Hi All,
(sorry for the long message)
CPUs from AMD EPYC family supports Secure Encrypted Virtualization (SEV)
feature - the feature allows running encrypted VMs. To enable the feature,
I have been submitting patches to Linux kernel [1], Qemu [2] and OVMF [3].
We have been making some good
Hi Daniel,
On 09/08/2017 09:52 AM, Daniel P. Berrange wrote:
On Fri, Sep 08, 2017 at 01:45:06PM +, Relph, Richard wrote:
A few answers in line…
On 9/8/17, 8:16 AM, "Daniel P. Berrange" <berra...@redhat.com> wrote:
On Fri, Sep 08, 2017 at 06:57:30AM -0500, Bri
On 09/08/2017 10:51 AM, Daniel P. Berrange wrote:
On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
So I could see a flow like the following:
The flow looks good
1. mgmt tool calls virConnectGetCapabilities. This returns an XML
document that includes
On Wed, Sep 6, 2017 at 7:08 AM, Jiri Denemark wrote:
>
>
> We list model's features sorted by name.
>
> ACK with the issues fixed.
>
> However, it would be nice to add some CPUID data to our test suite.
> Luckily enough I have such data so I'll just resend [1] a fixed
On 9/29/17 4:58 PM, Laszlo Ersek wrote:
...
> The expansion ROMs (containing UEFI drivers) of emulated PCI devices,
> and the same of assigned physical PCI devices, constitute another
> channel through which code enters the guest from the outside (i.e., from
> the Cloud Provider). The ROM BARs
Hi Laszlo,
On 10/01/2017 04:56 AM, Laszlo Ersek wrote:
On 10/01/17 11:17, Laszlo Ersek wrote:
(3) Implement SEV encryption for pflash. A pflash chip can be in one of
two modes: (a) it reads and executes as ROM, or (b) it behaves like a
programmable (r/w) device with MMIO registers. Switching
ed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
src/cpu/cpu_map.xml | 74 +
1 file changed, 74 insertions(+)
diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
index 8e7ac49..522d66b 100644
--- a/src/cpu/cpu_map.xml
+++ b/src/cpu/cpu_map.x
Hi Michael,
On 09/26/2017 09:36 AM, Michael S. Tsirkin wrote:
...
8. libvirt launches the guest with "-S"
9. While creating the SEV guest qemu does the following
i) create encryption context using GO's DH, session-info and guest policy
(LAUNCH_START)
ii) encrypts the guest bios
Add remote support for launch security info.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
src/remote/remote_daemon_dispatch.c | 47 +
src/remote/remote_driver.c | 42 -
src/remote/remote_prot
QEMU uses /dev/sev device while creating the SEV guest, lets add /dev/sev
in the list of devices allowed to be accessed by the QEMU.
Signed-off-by: Brijesh Singh <<brijesh.si...@amd.com>>
---
docs/drvqemu.html.in | 1 +
src/qemu/qemu.conf | 2
ev0,cbitpos=47,reduced-phys-bits=5 ...\
-machine memory-encryption=sev0 \
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
src/qemu/qemu_command.c | 41
src/qemu/qemu_process.c | 62 +
tests/qemuxml
reported with 'make check' and 'make syntax-check'
The complete git tree is available at:
https://github.com/codomania/libvirt/tree/v6
Brijesh Singh (9):
qemu: provide support to query the SEV capability
qemu: introduce SEV feature in hypervisor capabilities
conf: introduce launch-securit
The API can be used outside the libvirt to get the launch security
information. When SEV is enabled, the API can be used to get the
measurement of the launch process.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
include/libvirt/libvirt-domain.h | 17 ++
src/
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
src/conf/domain_capab
a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
docs/formatdomaincaps.html.in | 40
docs/schemas/domaincaps.rng
This patch implements the internal driver API for launch event into
qemu driver. When SEV is enabled, execute 'query-sev-launch-measurement'
to get the measurement of memory encrypted through launch sequence.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
src/qemu/qemu_dr
to unintelligible data.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
docs/formatdomain.html.in | 115 ++
docs/schemas/domaincommon.rng | 39 ++
src/conf/domain_conf.c
Add new 'launch-security' command, the command can be used to get or set
the launch security information when booting encrypted VMs.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
tools/virsh-domain.c | 81
tools/virsh.pod
Hi Erik,
On 06/11/2018 09:10 AM, Erik Skultety wrote:
On Fri, Jun 08, 2018 at 10:14:35AM -0500, Brijesh Singh wrote:
Re: Jano's below comment
(Also, some of the patches have double "<< >>" around your e-mail,
how did that happen?)
