On Wed, Sep 14, 2016 at 12:41:59AM +0200, Paolo Bonzini wrote: > > > On 13/09/2016 16:47, Brijesh Singh wrote: > > The patch adds '-sev' option to enable the Secure Encrypted > > Virtualization (SEV) guest. If this option is specified, Qemu > > assumes that user wants to launch this guest into SEV mode. > > > > Here are example on how to launch a guest into SEV mode. > > > > 1) late launch: in this mode the images received from guest > > owner are unencrypted and must be encrypted using SEV LAUNCH command > > before starting the guest. > > > > $ qemu -sev type=unencrypted config=guest_01.conf > > > > 2) pre-encrypted: in this mode the images received from guest > > owners are encrypted using transport keys. It must be re-encrypted > > using SEV RECEIVE commands before starting the guest. > > > > $ qemu -sev type=encrypted config=guest_02.conf > > > > The config file will contains various parameters (e.g key , policy) > > required during guest launch process. > > Any reason not to pass the sev options themselves through -sev? You can > then use "-readconfig sev-guest.cfg" where sev-guest.cfg contains > > [sev] > type="encrypted" > flags = "00000000" > policy = "000000" > dh_pub_qx = "0123456789abcdef0123456789abcdef" > dh_pub_qy = "0123456789abcdef0123456789abcdef" > nonce = "0123456789abcdef" > vcpu_count = "1" > vcpu_length = "30" > vcpu_mask = "00ab"
Agreed, it is really preferrable to define all the options via one command line arg (using -object) and not re-invent external config files when QEMU already has generic config file support Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
