
in
qemu: process: SEV: Relabel guest owner's SEV files created before
start
src/qemu/qemu_process.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)