I am not sure what I am doing that
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.
Signed-off-by: Brijesh Singh
Reviewed-by: Erik Skultety
---
src/c
The API can be used by application to retrieve the Platform Diffie-Hellman
Key and Platform Certificate chain.
Signed-off-by: Brijesh Singh
Reviewed-by: Erik Skultety
---
include/libvirt/libvirt-host.h | 42
src/driver-hypervisor.h| 6 ++
src
QEMU uses /dev/sev device while creating the SEV guest, lets add /dev/sev
in the list of devices allowed to be accessed by the QEMU.
Signed-off-by: Brijesh Singh <>
Reviewed-by: Erik Skultety
---
docs/drvqemu.html.in | 3 ++-
src/qemu/qemu.conf | 2 +-
sr
This patch implements the internal driver API for launch event into
qemu driver. When SEV is enabled, execute 'query-sev-launch-measurement'
to get the measurement of memory encrypted through launch sequence.
Signed-off-by: Brijesh Singh
Reviewed-by: Erik Skultety
---
src/qemu/qemu_driver.c
a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.
Signed-off-by: Brijesh Singh
Reviewed-by: Erik Skultety
---
docs/formatdomaincaps.html.in | 30 +++
docs/schemas/domaincaps.rng| 14 +
src
to unintelligible data.
Signed-off-by: Brijesh Singh
Reviewed-by: Erik Skultety
---
docs/formatdomain.html.in | 115 ++
docs/schemas/domaincommon.rng | 37 ++
src/conf/domain_conf.c | 133
Add remote support for virNodeGetSEVInfo().
Signed-off-by: Brijesh Singh
Reviewed-by: Erik Skultety
---
src/remote/remote_daemon_dispatch.c | 44 +
src/remote/remote_driver.c | 40 +
src/remote/remote_protocol.x
Signed-off-by: Brijesh Singh <>
---
src/qemu/qemu_capabilities.c | 7
src/qemu/qemu_capabilities.h | 4 +++
src/qemu/qemu_driver.c | 82
3 files changed, 93 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/sr
rted with 'make check' and 'make syntax-check'
The complete git tree is available at:
https://github.com/codomania/libvirt/tree/v9
Brijesh Singh (11):
qemu: provide support to query the SEV capability
conf: expose SEV feature in domain capabilities
libvirt: Introduce virNodeGetSEVInfo publ
The API can be used outside the libvirt to get the launch security
information. When SEV is enabled, the API can be used to get the
measurement of the launch process.
Signed-off-by: Brijesh Singh
Reviewed-by: Erik Skultety
---
include/libvirt/libvirt-domain.h | 17 ++
src/driver
pos=47,reduced-phys-bits=5 ...\
-machine memory-encryption=sev0 \
Signed-off-by: Brijesh Singh
Reviewed-by: Erik Skultety
---
src/qemu/qemu_command.c | 41
src/qemu/qemu_process.c | 62 +
te
Add remote support for launch security info.
Signed-off-by: Brijesh Singh
Reviewed-by: Erik Skultety
---
src/remote/remote_daemon_dispatch.c | 47 +
src/remote/remote_driver.c | 40 +++
src/remote/remote_protocol.x
saw Jano
note but it somehow happens again...I have no explanation on what is
going on. Whoever commits the series, can you please remove one of the
quote from the my email address, Or I can try fixing it and resend the
series. Please let me know. thanks
On 06/08/2018 09:40 AM, Brijesh Sing
On 06/07/2018 11:37 AM, Erik Skultety wrote:
more verbose commit subject:
qemu: Implement the driver backend for virNodeGetSEVInfo
On Wed, Jun 06, 2018 at 12:50:11PM -0500, Brijesh Singh wrote:
Signed-off-by: Brijesh Singh <>
---
src/qemu/qemu_capabilities.c | 7
sr
On 06/07/2018 11:46 AM, Erik Skultety wrote:
Better commit subject would be:
libvirt: Introduce virDomainGetLaunchSecurityInfo public API
On Wed, Jun 06, 2018 at 12:50:15PM -0500, Brijesh Singh wrote:
The API can be used outside the libvirt to get the launch security
information. When SEV
nwfilter/nwfilter_learnipaddr.c:57:0:
nwfilter/nwfilter_learnipaddr.h:38:5: note: previous declaration of
'virNWFilterLearnIPAddress' was here
int virNWFilterLearnIPAddress(virNWFilterTechDriverPtr techdriver,
Signed-off-by: Brijesh Singh
---
src/nwfilter/nwfilter_learnipaddr.c | 2 +-
1 file
instead of Sev
in internal identifier names.
