mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-01 20:05:46 +00:00
conf: prefer camelCase for launchSecurity
Adjust the documentation, parser and tests to change: launch-security -> launchSecurity reduced-phys-bits -> reducedPhysBits dh-cert -> dhCert Also fix the headline in formatdomain.html to be more generic, and some leftover closing elements in the documentation. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Tested-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
a95b99d030
commit
e56ff8bc72
@ -8458,12 +8458,12 @@ qemu-kvm -net nic,model=? /dev/null
|
|||||||
|
|
||||||
<p>Note: DEA/TDEA is synonymous with DES/TDES.</p>
|
<p>Note: DEA/TDEA is synonymous with DES/TDES.</p>
|
||||||
|
|
||||||
<h3><a id="sev">Secure Encrypted Virtualization (SEV)</a></h3>
|
<h3><a id="sev">Launch Security</a></h3>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
The contents of the <code><launch-security type='sev'></code> element
|
The contents of the <code><launchSecurity type='sev'></code> element
|
||||||
is used to provide the guest owners input used for creating an encrypted
|
is used to provide the guest owners input used for creating an encrypted
|
||||||
VM using the AMD SEV feature.
|
VM using the AMD SEV feature (Secure Encrypted Virtualization).
|
||||||
|
|
||||||
SEV is an extension to the AMD-V architecture which supports running
|
SEV is an extension to the AMD-V architecture which supports running
|
||||||
encrypted virtual machine (VMs) under the control of KVM. Encrypted
|
encrypted virtual machine (VMs) under the control of KVM. Encrypted
|
||||||
@ -8480,13 +8480,13 @@ qemu-kvm -net nic,model=? /dev/null
|
|||||||
<pre>
|
<pre>
|
||||||
<domain>
|
<domain>
|
||||||
...
|
...
|
||||||
<launch-security type='sev'>
|
<launchSecurity type='sev'>
|
||||||
<policy> 0x0001 </policy>
|
<policy> 0x0001 </policy>
|
||||||
<cbitpos> 47 </cbitpos>
|
<cbitpos> 47 </cbitpos>
|
||||||
<reduced-phys-bits> 1 </reduced-phys-bits>
|
<reducedPhysBits> 1 </reducedPhysBits>
|
||||||
|
<dhCert> RBBBSDDD=FDDCCCDDDG </dhCert>
|
||||||
<session> AAACCCDD=FFFCCCDSDS </session>
|
<session> AAACCCDD=FFFCCCDSDS </session>
|
||||||
<dh-cert> RBBBSDDD=FDDCCCDDDG </dh>
|
</launchSecurity>
|
||||||
</sev>
|
|
||||||
...
|
...
|
||||||
</domain>
|
</domain>
|
||||||
</pre>
|
</pre>
|
||||||
@ -8498,8 +8498,8 @@ qemu-kvm -net nic,model=? /dev/null
|
|||||||
hypervisor dependent and can be obtained through the <code>sev</code> element
|
hypervisor dependent and can be obtained through the <code>sev</code> element
|
||||||
from the domain capabilities.
|
from the domain capabilities.
|
||||||
</dd>
|
</dd>
|
||||||
<dt><code>reduced-phys-bits</code></dt>
|
<dt><code>reducedPhysBits</code></dt>
|
||||||
<dd>The required <code>reduced-phys-bits</code> element provides the physical
|
<dd>The required <code>reducedPhysBits</code> element provides the physical
|
||||||
address bit reducation. Similar to <code>cbitpos</code> the value of <code>
|
address bit reducation. Similar to <code>cbitpos</code> the value of <code>
|
||||||
reduced-phys-bit</code> is hypervisor dependent and can be obtained
|
reduced-phys-bit</code> is hypervisor dependent and can be obtained
|
||||||
through the <code>sev</code> element from the domain capabilities.
|
through the <code>sev</code> element from the domain capabilities.
