|
 |
51d9a2 |
From f10c3ad87c56db9f22cb8c1155d9355b48eebaf9 Mon Sep 17 00:00:00 2001
|
|
|
51d9a2 |
Message-Id: <f10c3ad87c56db9f22cb8c1155d9355b48eebaf9@dist-git>
|
|
|
51d9a2 |
From: Erik Skultety <eskultet@redhat.com>
|
|
|
51d9a2 |
Date: Mon, 20 Aug 2018 17:18:51 +0200
|
|
|
51d9a2 |
Subject: [PATCH] tests: sev: Test launch-security with specific QEMU version
|
|
|
51d9a2 |
MIME-Version: 1.0
|
|
|
51d9a2 |
Content-Type: text/plain; charset=UTF-8
|
|
|
51d9a2 |
Content-Transfer-Encoding: 8bit
|
|
|
51d9a2 |
|
|
|
51d9a2 |
In order to test SEV we need real QEMU capabilities. Ideally, this would
|
|
|
51d9a2 |
be tested with -latest capabilities, however, our capabilities are
|
|
|
51d9a2 |
currently tied to Intel HW, even the 2.12.0 containing SEV were edited by
|
|
|
51d9a2 |
hand, so we can only use that one for now, as splitting the capabilities
|
|
|
51d9a2 |
according to the vendor is a refactor for another day. The need for real
|
|
|
51d9a2 |
capabilities comes from the extended SEV platform data (PDH, cbitpos,
|
|
|
51d9a2 |
etc.) we'll need to cache/parse.
|
|
|
51d9a2 |
|
|
|
51d9a2 |
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
|
|
51d9a2 |
Acked-by: Peter Krempa <pkrempa@redhat.com>
|
|
|
51d9a2 |
(cherry picked from commit 6c50cef8a3e4e3407fb42a713a353e42ae3f2bc6)
|
|
|
51d9a2 |
|
|
|
51d9a2 |
https://bugzilla.redhat.com/show_bug.cgi?id=1612009
|
|
|
51d9a2 |
https://bugzilla.redhat.com/show_bug.cgi?id=1619150
|
|
|
51d9a2 |
|
|
|
51d9a2 |
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
|
|
51d9a2 |
|
|
|
51d9a2 |
Conflicts:
|
|
|
51d9a2 |
tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
|
|
|
51d9a2 |
- this wasn't a 100% clean file rename and git doesn't like
|
|
|
51d9a2 |
that
|
|
|
51d9a2 |
|
|
|
51d9a2 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
51d9a2 |
---
|
|
|
51d9a2 |
...=> launch-security-sev.x86_64-2.12.0.args} | 19 ++++++++++++-------
|
|
|
51d9a2 |
tests/qemuxml2argvtest.c | 4 +---
|
|
|
51d9a2 |
2 files changed, 13 insertions(+), 10 deletions(-)
|
|
|
51d9a2 |
rename tests/qemuxml2argvdata/{launch-security-sev.args => launch-security-sev.x86_64-2.12.0.args} (54%)
|
|
|
51d9a2 |
|
|
|
51d9a2 |
diff --git a/tests/qemuxml2argvdata/launch-security-sev.args b/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
|
|
|
51d9a2 |
similarity index 54%
|
|
|
51d9a2 |
rename from tests/qemuxml2argvdata/launch-security-sev.args
|
|
|
51d9a2 |
rename to tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
|
|
|
51d9a2 |
index db0be1a27d..6da068e1a5 100644
|
|
|
51d9a2 |
--- a/tests/qemuxml2argvdata/launch-security-sev.args
|
|
|
51d9a2 |
+++ b/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
|
|
|
51d9a2 |
@@ -5,25 +5,30 @@ USER=test \
|
|
|
51d9a2 |
LOGNAME=test \
|
|
|
51d9a2 |
QEMU_AUDIO_DRV=none \
|
|
|
51d9a2 |
/usr/bin/qemu-system-x86_64 \
|
|
|
51d9a2 |
--name QEMUGuest1 \
|
|
|
51d9a2 |
+-name guest=QEMUGuest1,debug-threads=on \
|
|
|
51d9a2 |
-S \
|
|
|
51d9a2 |
+-object secret,id=masterKey0,format=raw,\
|
|
|
51d9a2 |
+file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
|
|
|
51d9a2 |
-machine pc-1.0,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=sev0 \
|
|
|
51d9a2 |
-m 214 \
|
|
|
51d9a2 |
+-realtime mlock=off \
|
|
|
51d9a2 |
-smp 1,sockets=1,cores=1,threads=1 \
|
|
|
51d9a2 |
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
|
|
|
51d9a2 |
-display none \
|
|
|
51d9a2 |
-no-user-config \
|
|
|
51d9a2 |
-nodefaults \
|
|
|
51d9a2 |
--chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\
|
|
|
51d9a2 |
-server,nowait \
|
|
|
51d9a2 |
+-chardev socket,id=charmonitor,fd=1729,server,nowait \
|
|
|
51d9a2 |
-mon chardev=charmonitor,id=monitor,mode=control \
|
|
|
51d9a2 |
-rtc base=utc \
|
|
|
51d9a2 |
-no-shutdown \
|
|
|
51d9a2 |
-no-acpi \
|
|
|
51d9a2 |
--boot c \
|
|
|
51d9a2 |
--usb \
|
|
|
51d9a2 |
+-boot strict=on \
|
|
|
51d9a2 |
+-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
|
|
|
51d9a2 |
-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
|
|
|
51d9a2 |
--device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
|
|
|
51d9a2 |
+-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
|
|
|
51d9a2 |
-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x1,\
|
|
|
51d9a2 |
dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\
|
|
|
51d9a2 |
-session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64
|
|
|
51d9a2 |
+session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \
|
|
|
51d9a2 |
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
|
|
|
51d9a2 |
+resourcecontrol=deny \
|
|
|
51d9a2 |
+-msg timestamp=on
|
|
|
51d9a2 |
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
|
|
|
51d9a2 |
index e6c0120670..02bb9889ee 100644
|
|
|
51d9a2 |
--- a/tests/qemuxml2argvtest.c
|
|
|
51d9a2 |
+++ b/tests/qemuxml2argvtest.c
|
|
|
51d9a2 |
@@ -2950,9 +2950,7 @@ mymain(void)
|
|
|
51d9a2 |
DO_TEST_CAPS_LATEST("vhost-vsock");
|
|
|
51d9a2 |
DO_TEST_CAPS_LATEST("vhost-vsock-auto");
|
|
|
51d9a2 |
|
|
|
51d9a2 |
- DO_TEST("launch-security-sev",
|
|
|
51d9a2 |
- QEMU_CAPS_KVM,
|
|
|
51d9a2 |
- QEMU_CAPS_SEV_GUEST);
|
|
|
51d9a2 |
+ DO_TEST_CAPS_VER("launch-security-sev", "2.12.0");
|
|
|
51d9a2 |
|
|
|
51d9a2 |
if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL)
|
|
|
51d9a2 |
virFileDeleteTree(fakerootdir);
|
|
|
51d9a2 |
--
|
|
|
51d9a2 |
2.18.0
|
|
|
51d9a2 |
|