Thanks for the series, In addition to looking at the changes I did a
quick build and run tests. All seems to be working fine. thanks
Reviewed-by: Brijesh Singh
Tested-by: Brijesh Singh
I did not touch virNodeGetSevInfoEnsureACL - not sure
The API can be used by application to query the SEV capability.
Signed-off-by: Brijesh Singh <>
---
include/libvirt/libvirt-host.h | 42 +
src/driver-hypervisor.h | 6 +++
src/libvirt-host.c | 48 +++
src/libvirt_publi
to unintelligible data.
Signed-off-by: Brijesh Singh
---
docs/formatdomain.html.in | 115 ++
docs/schemas/domaincommon.rng | 37 ++
src/conf/domain_conf.c | 133 +
src/conf/domain_conf.h
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.
Signed-off-by: Brijesh Singh
---
src/conf/domain_capabilitie
Add remote support for launch security info.
Signed-off-by: Brijesh Singh
Reviewed-by: Erik Skultety
---
src/remote/remote_daemon_dispatch.c | 47 +
src/remote/remote_driver.c | 40 +++
src/remote/remote_protocol.x
This patch implements the internal driver API for launch event into
qemu driver. When SEV is enabled, execute 'query-sev-launch-measurement'
to get the measurement of memory encrypted through launch sequence.
Signed-off-by: Brijesh Singh
---
src/qemu/qemu_driver.c | 69
security information
* add test cases to validate newly added element
* fix issues reported with 'make check' and 'make syntax-check'
The complete git tree is available at:
https://github.com/codomania/libvirt/tree/v7
Brijesh Singh (9):
qemu: provide support to query the SEV capability
conf: expose SE
pos=47,reduced-phys-bits=5 ...\
-machine memory-encryption=sev0 \
Signed-off-by: Brijesh Singh
Reviewed-by: Erik Skultety
---
src/qemu/qemu_command.c | 41
src/qemu/qemu_process.c | 62 +
te
QEMU uses /dev/sev device while creating the SEV guest, lets add /dev/sev
in the list of devices allowed to be accessed by the QEMU.
Signed-off-by: Brijesh Singh <>
Reviewed-by: Erik Skultety
---
docs/drvqemu.html.in | 1 +
src/qemu/qemu.conf | 2 +-
sr
The API can be used outside the libvirt to get the launch security
information. When SEV is enabled, the API can be used to get the
measurement of the launch process.
Signed-off-by: Brijesh Singh
---
include/libvirt/libvirt-domain.h | 17 ++
src/driver-hypervisor.h | 8
a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.
Signed-off-by: Brijesh Singh
---
docs/formatdomaincaps.html.in | 30 ++
docs/schemas/domaincaps.rng| 14
src/conf/domain_capabilities.c
The API can be used by application to get the SEV capability
(which includes platform certificate chain and other releated information)
Signed-off-by: Brijesh Singh <>
---
include/libvirt/libvirt-host.h | 42 +
src/driver-hypervisor.h | 6 +++
src/libvirt-
On 06/06/2018 03:45 AM, Erik Skultety wrote:
On Tue, Jun 05, 2018 at 12:59:25PM -0500, Brijesh Singh wrote:
The API can be used by application to query the SEV capability.
Signed-off-by: Brijesh Singh <>
---
include/libvirt/libvirt-host.h | 42 +
src/
This patch implements the internal driver API for launch event into
qemu driver. When SEV is enabled, execute 'query-sev-launch-measurement'
to get the measurement of memory encrypted through launch sequence.
Signed-off-by: Brijesh Singh
---
src/qemu/qemu_driver.c | 69
a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.
