On Mon, Mar 12, 2018 at 13:31:23 +0000, Daniel Berrange wrote:
On Thu, Mar 08, 2018 at 11:12:00AM -0600, Brijesh Singh wrote:
> QEMU version >= 2.12 provides support for launching an encrypted VMs on
> AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
> This patch adds support to query the SEV capability from the qemu.
>
> Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com>
> ---
> src/conf/domain_capabilities.h | 13 ++++++++
> src/qemu/qemu_capabilities.c | 43 +++++++++++++++++++++++++
> src/qemu/qemu_capabilities.h | 1 +
> src/qemu/qemu_capspriv.h | 4 +++
> src/qemu/qemu_monitor.c | 9 ++++++
> src/qemu/qemu_monitor.h | 3 ++
> src/qemu/qemu_monitor_json.c | 73 ++++++++++++++++++++++++++++++++++++++++++
> src/qemu/qemu_monitor_json.h | 3 ++
> 8 files changed, 149 insertions(+)
>
[...]
> @@ -4896,6 +4927,12 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr
qemuCaps,
> virQEMUCapsSet(qemuCaps, QEMU_CAPS_MACHINE_PSERIES_MAX_CPU_COMPAT);
> }
>
> + /* no way to query -object sev-guest */
> + if (ARCH_IS_X86(qemuCaps->arch) &&
> + qemuCaps->version >= 2012000) {
> + virQEMUCapsSet(qemuCaps, QEMU_CAPS_SEV);
> + }
Sigh, we really need to fix introspection of -object types one day...
Quick grep-ing found that we are able to probe for 'memory-backend-ram'
or 'secret' objects so the 'sev' object should be possible to probe too.
You should add test data with the qemu patches applied so that we can
verify it.
Anyways, we should not push this until it's in upstream qemu.