From 969964dd7f15ac507887f58fccbb2623110bd8f6 Mon Sep 17 00:00:00 2001 From: Brijesh Singh Date: Thu, 15 Feb 2018 09:03:20 -0600 Subject: [PATCH] machine: add -memory-encryption property When CPU supports memory encryption feature, the property can be used to specify the encryption object to use when launching an encrypted guest. Cc: Paolo Bonzini Cc: Eduardo Habkost Cc: Marcel Apfelbaum Cc: Stefan Hajnoczi Signed-off-by: Brijesh Singh [BR: FATE#322124] Signed-off-by: Bruce Rogers --- hw/core/machine.c | 22 ++++++++++++++++++++++ include/hw/boards.h | 1 + qemu-options.hx | 2 ++ 3 files changed, 25 insertions(+) diff --git a/hw/core/machine.c b/hw/core/machine.c index 36c2fb069c..132c57bc51 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -335,6 +335,22 @@ static bool machine_get_enforce_config_section(Object *obj, Error **errp) return ms->enforce_config_section; } +static char *machine_get_memory_encryption(Object *obj, Error **errp) +{ + MachineState *ms = MACHINE(obj); + + return g_strdup(ms->memory_encryption); +} + +static void machine_set_memory_encryption(Object *obj, const char *value, + Error **errp) +{ + MachineState *ms = MACHINE(obj); + + g_free(ms->memory_encryption); + ms->memory_encryption = g_strdup(value); +} + static void error_on_sysbus_device(SysBusDevice *sbdev, void *opaque) { error_report("Option '-device %s' cannot be handled by this machine", @@ -598,6 +614,12 @@ static void machine_class_init(ObjectClass *oc, void *data) &error_abort); object_class_property_set_description(oc, "enforce-config-section", "Set on to enforce configuration section migration", &error_abort); + + object_class_property_add_str(oc, "memory-encryption", + machine_get_memory_encryption, machine_set_memory_encryption, + &error_abort); + object_class_property_set_description(oc, "memory-encryption", + "Set memory encyption object to use", &error_abort); } static void machine_class_base_init(ObjectClass *oc, void *data) diff --git a/include/hw/boards.h b/include/hw/boards.h index 156b16f7a6..41fa577955 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -238,6 +238,7 @@ struct MachineState { bool suppress_vmdesc; bool enforce_config_section; bool enable_graphics; + char *memory_encryption; ram_addr_t ram_size; ram_addr_t maxram_size; diff --git a/qemu-options.hx b/qemu-options.hx index 57f2c6a75f..617e5d5c20 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -104,6 +104,8 @@ code to send configuration section even if the machine-type sets the @option{migration.send-configuration} property to @var{off}. NOTE: this parameter is deprecated. Please use @option{-global} @option{migration.send-configuration}=@var{on|off} instead. +@item memory-encryption=@var{} +Memory encryption object to use. The default is none. @end table ETEXI