Signed-off-by: Brijesh Singh
---
docs/formatdomaincaps.html.in | 30 ++
docs/schemas/domaincaps.rng| 14
src/conf/domain_capabilities.c
pos=47,reduced-phys-bits=5 ...\
-machine memory-encryption=sev0 \
Signed-off-by: Brijesh Singh
Reviewed-by: Erik Skultety
---
src/qemu/qemu_command.c | 41
src/qemu/qemu_process.c | 62 +
te
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.
Signed-off-by: Brijesh Singh
---
src/conf/domain_capabilitie
virt/tree/v8
Brijesh Singh (11):
qemu: provide support to query the SEV capability
conf: expose SEV feature in domain capabilities
libvirt: add new public API to get SEV Info
remote: implement the remote protocol for virNodeSEVInfo()
qemu: Add support to get the SEV info
conf: introduce lau
The API can be used by application to retrieve the Platform Diffie-Hellman
Key and Platform Certificate chain.
Signed-off-by: Brijesh Singh <>
---
include/libvirt/libvirt-host.h | 42 +
src/driver-hypervisor.h| 6 ++
src/libvirt-
The API can be used outside the libvirt to get the launch security
information. When SEV is enabled, the API can be used to get the
measurement of the launch process.
Signed-off-by: Brijesh Singh
---
include/libvirt/libvirt-domain.h | 17 ++
src/driver-hypervisor.h | 8
QEMU uses /dev/sev device while creating the SEV guest, lets add /dev/sev
in the list of devices allowed to be accessed by the QEMU.
Signed-off-by: Brijesh Singh <>
Reviewed-by: Erik Skultety
---
docs/drvqemu.html.in | 1 +
src/qemu/qemu.conf | 2 +-
sr
to unintelligible data.
Signed-off-by: Brijesh Singh
---
docs/formatdomain.html.in | 115 ++
docs/schemas/domaincommon.rng | 37 ++
src/conf/domain_conf.c | 133 +
src/conf/domain_conf.h
Add remote support for launch security info.
Signed-off-by: Brijesh Singh
Reviewed-by: Erik Skultety
---
src/remote/remote_daemon_dispatch.c | 47 +
src/remote/remote_driver.c | 40 +++
src/remote/remote_protocol.x
Signed-off-by: Brijesh Singh <>
---
src/qemu/qemu_capabilities.c | 7
src/qemu/qemu_capabilities.h | 4 ++
src/qemu/qemu_driver.c | 91
3 files changed, 102 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/sr
Add remote support for virNodeSEVInfo().
Signed-off-by: Brijesh Singh <>
---
src/remote/remote_daemon_dispatch.c | 44 +
src/remote/remote_driver.c | 40 +
src/remote/remote_protocol.x
On 05/28/2018 02:25 AM, Erik Skultety wrote:
On Wed, May 23, 2018 at 04:18:26PM -0500, Brijesh Singh wrote:
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the
On 05/28/2018 05:57 AM, Erik Skultety wrote:
On Wed, May 23, 2018 at 04:18:28PM -0500, Brijesh Singh wrote:
The launch-security element can be used to define the security
model to use when launching a domain. Currently we support 'sev'.
When 'sev' is used, the VM will be launched with AMD
On 05/28/2018 05:06 AM, Erik Skultety wrote:
On Wed, May 23, 2018 at 04:18:25PM -0500, Brijesh Singh wrote:
This patch series provides support for launching an encrypted guest using
AMD's new Secure Encrypted Virtualization (SEV) feature.
SEV is an extension to the AMD-V architecture which
On 05/28/2018 05:28 AM, Erik Skultety wrote:
On Wed, May 23, 2018 at 04:18:27PM -0500, Brijesh Singh wrote:
Extend hypervisor capabilities to include sev feature. When available,
hypervisor supports launching an encrypted VM on AMD platform. The
sev feature tag provides additional details
On 05/28/2018 09:36 AM, Erik Skultety wrote:
On Wed, May 23, 2018 at 04:18:31PM -0500, Brijesh Singh wrote:
The API can be used outside the libvirt to get the launch security
information. When SEV is enabled, the API can be used to get the
measurement of the launch process.
Signed-off
On 05/29/2018 10:28 AM, Brijesh Singh wrote:
...
