On 22/09/2016 16:52, Brijesh Singh wrote: > to launch unencrypted SEV guest: > # $QEMU \ > -object sev-launch-info,id=launch0,flags.ks=off \ > -object sev-guest-info,id,sev0,launch=launch0 \ > -object security-policy,id=secure0,memory-encryption=sev0 \ > -machine ....,security-policy=secure0 > > - sev-receive-info: provides the properties to set/get parameters required > to launch encrypted SEV guest. > > In this mode the boot images received from the guest owner are > pre-encrypted with owners transport keys. The SEV guest boot process > would re-encrypt the images using guest owner's key. > > to launch encrypted SEV guest: > > # $QEMU \ > -object sev-receive-info,id=launch0,flags.ks=off \ > -object sev-guest-info,id=sev0,launch=launch0 \ > -object security-policy,id=secure0,memory-encryption=sev0 \ > -machine ....,security-policy=secure0 > > - sev-policy-info: provides properties to get/set SEV specific policy > parameters required by SEV launch and migrate objects. > > e.g to disable key share during encrypted launch. > # $QEMU \ > -object sev-policy-info,id=policy0,ks=off \ > -object sev-launch-info,id=sev0,policy=policy0 \ > ..... > > sev-policy should be provided by the guest owner. > > - sev-guest-info: provides properties to set SEV guest launch object id > used during guest launch. > > to use encrypted guest launch > # $QEMU \ > -object sev-receive-info,id=launch0 \ > -object sev-send-info,id=send0 \ > -object sev-guest-info,id=sev0,launch=launch0,send=send0 \ > ..... >
References to other objects should be implemented as link properties (e.g. with type 'link<sev-guest-info>'). Then QOM takes care of filling in a QSEVGuestInfo* with the pointer to an object with the right id. There is some redundancy (e.g. "flags.ks" in launch/receive vs. "ks" in policy). Can you document the full model in docs/amd-memory-encryption.txt? It's not necessary to include the kernel API documentation. Paolo