openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

tests: sev: Test launch-security with specific QEMU version 

In order to test SEV we need real QEMU capabilities. Ideally, this would
be tested with -latest capabilities, however, our capabilities are
currently tied to Intel HW, even the 2.12.0 containing SEV were edited by
hand, so we can only use that one for now, as splitting the capabilities
according to the vendor is a refactor for another day. The need for real
capabilities comes from the extended SEV platform data (PDH, cbitpos,
etc.) we'll need to cache/parse.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
Erik Skultety 2018-08-15 14:00:23 +02:00
parent 69c20e1090
commit 6c50cef8a3
2 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
tests/qemuxml2argvdata/launch-security-sev.args → tests/qemuxml2argvdata/launch-security-sev.x86_64-2.12.0.args
View File

@ -5,25 +5,30 @@ USER=test \
LOGNAME=test \ LOGNAME=test \
QEMU_AUDIO_DRV=none \ QEMU_AUDIO_DRV=none \
/usr/bin/qemu-system-x86_64 \ /usr/bin/qemu-system-x86_64 \
-name QEMUGuest1 \ -name guest=QEMUGuest1,debug-threads=on \
-S \ -S \
-object secret,id=masterKey0,format=raw,\
file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
-machine pc-1.0,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=sev0 \ -machine pc-1.0,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=sev0 \
-m 214 \ -m 214 \
-realtime mlock=off \
-smp 1,sockets=1,cores=1,threads=1 \ -smp 1,sockets=1,cores=1,threads=1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ -uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
-display none \ -display none \
-no-user-config \ -no-user-config \
-nodefaults \ -nodefaults \
-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\ -chardev socket,id=charmonitor,fd=1729,server,nowait \
server,nowait \
-mon chardev=charmonitor,id=monitor,mode=control \ -mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc \ -rtc base=utc \
-no-shutdown \ -no-shutdown \
-no-acpi \ -no-acpi \
-usb \ -boot strict=on \
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \ -drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,\ -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
bootindex=1 \
-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x1,\ -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x1,\
dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\ dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\
session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
resourcecontrol=deny \
-msg timestamp=on

4
tests/qemuxml2argvtest.c
View File

@ -2972,9 +2972,7 @@ mymain(void)
DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw", "s390x"); DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw", "s390x");
DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw-auto", "s390x"); DO_TEST_CAPS_ARCH_LATEST("vhost-vsock-ccw-auto", "s390x");
DO_TEST("launch-security-sev", DO_TEST_CAPS_VER("launch-security-sev", "2.12.0");
QEMU_CAPS_KVM,
QEMU_CAPS_SEV_GUEST);
if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL) if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL)
virFileDeleteTree(fakerootdir); virFileDeleteTree(fakerootdir);