On 05/28/2018 05:06 AM, Erik Skultety wrote:
On Wed, May 23, 2018 at 04:18:25PM -0500, Brijesh Singh wrote:
This patch series provides support for launching an encrypted guest
using
AMD's new Secure Encrypted Virtualization (SEV) feature
a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
docs/formatdomaincaps.html.in | 31 +++
docs/schemas/domaincaps.rng| 10 ++
sr
booting the guest.
Signed-off-by: Xiaogang Chen <xiaogang.c...@amd.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
include/libvirt/libvirt-domain.h | 4 +++
src/driver-hypervisor.h | 4 +++
src/libvirt-domain.c | 41 ++
devices. I am looking for some suggestions.
Using these patches we have succesfully booted and tested a guest both with and
without SEV enabled.
SEV Firmware API spec is available at:
https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf
Brijesh Singh (4):
qemu: provide support
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD X86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
QEMU SEV v9 p
sev-guest' object which supports launching encrypted
VMs. A typical command line
# $QEMU ... \
-machine memory-encryption=sev0 \
-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 \
...
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
docs/formatdomain.htm
snippet from BZ
import libvirt
conn = libvirt.open()
conn.getSEVInfo()
And I can confirm that getSEVInfo is able to get the PDH certificates etc.
Tested-by: Brijesh Singh
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On 7/18/18 8:49 AM, Eduardo Habkost wrote:
> CCing the AMD people who worked on this.
>
> On Wed, Jul 18, 2018 at 12:18:45PM +0200, Pavel Hrdina wrote:
>> On Wed, Jul 18, 2018 at 10:50:34AM +0100, Daniel P. Berrangé wrote:
>>> On Wed, Jul 18, 2018 at 12:41:48PM +0300, Hetz Ben Hamo wrote:
On 03/12/2018 08:41 AM, Daniel P. Berrangé wrote:
On Thu, Mar 08, 2018 at 11:12:03AM -0600, Brijesh Singh wrote:
QEMU >= 2.12 provides 'sev-guest' object which is used to launch encrypted
VMs on AMD platform using SEV feature. The various inputs required to
launch SEV guest is provi
On 03/12/2018 08:52 AM, Peter Krempa wrote:
On Mon, Mar 12, 2018 at 13:31:23 +, Daniel Berrange wrote:
On Thu, Mar 08, 2018 at 11:12:00AM -0600, Brijesh Singh wrote:
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encryp
On 03/12/2018 08:31 AM, Daniel P. Berrangé wrote:
On Thu, Mar 08, 2018 at 11:12:00AM -0600, Brijesh Singh wrote:
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to qu
On 03/12/2018 07:01 AM, Daniel P. Berrangé wrote:
On Thu, Mar 08, 2018 at 11:12:04AM -0600, Brijesh Singh wrote:
The API can be used outside the libvirt to get the launch security
information. When SEV is enabled, the API can be used to get the
measurement of the launch process.
Signed-off
On 03/12/2018 08:33 AM, Daniel P. Berrangé wrote:
On Thu, Mar 08, 2018 at 11:12:01AM -0600, Brijesh Singh wrote:
Extend hypervisor capabilities to include sev feature. When available,
hypervisor supports launching an encrypted VM on AMD platform. The
sev feature tag provides additional
On 02/27/2018 02:15 AM, Peter Krempa wrote:
On Mon, Feb 26, 2018 at 11:53:34 -0600, Brijesh Singh wrote:
Extend hypervisor capabilities to include sev feature. When available,
hypervisor supports launching an encrypted VM on AMD platform. The
sev feature tag provides additional details like
On 02/27/2018 05:10 AM, Daniel P. Berrangé wrote:
On Mon, Feb 26, 2018 at 11:53:35AM -0600, Brijesh Singh wrote:
Secure Encrypted Virtualization (sev) element is used to provide the guest
owners input parameters used for creating an encrypted VM using AMD SEV
feature. SEV feature supports
On 02/27/2018 11:15 AM, Daniel P. Berrangé wrote:
On Tue, Feb 27, 2018 at 11:07:25AM -0600, Brijesh Singh wrote:
On 02/27/2018 05:10 AM, Daniel P. Berrangé wrote:
On Mon, Feb 26, 2018 at 11:53:35AM -0600, Brijesh Singh wrote:
Secure Encrypted Virtualization (sev) element is used
On 02/27/2018 02:09 AM, Peter Krempa wrote:
On Mon, Feb 26, 2018 at 11:53:33 -0600, Brijesh Singh wrote:
