Re: [libvirt] [PATCH v2 1/9] qemu: provide support to query the SEV capability
On 03/12/2018 08:52 AM, Peter Krempa wrote:
On Mon, Mar 12, 2018 at 13:31:23 +0000, Daniel Berrange wrote:
> On Thu, Mar 08, 2018 at 11:12:00AM -0600, Brijesh Singh wrote:
>> QEMU version >= 2.12 provides support for launching an encrypted VMs on
>> AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
>> This patch adds support to query the SEV capability from the qemu.
>>
>> Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com>
>> ---
>> src/conf/domain_capabilities.h | 13 ++++++++
>> src/qemu/qemu_capabilities.c | 43 +++++++++++++++++++++++++
>> src/qemu/qemu_capabilities.h | 1 +
>> src/qemu/qemu_capspriv.h | 4 +++
>> src/qemu/qemu_monitor.c | 9 ++++++
>> src/qemu/qemu_monitor.h | 3 ++
>> src/qemu/qemu_monitor_json.c | 73 ++++++++++++++++++++++++++++++++++++++++++
>> src/qemu/qemu_monitor_json.h | 3 ++
>> 8 files changed, 149 insertions(+)
>>
[...]
>> @@ -4896,6 +4927,12 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps,
>> virQEMUCapsSet(qemuCaps, QEMU_CAPS_MACHINE_PSERIES_MAX_CPU_COMPAT);
>> }
>>
>> + /* no way to query -object sev-guest */
>> + if (ARCH_IS_X86(qemuCaps->arch) &&
>> + qemuCaps->version >= 2012000) {
>> + virQEMUCapsSet(qemuCaps, QEMU_CAPS_SEV);
>> + }
>
> Sigh, we really need to fix introspection of -object types one day...
Quick grep-ing found that we are able to probe for 'memory-backend-ram'
or 'secret' objects so the 'sev' object should be possible to probe too.
thanks for suggestions I will investigate this.
You should add test data with the qemu patches applied so that we
can
verify it.
the patch [1] adds support to test the sev specific tags.
[1] https://www.redhat.com/archives/libvir-list/2018-March/msg00452.html
Anyways, we should not push this until it's in upstream qemu.