In order to test SEV we need real QEMU capabilities. Ideally, this would
be tested with -latest capabilities, however, our capabilities are
currently tied to Intel HW, even the 2.12.0 containing SEV were edited by
hand, so we can only use that one for now, as splitting the capabilities
according to the vendor is a refactor for another day. The need for real
capabilities comes from the extended SEV platform data (PDH, cbitpos,
etc.) we'll need to cache/parse.
Signed-off-by: Erik Skultety <eskul...@redhat.com>
Acked-by: Peter Krempa <pkre...@redhat.com>
---
...ev.args => launch-security-sev.x86_64-2.12.0.args} | 19 ++++++++++++-------
tests/qemuxml2argvtest.c | 4 +---
2 files changed, 13 insertions(+), 10 deletions(-)
rename tests/qemuxml2argvdata/{launch-security-sev.args =>
launch-security-sev.x86_64-2.12.0.args} (54%)
diff --git a/tests/qemuxml2argvdata/launch-security-sev.args
b/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
similarity index 54%
rename from tests/qemuxml2argvdata/launch-security-sev.args
rename to tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
index 219a242e51..6da068e1a5 100644
--- a/tests/qemuxml2argvdata/launch-security-sev.args
+++ b/tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
@@ -5,25 +5,30 @@ USER=test \
LOGNAME=test \
QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-x86_64 \
--name QEMUGuest1 \
+-name guest=QEMUGuest1,debug-threads=on \
-S \
+-object secret,id=masterKey0,format=raw,\
+file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
-machine pc-1.0,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=sev0 \
-m 214 \
+-realtime mlock=off \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
-display none \
-no-user-config \
-nodefaults \
--chardev
socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\
-server,nowait \
+-chardev socket,id=charmonitor,fd=1729,server,nowait \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \
-no-shutdown \
-no-acpi \
--usb \
+-boot strict=on \
+-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
--device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,\
-bootindex=1 \
+-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x1,\
dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\
-session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64
+session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
+resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 5de92e67e7..0e9eef66ee 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -2972,9 +2972,7 @@ mymain(void)
DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw", "s390x");
DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw-auto", "s390x");
- DO_TEST("launch-security-sev",
- QEMU_CAPS_KVM,
- QEMU_CAPS_SEV_GUEST);
+ DO_TEST_CAPS_VER("launch-security-sev", "2.12.0");
if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL)
virFileDeleteTree(fakerootdir);
--
2.14.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
