mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-25 01:34:11 +03:00
6c50cef8a3
In order to test SEV we need real QEMU capabilities. Ideally, this would be tested with -latest capabilities, however, our capabilities are currently tied to Intel HW, even the 2.12.0 containing SEV were edited by hand, so we can only use that one for now, as splitting the capabilities according to the vendor is a refactor for another day. The need for real capabilities comes from the extended SEV platform data (PDH, cbitpos, etc.) we'll need to cache/parse. Signed-off-by: Erik Skultety <eskultet@redhat.com> Acked-by: Peter Krempa <pkrempa@redhat.com>
35 lines
1.1 KiB
Plaintext
35 lines
1.1 KiB
Plaintext
LC_ALL=C \
|
|
PATH=/bin \
|
|
HOME=/home/test \
|
|
USER=test \
|
|
LOGNAME=test \
|
|
QEMU_AUDIO_DRV=none \
|
|
/usr/bin/qemu-system-x86_64 \
|
|
-name guest=QEMUGuest1,debug-threads=on \
|
|
-S \
|
|
-object secret,id=masterKey0,format=raw,\
|
|
file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
|
|
-machine pc-1.0,accel=kvm,usb=off,dump-guest-core=off,memory-encryption=sev0 \
|
|
-m 214 \
|
|
-realtime mlock=off \
|
|
-smp 1,sockets=1,cores=1,threads=1 \
|
|
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
|
|
-display none \
|
|
-no-user-config \
|
|
-nodefaults \
|
|
-chardev socket,id=charmonitor,fd=1729,server,nowait \
|
|
-mon chardev=charmonitor,id=monitor,mode=control \
|
|
-rtc base=utc \
|
|
-no-shutdown \
|
|
-no-acpi \
|
|
-boot strict=on \
|
|
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
|
|
-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
|
|
-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
|
|
-object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x1,\
|
|
dh-cert-file=/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\
|
|
session-file=/tmp/lib/domain--1-QEMUGuest1/session.base64 \
|
|
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
|
|
resourcecontrol=deny \
|
|
-msg timestamp=on
|