This test cases demonstrates that firmware selection runs for domains manually configured to use the AMD SEV build of edk2, and that the missing information (firmware features, as well as the fact that firmware type is EFI) are correctly filled in.
Signed-off-by: Andrea Bolognani <[email protected]> --- ...nual-efi-sev-snp.x86_64-latest+amdsev.args | 36 ++++++++++++++++ ...anual-efi-sev-snp.x86_64-latest+amdsev.xml | 42 +++++++++++++++++++ .../firmware-manual-efi-sev-snp.xml | 21 ++++++++++ tests/qemuxmlconftest.c | 4 ++ 4 files changed, 103 insertions(+) create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.args create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.xml create mode 100644 tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.xml diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.args b/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.args new file mode 100644 index 0000000000..99350f600c --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.args @@ -0,0 +1,36 @@ +LC_ALL=C \ +PATH=/bin \ +HOME=/var/lib/libvirt/qemu/domain--1-guest \ +USER=test \ +LOGNAME=test \ +XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \ +XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \ +XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ +/usr/bin/qemu-system-x86_64 \ +-name guest=guest,debug-threads=on \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \ +-blockdev '{"driver":"file","filename":"/usr/share/edk2/ovmf/OVMF.amdsev.fd","node-name":"libvirt-pflash0-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-pflash0-format","read-only":true,"driver":"raw","file":"libvirt-pflash0-storage"}' \ +-machine pc-q35-10.0,usb=off,dump-guest-core=off,memory-backend=pc.ram,confidential-guest-support=lsec0,pflash0=libvirt-pflash0-format,acpi=on \ +-accel kvm \ +-cpu qemu64 \ +-m size=1048576k \ +-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \ +-overcommit mem-lock=off \ +-smp 1,sockets=1,cores=1,threads=1 \ +-uuid 63840878-0deb-4095-97e6-fc444d9bc9fa \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \ +-mon chardev=charmonitor,id=monitor,mode=control \ +-rtc base=utc \ +-no-shutdown \ +-boot strict=on \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-global ICH9-LPC.noreboot=off \ +-watchdog-action reset \ +-object '{"qom-type":"sev-snp-guest","id":"lsec0","cbitpos":51,"reduced-phys-bits":1,"policy":196608}' \ +-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ +-msg timestamp=on diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.xml b/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.xml new file mode 100644 index 0000000000..6ea58f3361 --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.x86_64-latest+amdsev.xml @@ -0,0 +1,42 @@ +<domain type='kvm'> + <name>guest</name> + <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid> + <memory unit='KiB'>1048576</memory> + <currentMemory unit='KiB'>1048576</currentMemory> + <vcpu placement='static'>1</vcpu> + <os firmware='efi'> + <type arch='x86_64' machine='pc-q35-10.0'>hvm</type> + <firmware> + <feature enabled='no' name='enrolled-keys'/> + <feature enabled='no' name='secure-boot'/> + </firmware> + <loader readonly='yes' type='pflash' stateless='yes' format='raw'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> + <boot dev='hd'/> + </os> + <features> + <acpi/> + </features> + <cpu mode='custom' match='exact' check='none'> + <model fallback='forbid'>qemu64</model> + </cpu> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='usb' index='0' model='none'/> + <controller type='sata' index='0'> + <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/> + </controller> + <controller type='pci' index='0' model='pcie-root'/> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <audio id='1' type='none'/> + <watchdog model='itco' action='reset'/> + <memballoon model='none'/> + </devices> + <launchSecurity type='sev-snp'> + <policy>0x00030000</policy> + </launchSecurity> +</domain> diff --git a/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.xml b/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.xml new file mode 100644 index 0000000000..b52900406c --- /dev/null +++ b/tests/qemuxmlconfdata/firmware-manual-efi-sev-snp.xml @@ -0,0 +1,21 @@ +<domain type='kvm'> + <name>guest</name> + <uuid>63840878-0deb-4095-97e6-fc444d9bc9fa</uuid> + <memory unit='KiB'>1048576</memory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='x86_64' machine='pc-q35-10.0'>hvm</type> + <loader readonly='yes' type='pflash'>/usr/share/edk2/ovmf/OVMF.amdsev.fd</loader> + </os> + <features> + <acpi/> + </features> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <controller type='usb' index='0' model='none'/> + <memballoon model='none'/> + </devices> + <launchSecurity type='sev-snp'> + <policy>0x00030000</policy> + </launchSecurity> +</domain> diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c index a87863410f..61fd4b5c3e 100644 --- a/tests/qemuxmlconftest.c +++ b/tests/qemuxmlconftest.c @@ -1553,6 +1553,10 @@ mymain(void) DO_TEST_CAPS_LATEST("firmware-manual-efi-nvram-file"); DO_TEST_CAPS_LATEST_PARSE_ERROR("firmware-manual-efi-nvram-stateless"); + DO_TEST_CAPS_ARCH_LATEST_FULL("firmware-manual-efi-sev-snp", "x86_64", + ARG_CAPS_VARIANT, "+amdsev", + ARG_END); + /* Make sure all combinations of ACPI and UEFI behave as expected */ DO_TEST_CAPS_ARCH_LATEST("firmware-manual-efi-acpi-aarch64", "aarch64"); DO_TEST_CAPS_LATEST("firmware-manual-efi-acpi-q35"); -- 2.52.0
