These include platform checks - libvirt & QEMU - as well as
configuration - SEV is only supported with UEFI.
Another configuration requirement made in this patch is Q35 machine,
since ADM recommends Q35 in their setups even though SEV can work with
the legacy PC machine type, but we'd have to turn on
virtio-non-transitional for all virtio devices with some other potential
pitfalls along the way.
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
The data in question are 'cbitpos' denoting which addressing bit is the
encryption bit and 'reduced_phys_bits' denoting how many physical
address space we lose by turning on the encryption. Both of these are
hypervisor dependent and thus will be the same for all the guest
residing on the same host, but need to be specified for future migration
purposes.
But given we can probe them from domain capabilities, we don't need the
user to provide them and thus enhancing cli user experience. This
requires a new _SEV domaincapabilities XML class to be created so that
we can query the specific properties.
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Policy is a 4-byte bitfield used to turn on/off certain behaviour within
the SEV firmware. For a detailed table of supported flags, see
https://libvirt.org/formatdomain.html#launchSecurity.
Most of the flags are related to advanced features (some of them don't
even exist at the moment), except for the first 2 bits which determine
whether debug mode should be turned on and whether the same key should
be used to encrypt memory of multiple guests respectively.
>From security POV, most users will probably want separate keys for
individual guests, thus the value 0x03 was selected as the policy
default.
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Introduce both the launchSecurity XML and parser classes. While at it,
add launchSecurity as a property instance to the Guest class too.
The parser requires the 'type' argument to be mandatory since in the
future it will determine different code paths, therefore
'--launchSecurity foo=bar' is incorrect.
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Rather than editing existing Intel domain capabilities by hand, use
capabilities from a real AMD HW. We're later going to use these to fill
in SEV platform specific data automatically.
Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
The way the code was nested, we skipped calling validate() on
XMLChildProperty is_single objects. There's no reason to do that,
so adjust it.
We need to do some hasattr checking here, because --os-variant and
--location objects aren't XMLBuilders with validate defined. That's
really an issue of having XMLBuilder assumptions baked into the
generic CLI parsing infrastructure. Unwinding that is for another day
On Fedora mkisofs and genisoimage are identical and shipped in the
same package. On debian only genisoimage is shipped due to some
historical weirdness or licensing dispute or something. So just
prefer the genisoimage naming
We are implicitly depending on random dict ordering for what
order we process Distro matching. Our test suite mocking and
different debian ordering revealed a case we could be trying to
run a regex against None. Fix it. The dict ordering issue will
be fixed separately
And pass it down to treemedia, which acts on our script wrapper
object. This is conceptually a bit simpler because we can see in
one place what data feeds the script build process, depending on
installer props
* Make all API calls go through the _OsMedia object
* Move most of the unattended specific processing to unattended.py
* Rename requires_internet to is_netinst to clarify what it is checking
The reason this was done, is because we need to inject files with
certain names into the initrd/cdrom media so the guest OS can find
them, but our injection infrastructure didn't have the knowledge
necessary to rename files at injection time.
Having to deal with the subdir complicates cleanup and unattended
data generation, so let's do away with it. Teach the injection
bits about renaming, and adjust all the related bits to use
standard tempdirs
- Break out the installer* unattended prep to its own function
- Move logging into common unattended call
- Use libosinfo APIs to generate script str, then we write it
- Move commandline lookup to installertreemedia
- Rename path->scriptpath for clarity
Cole Robinson