On Tue, Dec 14, 2021 at 16:07:06 +0000, Daniel P. Berrangé wrote:
Set the kernel-hashes property on the sev-guest object if the config asked for it explicitly. While QEMU machine types currently default to having this setting off, it is not guaranteed to remain this way.
We can't assume that the QEMU capabilities were generated on an AMD host with SEV, so we must force set the QEMU_CAPS_SEV_GUEST. This also means that the 'sev' info in the qemuCaps struct might be NULL, but this is harmless from POV of testing the CLI generator.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/qemu/qemu_capabilities.c | 5 +++ src/qemu/qemu_command.c | 1 + src/qemu/qemu_validate.c | 7 ++++ ...nch-security-sev-direct.x86_64-latest.args | 40 +++++++++++++++++++ .../launch-security-sev-direct.xml | 39 ++++++++++++++++++ tests/qemuxml2argvtest.c | 5 +++ tests/testutilsqemu.c | 15 ++++---
Please split out the testutils change to a separate commit, you can use my R-b for that without posting to the list.
7 files changed, 107 insertions(+), 5 deletions(-) create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.xml
Reviewed-by: Peter Krempa <pkrempa@redhat.com>