|
||||||
@ -8558,8 +8558,8 @@ qemu-kvm -net nic,model=? /dev/null
|
|||||||
</table>
|
</table>
|
||||||
|
|
||||||
</dd>
|
</dd>
|
||||||
<dt><code>dh-cert</code></dt>
|
<dt><code>dhCert</code></dt>
|
||||||
<dd>The optional <code>dh-cert</code> element provides the guest owners
|
<dd>The optional <code>dhCert</code> element provides the guest owners
|
||||||
base64 encoded Diffie-Hellman (DH) key. The key is used to negotiate a
|
base64 encoded Diffie-Hellman (DH) key. The key is used to negotiate a
|
||||||
master secret key between the SEV firmware and guest owner. This master
|
master secret key between the SEV firmware and guest owner. This master
|
||||||
secret key is then used to establish a trusted channel between SEV
|
secret key is then used to establish a trusted channel between SEV
|
||||||
|
@ -78,7 +78,7 @@
|
|||||||
<ref name='keywrap'/>
|
<ref name='keywrap'/>
|
||||||
</optional>
|
</optional>
|
||||||
<optional>
|
<optional>
|
||||||
<ref name='launch-security'/>
|
<ref name='launchSecurity'/>
|
||||||
</optional>
|
</optional>
|
||||||
</interleave>
|
</interleave>
|
||||||
</element>
|
</element>
|
||||||
@ -439,8 +439,8 @@
|
|||||||
</element>
|
</element>
|
||||||
</define>
|
</define>
|
||||||
|
|
||||||
<define name="launch-security">
|
<define name="launchSecurity">
|
||||||
<element name="launch-security">
|
<element name="launchSecurity">
|
||||||
<attribute name="type">
|
<attribute name="type">
|
||||||
<value>sev</value>
|
<value>sev</value>
|
||||||
</attribute>
|
</attribute>
|
||||||
@ -448,7 +448,7 @@
|
|||||||
<element name="cbitpos">
|
<element name="cbitpos">
|
||||||
<data type='unsignedInt'/>
|
<data type='unsignedInt'/>
|
||||||
</element>
|
</element>
|
||||||
<element name="reduced-phys-bits">
|
<element name="reducedPhysBits">
|
||||||
<data type='unsignedInt'/>
|
<data type='unsignedInt'/>
|
||||||
</element>
|
</element>
|
||||||
<element name="policy">
|
<element name="policy">
|
||||||
@ -460,7 +460,7 @@
|
|||||||
</element>
|
</element>
|
||||||
</optional>
|
</optional>
|
||||||
<optional>
|
<optional>
|
||||||
<element name="dh-cert">
|
<element name="dhCert">
|
||||||
<data type="string"/>
|
<data type="string"/>
|
||||||
</element>
|
</element>
|
||||||
</optional>
|
</optional>
|
||||||
|
@ -15862,7 +15862,7 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
|
|||||||
|
|
||||||
if (!(type = virXMLPropString(sevNode, "type"))) {
|
if (!(type = virXMLPropString(sevNode, "type"))) {
|
||||||
virReportError(VIR_ERR_XML_ERROR, "%s",
|
virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||||
_("missing launch-security type"));
|
_("missing launch security type"));
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -15874,33 +15874,33 @@ virDomainSEVDefParseXML(xmlNodePtr sevNode,
|
|||||||
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
|
case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
|
||||||
default:
|
default:
|
||||||
virReportError(VIR_ERR_XML_ERROR,
|
virReportError(VIR_ERR_XML_ERROR,
|
||||||
_("unsupported launch-security type '%s'"),
|
_("unsupported launch security type '%s'"),
|
||||||
type);
|
type);
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) {
|
if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) {
|
||||||
virReportError(VIR_ERR_XML_ERROR, "%s",
|
virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||||
_("failed to get launch-security cbitpos"));
|
_("failed to get launch security cbitpos"));
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (virXPathUInt("string(./reduced-phys-bits)", ctxt,
|
if (virXPathUInt("string(./reducedPhysBits)", ctxt,
|
||||||
&def->reduced_phys_bits) < 0) {
|
&def->reduced_phys_bits) < 0) {
|
||||||
virReportError(VIR_ERR_XML_ERROR, "%s",
|
virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||||
_("failed to get launch-security reduced-phys-bits"));
|
_("failed to get launch security reduced-phys-bits"));
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) {
|
if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) {
|
||||||
virReportError(VIR_ERR_XML_ERROR, "%s",
|
virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||||
_("failed to get launch-security policy"));
|