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD X86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the
On 02/27/2018 05:07 AM, Daniel P. Berrangé wrote:
On Mon, Feb 26, 2018 at 11:53:36AM -0600, Brijesh Singh wrote:
The virDomainGetSevVmMeasurement() can be used to retrieve the measurement
of encrypted VM launched using AMD SEV feature. The measurement is a
signature of the memory contents
On 02/27/2018 02:34 AM, Peter Krempa wrote:
On Mon, Feb 26, 2018 at 11:53:35 -0600, Brijesh Singh wrote:
Secure Encrypted Virtualization (sev) element is used to provide the guest
owners input parameters used for creating an encrypted VM using AMD SEV
feature. SEV feature supports running
Add remote support for launch security info.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
src/remote/remote_daemon_dispatch.c | 63 +
src/remote/remote_driver.c | 52 +-
src/remote/remote_protocol.x
From: Xiaogang Chen
Update qemuxml2xmltest, genericxml2xmltest and qemuxml2argvtest to include
sev specific tag, a typical SEV specific tag looks like
+ foobar
+ c7a5fdbd-edaf-9455-926a-d65c16db1809
+ 219136
+ 219136
+ 1
+
+hvm
+
+
+
+ destroy
+
This patch implement the internal driver API for launch event into
qemu driver. When SEV is enabled, execute 'query-sev-launch-measurement'
to get the measurement of memory encrypted through launch sequence.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
src/qemu/qemu_dr
Add new 'launch-security' command, the command can be used to get or set
the launch security information when booting encrypted VMs.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
tools/virsh-domain.c | 93
1 file chang
ded element
* fix issues reported with 'make check' and 'make syntax-check'
The complete git tree is available at:
https://github.com/codomania/libvirt/tree/v2
Brijesh Singh (8):
qemu: provide support to query the SEV capability
qemu: introduce SEV feature in hypervisor capabilities
c
pos=47,reduced-phys-bits=5 ...\
-machine memory-encryption=sev0 \
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
src/qemu/qemu_command.c | 33 ++
src/qemu/qemu_process.c | 91 +
2 files changed, 124 insertions(+)
d
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
src/conf/domain_capab
a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
docs/formatdomaincaps.html.in | 40
docs/schemas/domaincaps.rng
to unintelligible data.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
docs/formatdomain.html.in | 120 ++
docs/schemas/domaincommon.rng | 39 ++
src/conf/domain_conf.c| 111 ++
sr
The API can be used outside the libvirt to get the launch security
information. When SEV is enabled, the API can be used to get the
measurement of the launch process.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
include/libvirt/libvirt-domain.h | 17 ++
src/
to unintelligible data.
Reviewed-by: "Daniel P. Berrangé" <berra...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
docs/formatdomain.html.in | 120 ++
docs/schemas/domaincommon.rng | 39 ++
QEMU version >= 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.
Reviewed-by: "Daniel P. Berrangé" <berra...@redhat.com>
Signed-of
From: Xiaogang Chen
Update qemuxml2xmltest, genericxml2xmltest and qemuxml2argvtest to include
sev specific tag, a typical SEV specific tag looks like
+ QEMUGuest1
+ c7a5fdbd-edaf-9455-926a-d65c16db1809
+ 219100
+ 219100
+ 1
+
+hvm
+
+
+
+ destroy
+
pos=47,reduced-phys-bits=5 ...\
-machine memory-encryption=sev0 \
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
src/qemu/qemu_command.c | 35 +
src/qemu/qemu_process.c | 58 +
2 files changed, 93 i
a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.
Reviewed-by: "Daniel P. Berrangé" <berra...@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
docs/formatdo
ded element
* fix issues reported with 'make check' and 'make syntax-check'
The complete git tree is available at:
https://github.com/codomania/libvirt/tree/v3
Brijesh Singh (8):
qemu: provide support to query the SEV capability
qemu: introduce SEV feature in hypervisor capabilities
c
1 - 100 of 140 matches
Mail list logo