On 03/12/2018 08:52 AM, Peter Krempa wrote:
On Mon, Mar 12, 2018 at 13:31:23 +0000, Daniel Berrange wrote:
On Thu, Mar 08, 2018 at 11:12:00AM -0600, Brijesh Singh wrote:
QEMU version >= 2.12 provides support for launching an encrypted VMs on AMD x86 platform using Secure Encrypted Virtualization (SEV) feature. This patch adds support to query the SEV capability from the qemu.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- src/conf/domain_capabilities.h | 13 ++++++++ src/qemu/qemu_capabilities.c | 43 +++++++++++++++++++++++++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_capspriv.h | 4 +++ src/qemu/qemu_monitor.c | 9 ++++++ src/qemu/qemu_monitor.h | 3 ++ src/qemu/qemu_monitor_json.c | 73 ++++++++++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 3 ++ 8 files changed, 149 insertions(+)
[...]
@@ -4896,6 +4927,12 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps, virQEMUCapsSet(qemuCaps, QEMU_CAPS_MACHINE_PSERIES_MAX_CPU_COMPAT); }
+ /* no way to query -object sev-guest */ + if (ARCH_IS_X86(qemuCaps->arch) && + qemuCaps->version >= 2012000) { + virQEMUCapsSet(qemuCaps, QEMU_CAPS_SEV); + }
Sigh, we really need to fix introspection of -object types one day...
Quick grep-ing found that we are able to probe for 'memory-backend-ram' or 'secret' objects so the 'sev' object should be possible to probe too.
thanks for suggestions I will investigate this.
You should add test data with the qemu patches applied so that we can verify it.
the patch [1] adds support to test the sev specific tags. [1] https://www.redhat.com/archives/libvir-list/2018-March/msg00452.html
Anyways, we should not push this until it's in upstream qemu.