shaba/virt-manager
1
0
Fork 0
mirror of https://github.com/virt-manager/virt-manager.git synced 2025-01-25 06:03:55 +03:00
Code Issues Projects Releases Wiki Activity
virt-manager/virtinst/domain/launch_security.py
Erik Skultety 480a6834c2 virtinst: cli: Provide a default value for the 'policy' argument 
Policy is a 4-byte bitfield used to turn on/off certain behaviour within
the SEV firmware. For a detailed table of supported flags, see
https://libvirt.org/formatdomain.html#launchSecurity.
Most of the flags are related to advanced features (some of them don't
even exist at the moment), except for the first 2 bits which determine
whether debug mode should be turned on and whether the same key should
be used to encrypt memory of multiple guests respectively.

>From security POV, most users will probably want separate keys for
individual guests, thus the value 0x03 was selected as the policy
default.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Erik Skultety <eskultet@redhat.com>
2019-06-11 13:00:34 -04:00

39 lines
1.3 KiB
Python
Raw Blame History

from ..xmlbuilder import XMLBuilder, XMLProperty
class DomainLaunchSecurity(XMLBuilder):
"""
Class for generating <launchSecurity> XML element
"""
XML_NAME = "launchSecurity"
_XML_PROP_ORDER = ["type", "cbitpos", "reducedPhysBits", "policy",
"session", "dhCert"]
type = XMLProperty("./@type")
cbitpos = XMLProperty("./cbitpos", is_int=True)
reducedPhysBits = XMLProperty("./reducedPhysBits", is_int=True)
policy = XMLProperty("./policy")
session = XMLProperty("./session")
dhCert = XMLProperty("./dhCert")
def is_sev(self):
return self.type == "sev"
def validate(self):
if not self.type:
raise RuntimeError(_("Missing mandatory attribute 'type'"))
def _set_defaults_sev(self):
# 'policy' is a mandatory 4-byte argument for the SEV firmware,
# if missing, let's use 0x03 which, according to the table at
# https://libvirt.org/formatdomain.html#launchSecurity:
# (bit 0) - disables the debugging mode
# (bit 1) - disables encryption key sharing across multiple guests
if self.policy is None:
self.policy = "0x03"
def set_defaults(self, guest):
if self.is_sev():
return self._set_defaults_sev()
Reference in New Issue View Git Blame Copy Permalink