If the management layer tries to inject a secret, it gets an empty
response in case the binary built without SEV:
{ "execute": "sev-inject-launch-secret",
"arguments": { "packet-header": "mypkt", "secret": "mypass", "gpa":
4294959104 }
}
{
"return": {
}
}
Make it clearer by returning an error, mentioning the feature is
disabled:
{ "execute": "sev-inject-launch-secret",
"arguments": { "packet-header": "mypkt", "secret": "mypass", "gpa":
4294959104 }
}
{
"error": {
"class": "GenericError",
"desc": "this feature or command is not currently supported"
}
}
Reviewed-by: Dr. David Alan Gilbert <dgilb...@redhat.com>
Reviewed-by: Connor Kuehl <cku...@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com>
---
target/i386/monitor.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/target/i386/monitor.c b/target/i386/monitor.c
index 119211f0b06..c83cca80dc2 100644
--- a/target/i386/monitor.c
+++ b/target/i386/monitor.c
@@ -28,6 +28,7 @@
#include "monitor/hmp-target.h"
#include "monitor/hmp.h"
#include "qapi/qmp/qdict.h"
+#include "qapi/qmp/qerror.h"
#include "sysemu/kvm.h"
#include "sysemu/sev.h"
#include "qapi/error.h"
@@ -742,6 +743,10 @@ void qmp_sev_inject_launch_secret(const char *packet_hdr,
bool has_gpa, uint64_t gpa,
Error **errp)
{
+ if (!sev_enabled()) {
+ error_setg(errp, QERR_UNSUPPORTED);
+ return;
+ }
if (!has_gpa) {
uint8_t *data;
struct sev_secret_area *area;
--
2.31.1
