diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index c26408c400..ae25b9b1bc 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -467,12 +467,16 @@
sev
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index bbe59f61d0..efa5ac527b 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -16764,6 +16764,7 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
virDomainSEVDefPtr def;
unsigned long policy;
g_autofree char *type = NULL;
+ int rc = -1;
def = g_new0(virDomainSEVDef, 1);
@@ -16788,25 +16789,35 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
goto error;
}
- if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) {
- virReportError(VIR_ERR_XML_ERROR, "%s",
- _("failed to get launch security cbitpos"));
- goto error;
- }
-
- if (virXPathUInt("string(./reducedPhysBits)", ctxt,
- &def->reduced_phys_bits) < 0) {
- virReportError(VIR_ERR_XML_ERROR, "%s",
- _("failed to get launch security reduced-phys-bits"));
- goto error;
- }
-
if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("failed to get launch security policy"));
goto error;
}
+ /* the following attributes are platform dependent and if missing, we can
+ * autofill them from domain capabilities later
+ */
+ rc = virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos);
+ if (rc == 0) {
+ def->haveCbitpos = true;
+ } else if (rc == -2) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("Invalid format for launch security cbitpos"));
+ goto error;
+ }
+
+ rc = virXPathUInt("string(./reducedPhysBits)", ctxt,
+ &def->reduced_phys_bits);
+ if (rc == 0) {
+ def->haveReducedPhysBits = true;
+ } else if (rc == -2) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("Invalid format for launch security "
+ "reduced-phys-bits"));
+ goto error;
+ }
+
def->policy = policy;
def->dh_cert = virXPathString("string(./dhCert)", ctxt);
def->session = virXPathString("string(./session)", ctxt);
@@ -28958,9 +28969,12 @@ virDomainSEVDefFormat(virBufferPtr buf, virDomainSEVDefPtr sev)
virDomainLaunchSecurityTypeToString(sev->sectype));
virBufferAdjustIndent(buf, 2);
- virBufferAsprintf(buf, "%d\n", sev->cbitpos);
- virBufferAsprintf(buf, "%d\n",
- sev->reduced_phys_bits);
+ if (sev->haveCbitpos)
+ virBufferAsprintf(buf, "%d\n", sev->cbitpos);
+
+ if (sev->haveReducedPhysBits)
+ virBufferAsprintf(buf, "%d\n",
+ sev->reduced_phys_bits);
virBufferAsprintf(buf, "0x%04x\n", sev->policy);
if (sev->dh_cert)
virBufferEscapeString(buf, "%s\n", sev->dh_cert);
diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args
new file mode 100644
index 0000000000..378c3b681c
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args
@@ -0,0 +1,37 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-QEMUGuest1 \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-x86_64 \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object secret,id=masterKey0,format=raw,\
+file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
+-machine pc-1.0,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=sev0 \
+-m 214 \
+-realtime mlock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot strict=on \
+-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
+-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
+-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
+-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x1,\
+dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\
+session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
+resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.xml b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.xml
new file mode 100644
index 0000000000..41ec4cb872
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.xml
@@ -0,0 +1,35 @@
+
+ QEMUGuest1
+ c7a5fdbd-edaf-9455-926a-d65c16db1809
+ 219100
+ 219100
+ 1
+
+ hvm
+
+
+
+ destroy
+ restart
+ destroy
+
+ /usr/bin/qemu-system-x86_64
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0x0001
+ AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA
+ IHAVENOIDEABUTJUSTPROVIDINGASTRING
+
+
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index f0f6ae95e5..092e80e9c0 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -3319,6 +3319,7 @@ mymain(void)
DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw-auto", "s390x");
DO_TEST_CAPS_VER("launch-security-sev", "2.12.0");
+ DO_TEST_CAPS_VER("launch-security-sev-missing-platform-info", "2.12.0");
DO_TEST_CAPS_LATEST("vhost-user-fs-fd-memory");
DO_TEST_CAPS_LATEST("vhost-user-fs-hugepages");