mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-06 13:20:20 +00:00
11ab77fe88
QEMU >= 2.12 provides 'sev-guest' object which is used to launch encrypted VMs on AMD platform using SEV feature. The various inputs required to launch SEV guest is provided through the <launch-security> tag. A typical SEV guest launch command line looks like this: -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 ...\ -machine memory-encryption=sev0 \ Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
30 lines
901 B
Plaintext
30 lines
901 B
Plaintext
LC_ALL=C \
|
|
PATH=/bin \
|
|
HOME=/home/test \
|
|
USER=test \
|
|
LOGNAME=test \
|
|
QEMU_AUDIO_DRV=none \
|
|
/usr/bin/qemu-system-x86_64 \
|
|
-name QEMUGuest1 \
|
|
-S \
|
|
-machine pc-1.0,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=sev0 \
|
|
-m 214 \
|
|
-smp 1,sockets=1,cores=1,threads=1 \
|
|
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
|
|
-display none \
|
|
-no-user-config \
|
|
-nodefaults \
|
|
-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\
|
|
server,nowait \
|
|
-mon chardev=charmonitor,id=monitor,mode=control \
|
|
-rtc base=utc \
|
|
-no-shutdown \
|
|
-no-acpi \
|
|
-boot c \
|
|
-usb \
|
|
-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
|
|
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
|
|
-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x1,\
|
|
dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\
|
|
session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64
|