qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH 2/6] i386/sev: extend sev-guest property to include SEV-S

From: Brijesh Singh
Subject: Re: [RFC PATCH 2/6] i386/sev: extend sev-guest property to include SEV-SNP
Date: Mon, 12 Jul 2021 10:56:40 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 


On 7/12/21 9:43 AM, Daniel P. Berrangé wrote:

On Fri, Jul 09, 2021 at 04:55:46PM -0500, Brijesh Singh wrote:

To launch the SEV-SNP guest, a user can specify up to 8 parameters.
Passing all parameters through command line can be difficult.


This sentence applies to pretty much everything in QEMU and the
SEV-SNP example is nowhere near an extreme example IMHO.


                                                              To simplify
the launch parameter passing, introduce a .ini-like config file that can be
used for passing the parameters to the launch flow.


Inventing a new config file format for usage by just one specific
niche feature in QEMU is something I'd say we do not want.

Our long term goal in QEMU is to move to a world where 100% of
QEMU configuration is provided in JSON format, using the QAPI
schema to define the accepted input set.
I am open to all suggestions. I was trying to avoid passing all these parameters through the command line because some of them can be huge (up to a page size) 




The contents of the config file will look like this:

$ cat snp-launch.init

# SNP launch parameters
[SEV-SNP]
init_flags = 0
policy = 0x1000
id_block = "YWFhYWFhYWFhYWFhYWFhCg=="


These parameters are really tiny and trivial to provide on the command
line, so I'm not finding this config file compelling.
I have only included 3 small parameters. Other parameters can be up to a page size. The breakdown looks like this: 

policy: 8 bytes
flags: 8 bytes
id_block: 96 bytes
id_auth: 4096 bytes
host_data: 32 bytes
gosvw: 16 bytes






Add 'snp' property that can be used to indicate that SEV guest launch
should enable the SNP support.

SEV-SNP guest launch examples:

1) launch without additional parameters

   $(QEMU_CLI) \
     -object sev-guest,id=sev0,snp=on

2) launch with optional parameters
   $(QEMU_CLI) \
     -object sev-guest,id=sev0,snp=on,launch-config=<file>

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
  docs/amd-memory-encryption.txt |  81 +++++++++++-
  qapi/qom.json                  |   6 +
  target/i386/sev.c              | 227 +++++++++++++++++++++++++++++++++
  3 files changed, 312 insertions(+), 2 deletions(-)


Regards,
Daniel
reply via email to
[Prev in Thread] Current Thread [Next in Thread]