Re: [libvirt] [PATCH v2 3/4] libvirt: qemu: enable/disable protected key management ops

From: Tony Krowiak <aekrowia(a)us.ibm.com&gt; Introduces two new -machine option parameters to the QEMU command to enable/disable the CPACF protected key management operations for a guest: aes-key-wrap='on|off' dea-key-wrap='on|off' The QEMU code maps the corresponding domain configuration elements to the QEMU -machine option parameters to create the QEMU command: <cipher name='aes' state='on'> --> aes-key-wrap=on <cipher name='aes' state='off'> --> aes-key-wrap=off <cipher name='dea' state='on'> --> dea-key-wrap=on <cipher name='dea' state='off'> --> dea-key-wrap=off Signed-off-by: Tony Krowiak <akrowiak(a)linux.vnet.ibm.com&gt; Signed-off-by: Daniel Hansel <daniel.hansel(a)linux.vnet.ibm.com&gt; Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.vnet.ibm.com&gt; Reviewed-by: Boris Fiuczynski <fiuczy(a)linux.vnet.ibm.com&gt; Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt; --- src/qemu/qemu_capabilities.c | 4 +++ src/qemu/qemu_capabilities.h | 2 ++ src/qemu/qemu_command.c | 73 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 2939f8d..98fc5f8 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -38,6 +38,7 @@ #include "virnetdevbridge.h" #include "virstring.h" #include "virtime.h" +#include "virutil.h"

#include "viruuid.h" #include "c-ctype.h" #include "domain_nwfilter.h" @@ -7286,6 +7287,39 @@ qemuBuildObsoleteAccelArg(virCommandPtr cmd, return 0; } +static bool +qemuAppendKeyWrapMachineParm(virBuffer *buf, virQEMUCapsPtr qemuCaps, + int flag, const char *pname, int pstate) +{ + if (pstate != VIR_TRISTATE_SWITCH_ABSENT) { + if (!virQEMUCapsGet(qemuCaps, flag)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("%s is not available with this QEMU binary"), pname); + return false; + }