diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 170d28f6fc..97f88f00f6 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9870,9 +9870,11 @@ static int qemuBuildSEVCommandLine(virDomainObjPtr vm, virCommandPtr cmd, virDomainSEVDefPtr sev) { + g_autoptr(virJSONValue) props = NULL; g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; qemuDomainObjPrivatePtr priv = vm->privateData; - char *path = NULL; + g_autofree char *dhpath = NULL; + g_autofree char *sessionpath = NULL; if (!sev) return 0; @@ -9880,21 +9882,23 @@ qemuBuildSEVCommandLine(virDomainObjPtr vm, virCommandPtr cmd, VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d", sev->policy, sev->cbitpos, sev->reduced_phys_bits); - virBufferAsprintf(&buf, "sev-guest,id=sev0,cbitpos=%d", sev->cbitpos); - virBufferAsprintf(&buf, ",reduced-phys-bits=%d", sev->reduced_phys_bits); - virBufferAsprintf(&buf, ",policy=0x%x", sev->policy); + if (sev->dh_cert) + dhpath = g_strdup_printf("%s/dh_cert.base64", priv->libDir); - if (sev->dh_cert) { - path = g_strdup_printf("%s/dh_cert.base64", priv->libDir); - virBufferAsprintf(&buf, ",dh-cert-file=%s", path); - VIR_FREE(path); - } + if (sev->session) + sessionpath = g_strdup_printf("%s/session.base64", priv->libDir); - if (sev->session) { - path = g_strdup_printf("%s/session.base64", priv->libDir); - virBufferAsprintf(&buf, ",session-file=%s", path); - VIR_FREE(path); - } + if (qemuMonitorCreateObjectProps(&props, "sev-guest", "sev0", + "u:cbitpos", sev->cbitpos, + "u:reduced-phys-bits", sev->reduced_phys_bits, + "u:policy", sev->policy, + "S:dh-cert-file", dhpath, + "S:session-file", sessionpath, + NULL) < 0) + return -1; + + if (virQEMUBuildObjectCommandlineFromJSON(&buf, props) < 0) + return -1; virCommandAddArg(cmd, "-object"); virCommandAddArgBuffer(cmd, &buf); diff --git a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args index f6cbd016df..717a21b7b0 100644 --- a/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args +++ b/tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args @@ -29,7 +29,7 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \ -drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \ -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \ --object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x1,\ +-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=1,\ dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\ session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\ diff --git a/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args b/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args index f6cbd016df..717a21b7b0 100644 --- a/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args +++ b/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args @@ -29,7 +29,7 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \ -drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \ -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \ --object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x1,\ +-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=1,\ dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\ session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\