External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-06 18:05:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Use common id lsec0 for launchSecurity

Browse Source 
Use the common id 'lsec0' for all launchSecurity types in the QEMU
command line construction.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
This commit is contained in:
Boris Fiuczynski 2021-07-16 11:44:34 +02:00 committed by Pavel Hrdina
parent eca12fbee5
commit d6ca1ac981
5 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/qemu/qemu_command.c
View File

@ -6971,13 +6971,13 @@ qemuBuildMachineCommandLine(virCommand *cmd,
switch ((virDomainLaunchSecurity) def->sec->sectype) {
case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT)) {
virBufferAddLit(&buf, ",confidential-guest-support=sev0");
virBufferAddLit(&buf, ",confidential-guest-support=lsec0");
} else {
virBufferAddLit(&buf, ",memory-encryption=sev0");
virBufferAddLit(&buf, ",memory-encryption=lsec0");
}
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
virBufferAddLit(&buf, ",confidential-guest-support=pv0");
virBufferAddLit(&buf, ",confidential-guest-support=lsec0");
break;
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
@ -9858,7 +9858,7 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
if (sev->session)
sessionpath = g_strdup_printf("%s/session.base64", priv->libDir);
if (qemuMonitorCreateObjectProps(&props, "sev-guest", "sev0",
if (qemuMonitorCreateObjectProps(&props, "sev-guest", "lsec0",
"u:cbitpos", sev->cbitpos,
"u:reduced-phys-bits", sev->reduced_phys_bits,
"u:policy", sev->policy,
@ -9883,7 +9883,7 @@ qemuBuildPVCommandLine(virDomainObj *vm, virCommand *cmd)
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
qemuDomainObjPrivate *priv = vm->privateData;
if (qemuMonitorCreateObjectProps(&props, "s390-pv-guest", "pv0",
if (qemuMonitorCreateObjectProps(&props, "s390-pv-guest", "lsec0",
NULL) < 0)
return -1;

4
tests/qemuxml2argvdata/launch-security-s390-pv.s390x-latest.args
View File

@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \
-machine s390-ccw-virtio,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=pv0,memory-backend=s390.ram \
-machine s390-ccw-virtio,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=lsec0,memory-backend=s390.ram \
-cpu gen15a-base,aen=on,cmmnt=on,vxpdeh=on,aefsi=on,diag318=on,csske=on,mepoch=on,msa9=on,msa8=on,msa7=on,msa6=on,msa5=on,msa4=on,msa3=on,msa2=on,msa1=on,sthyi=on,edat=on,ri=on,deflate=on,edat2=on,etoken=on,vx=on,ipter=on,mepochptff=on,ap=on,vxeh=on,vxpd=on,esop=on,msa9_pckmo=on,vxeh2=on,esort=on,apqi=on,apft=on,els=on,iep=on,apqci=on,cte=on,ais=on,bpb=on,gs=on,ppa15=on,zpci=on,sea_esop2=on,te=on,cmm=on \
-m 214 \
-object '{"qom-type":"memory-backend-ram","id":"s390.ram","size":224395264}' \
@ -30,6 +30,6 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-device virtio-blk-ccw,devno=fe.0.0000,drive=libvirt-1-format,id=virtio-disk0,bootindex=1 \
-audiodev id=audio1,driver=none \
-device virtio-balloon-ccw,id=balloon0,devno=fe.0.0001 \
-object '{"qom-type":"s390-pv-guest","id":"pv0"}' \
-object '{"qom-type":"s390-pv-guest","id":"lsec0"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on

4
tests/qemuxml2argvdata/launch-security-sev-missing-platform-info.x86_64-2.12.0.args
View File

@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
-machine pc-1.0,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=sev0 \
-machine pc-1.0,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=lsec0 \
-m 214 \
-realtime mlock=off \
-smp 1,sockets=1,cores=1,threads=1 \
@ -28,6 +28,6 @@ QEMU_AUDIO_DRV=none \
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=1,dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \
-object sev-guest,id=lsec0,cbitpos=47,reduced-phys-bits=1,policy=1,dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on

4
tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
View File

@ -11,7 +11,7 @@ QEMU_AUDIO_DRV=none \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object secret,id=masterKey0,format=raw,file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
-machine pc-i440fx-2.12,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=sev0 \
-machine pc-i440fx-2.12,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=lsec0 \
-m 214 \
-realtime mlock=off \
-smp 1,sockets=1,cores=1,threads=1 \
@ -28,6 +28,6 @@ QEMU_AUDIO_DRV=none \
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=1,dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \
-object sev-guest,id=lsec0,cbitpos=47,reduced-phys-bits=1,policy=1,dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on

4
tests/qemuxml2argvdata/launch-security-sev.x86_64-6.0.0.args
View File

@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-name guest=QEMUGuest1,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}' \
-machine pc-i440fx-6.0,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=sev0,memory-backend=pc.ram \
-machine pc-i440fx-6.0,accel=kvm,usb=off,dump-guest-core=off,confidential-guest-support=lsec0,memory-backend=pc.ram \
-cpu qemu64 \
-m 214 \
-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
@ -31,6 +31,6 @@ XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}' \
-device ide-hd,bus=ide.0,unit=0,drive=libvirt-1-format,id=ide0-0-0,bootindex=1 \
-audiodev id=audio1,driver=none \
-object '{"qom-type":"sev-guest","id":"sev0","cbitpos":47,"reduced-phys-bits":1,"policy":1,"dh-cert-file":"/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64","session-file":"/tmp/lib/domain--1-QEMUGuest1/session.base64"}' \
-object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":47,"reduced-phys-bits":1,"policy":1,"dh-cert-file":"/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64","session-file":"/tmp/lib/domain--1-QEMUGuest1/session.base64"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on