[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [RFC PATCH v1 05/22] i386: add new option to enable SEV gue
|
From: |
Brijesh Singh |
|
Subject: |
[Qemu-devel] [RFC PATCH v1 05/22] i386: add new option to enable SEV guest |
|
Date: |
Tue, 13 Sep 2016 10:47:33 -0400 |
|
User-agent: |
StGit/0.17.1-dirty |
The patch adds '-sev' option to enable the Secure Encrypted
Virtualization (SEV) guest. If this option is specified, Qemu
assumes that user wants to launch this guest into SEV mode.
Here are example on how to launch a guest into SEV mode.
1) late launch: in this mode the images received from guest
owner are unencrypted and must be encrypted using SEV LAUNCH command
before starting the guest.
$ qemu -sev type=unencrypted config=guest_01.conf
2) pre-encrypted: in this mode the images received from guest
owners are encrypted using transport keys. It must be re-encrypted
using SEV RECEIVE commands before starting the guest.
$ qemu -sev type=encrypted config=guest_02.conf
The config file will contains various parameters (e.g key , policy)
required during guest launch process.
Signed-off-by: Brijesh Singh <address@hidden>
---
qemu-options.hx | 6 ++++++
vl.c | 29 +++++++++++++++++++++++++++++
2 files changed, 35 insertions(+)
diff --git a/qemu-options.hx b/qemu-options.hx
index a71aaf8..1b6aa82 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -118,6 +118,12 @@ given, the total number of CPUs @var{n} can be omitted.
@var{maxcpus}
specifies the maximum number of hotpluggable CPUs.
ETEXI
+DEF("sev", HAS_ARG, QEMU_OPTION_sev,
+ "-sev type=[encrypted,unencrypted] config=<file>\n"
+ " image type (encrypted or unencrypted)\n"
+ " set the config file for SEV guest\n",
+ QEMU_ARCH_I386)
+
DEF("numa", HAS_ARG, QEMU_OPTION_numa,
"-numa node[,mem=size][,cpus=cpu[-cpu]][,nodeid=node]\n"
"-numa node[,memdev=id][,cpus=cpu[-cpu]][,nodeid=node]\n", QEMU_ARCH_ALL)
diff --git a/vl.c b/vl.c
index b3c80d5..22b8eba 100644
--- a/vl.c
+++ b/vl.c
@@ -178,6 +178,7 @@ bool boot_strict;
uint8_t *boot_splash_filedata;
size_t boot_splash_filedata_size;
uint8_t qemu_extra_params_fw[2];
+static bool sev_allowed;
int icount_align_option;
@@ -506,6 +507,25 @@ static QemuOptsList qemu_fw_cfg_opts = {
},
};
+static QemuOptsList qemu_sev_opts = {
+ .name = "sev",
+ .implied_opt_name = "name",
+ .head = QTAILQ_HEAD_INITIALIZER(qemu_sev_opts.head),
+ .desc = {
+ {
+ .name = "config",
+ .type = QEMU_OPT_STRING,
+ .help = "Set the SEV config file\n",
+ },
+ {
+ .name = "type",
+ .type = QEMU_OPT_STRING,
+ .help = "Set the image type (encrypted or unencrypted)\n",
+ },
+ { /* end of list */ }
+ },
+};
+
/**
* Get machine options
*
@@ -3002,6 +3022,7 @@ int main(int argc, char **argv, char **envp)
qemu_add_opts(&qemu_icount_opts);
qemu_add_opts(&qemu_semihosting_config_opts);
qemu_add_opts(&qemu_fw_cfg_opts);
+ qemu_add_opts(&qemu_sev_opts);
module_call_init(MODULE_INIT_OPTS);
runstate_init();
@@ -3970,6 +3991,14 @@ int main(int argc, char **argv, char **envp)
exit(1);
}
break;
+ case QEMU_OPTION_sev:
+ olist = qemu_find_opts("sev");
+ opts = qemu_opts_parse_noisily(olist, optarg, true);
+ if (!opts) {
+ exit(1);
+ }
+ sev_allowed = true;
+ break;
default:
os_parse_cmd_args(popt->index, optarg);
}
- [Qemu-devel] [RFC PATCH v1 21/22] hw: add pre and post system reset callback, (continued)
- [Qemu-devel] [RFC PATCH v1 05/22] i386: add new option to enable SEV guest,
Brijesh Singh <=
[Qemu-devel] [RFC PATCH v1 07/22] sev: add SEV launch start command, Brijesh Singh, 2016/09/13
[Qemu-devel] [RFC PATCH v1 12/22] sev: add SEV guest status command, Brijesh Singh, 2016/09/13
[Qemu-devel] [RFC PATCH v1 22/22] loader: reload bios image on ROM reset in SEV-enabled guest, Brijesh Singh, 2016/09/13