_("failed to get launch security policy"));
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
def->policy = policy;
|
def->policy = policy;
|
||||||
|
|
||||||
if ((tmp = virXPathString("string(./dh-cert)", ctxt))) {
|
if ((tmp = virXPathString("string(./dhCert)", ctxt))) {
|
||||||
if (VIR_STRDUP(def->dh_cert, tmp) < 0)
|
if (VIR_STRDUP(def->dh_cert, tmp) < 0)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
@ -20730,7 +20730,7 @@ virDomainDefParseXML(xmlDocPtr xml,
|
|||||||
VIR_FREE(nodes);
|
VIR_FREE(nodes);
|
||||||
|
|
||||||
/* Check for SEV feature */
|
/* Check for SEV feature */
|
||||||
if ((node = virXPathNode("./launch-security", ctxt)) != NULL) {
|
if ((node = virXPathNode("./launchSecurity", ctxt)) != NULL) {
|
||||||
def->sev = virDomainSEVDefParseXML(node, ctxt);
|
def->sev = virDomainSEVDefParseXML(node, ctxt);
|
||||||
if (!def->sev)
|
if (!def->sev)
|
||||||
goto error;
|
goto error;
|
||||||
@ -26771,22 +26771,22 @@ virDomainSEVDefFormat(virBufferPtr buf, virDomainSevDefPtr sev)
|
|||||||
if (!sev)
|
if (!sev)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
virBufferAsprintf(buf, "<launch-security type='%s'>\n",
|
virBufferAsprintf(buf, "<launchSecurity type='%s'>\n",
|
||||||
virDomainLaunchSecurityTypeToString(sev->sectype));
|
virDomainLaunchSecurityTypeToString(sev->sectype));
|
||||||
virBufferAdjustIndent(buf, 2);
|
virBufferAdjustIndent(buf, 2);
|
||||||
|
|
||||||
virBufferAsprintf(buf, "<cbitpos>%d</cbitpos>\n", sev->cbitpos);
|
virBufferAsprintf(buf, "<cbitpos>%d</cbitpos>\n", sev->cbitpos);
|
||||||
virBufferAsprintf(buf, "<reduced-phys-bits>%d</reduced-phys-bits>\n",
|
virBufferAsprintf(buf, "<reducedPhysBits>%d</reducedPhysBits>\n",
|
||||||
sev->reduced_phys_bits);
|
sev->reduced_phys_bits);
|
||||||
virBufferAsprintf(buf, "<policy>0x%04x</policy>\n", sev->policy);
|
virBufferAsprintf(buf, "<policy>0x%04x</policy>\n", sev->policy);
|
||||||
if (sev->dh_cert)
|
if (sev->dh_cert)
|
||||||
virBufferEscapeString(buf, "<dh-cert>%s</dh-cert>\n", sev->dh_cert);
|
virBufferEscapeString(buf, "<dhCert>%s</dhCert>\n", sev->dh_cert);
|
||||||
|
|
||||||
if (sev->session)
|
if (sev->session)
|
||||||
virBufferEscapeString(buf, "<session>%s</session>\n", sev->session);
|
virBufferEscapeString(buf, "<session>%s</session>\n", sev->session);
|
||||||
|
|
||||||
virBufferAdjustIndent(buf, -2);
|
virBufferAdjustIndent(buf, -2);
|
||||||
virBufferAddLit(buf, "</launch-security>\n");
|
virBufferAddLit(buf, "</launchSecurity>\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -14,11 +14,11 @@
|
|||||||
<on_crash>destroy</on_crash>
|
<on_crash>destroy</on_crash>
|
||||||
<devices>
|
<devices>
|
||||||
</devices>
|
</devices>
|
||||||
<launch-security type='sev'>
|
<launchSecurity type='sev'>
|
||||||
<cbitpos>47</cbitpos>
|
<cbitpos>47</cbitpos>
|
||||||
<reduced-phys-bits>1</reduced-phys-bits>
|
<reducedPhysBits>1</reducedPhysBits>
|
||||||
<policy>0x0001</policy>
|
<policy>0x0001</policy>
|
||||||
<dh-cert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dh-cert>
|
<dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCert>
|
||||||
<session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
|
<session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
|
||||||
</launch-security>
|
</launchSecurity>
|
||||||
</domain>
|
</domain>
|
||||||
|
@ -27,11 +27,11 @@
|
|||||||
<input type='keyboard' bus='ps2'/>
|
<input type='keyboard' bus='ps2'/>
|
||||||
<memballoon model='none'/>
|
<memballoon model='none'/>
|
||||||
</devices>
|
</devices>
|
||||||
<launch-security type='sev'>
|
<launchSecurity type='sev'>
|
||||||
<cbitpos>47</cbitpos>
|
<cbitpos>47</cbitpos>
|
||||||
<reduced-phys-bits>1</reduced-phys-bits>
|
<reducedPhysBits>1</reducedPhysBits>
|
||||||
<policy>0x0001</policy>
|
<policy>0x0001</policy>
|
||||||
<dh-cert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dh-cert>
|
<dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCert>
|
||||||
<session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
|
<session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
|
||||||
</launch-security>
|
</launchSecurity>
|
||||||
</domain>
|
</domain>
|
||||||
|
Loading…
Reference in New Issue
Block a user