[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC PATCH v1 05/22] i386: add new option to enable SEV
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [RFC PATCH v1 05/22] i386: add new option to enable SEV guest |
Date: |
Wed, 14 Sep 2016 11:11:51 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 14/09/2016 10:41, Daniel P. Berrange wrote:
>> > Any reason not to pass the sev options themselves through -sev? You can
>> > then use "-readconfig sev-guest.cfg" where sev-guest.cfg contains
>> >
>> > [sev]
>> > type="encrypted"
>> > flags = "00000000"
>> > policy = "000000"
>> > dh_pub_qx = "0123456789abcdef0123456789abcdef"
>> > dh_pub_qy = "0123456789abcdef0123456789abcdef"
>> > nonce = "0123456789abcdef"
>> > vcpu_count = "1"
>> > vcpu_length = "30"
>> > vcpu_mask = "00ab"
> Agreed, it is really preferrable to define all the options via
> one command line arg (using -object) and not re-invent external
> config files when QEMU already has generic config file support
To be fair, they _were_ reusing QEMU's config file support. I was
ambivalent regarding using -object vs. creating a new command line,
since this is a singleton object, but indeed it's nicer if the policy is
split to its own object.
The object would be defined like this:
[object "mypolicy"]
qom-type = "sev-policy-encrypted"
dh_pub_qx = "..."
dh_pub_qy = "..."
nonce = "..."
...
and then you also need to add a property to the MachineState. The
property is accessed with -machine, and it creates a link to the policy
object---which also enables sev. In the end you'd have this on the
command line:
-readconfig mypolicy.cfg -machine sev-policy=mypolicy
Thanks,
Paolo
- [Qemu-devel] [RFC PATCH v1 21/22] hw: add pre and post system reset callback, (continued)
- [Qemu-devel] [RFC PATCH v1 07/22] sev: add SEV launch start command, Brijesh Singh, 2016/09/13
- [Qemu-devel] [RFC PATCH v1 12/22] sev: add SEV guest status command, Brijesh Singh, 2016/09/13
- [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Brijesh Singh, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Michael S. Tsirkin, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Paolo Bonzini, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Michael S. Tsirkin, 2016/09/13
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Brijesh Singh, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Paolo Bonzini, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Michael S. Tsirkin, 2016/09/14
- Re: [Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Paolo Bonzini, 2016/09/14