The command is used to prepare a guest for the transition into SEV-enabled mode.
Command uses the parameters specified in 'sev-launch-info' object, see doc/amd-memory-encryption.txt for parameter details. The command creates a new VM Encryption Key (VEK) and cryptographic context. The key created during launch start process will be used to encrypt the guest memory. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- sev.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/sev.c b/sev.c index 226ad76..ead7c5a 100644 --- a/sev.c +++ b/sev.c @@ -910,17 +910,45 @@ static const TypeInfo qsev_receive_info = { }; static int +sev_ioctl(int cmd, void *data) +{ + int ret; + struct kvm_sev_issue_cmd input; + + input.cmd = cmd; + input.opaque = (__u64)data; + ret = kvm_vm_ioctl(kvm_state, KVM_SEV_ISSUE_CMD, &input); + if (ret) { + fprintf(stderr, "sev_ioctl failed cmd=%#x, ret=%d(%#010x)\n", + cmd, ret, input.ret_code); + return ret; + } + + return 0; +} + +static int sev_launch_start(SEVState *s) { int ret; + if (s->state == SEV_STATE_LAUNCHING) { + return 0; + } + ret = sev_launch_info_get_params(s->launch_id, &s->launch_start, &s->launch_update, &s->launch_finish); if (ret < 0) { return -1; } - // add the command to launch guest in next patches + ret = sev_ioctl(KVM_SEV_LAUNCH_START, s->launch_start); + if (ret < 0) { + return -1; + } + + s->state = SEV_STATE_LAUNCHING; + DPRINTF("SEV: LAUNCH_START\n"); return 0; }