Commit db588194 authored by Brijesh Singh's avatar Brijesh Singh Committed by Paolo Bonzini
Browse files

machine: add memory-encryption option 



When CPU supports memory encryption feature, the property can be used to
specify the encryption object to use when launching an encrypted guest.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
Cc: Stefan Hajnoczi <stefanha@gmail.com>
Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent e13713db

hw/core/machine.c

+22 −0
Original line number Diff line number Diff line
@@ -334,6 +334,22 @@ static bool machine_get_enforce_config_section(Object *obj, Error **errp) 
    return ms->enforce_config_section;

}



static char *machine_get_memory_encryption(Object *obj, Error **errp)

{

    MachineState *ms = MACHINE(obj);



    return g_strdup(ms->memory_encryption);

}



static void machine_set_memory_encryption(Object *obj, const char *value,

                                        Error **errp)

{

    MachineState *ms = MACHINE(obj);



    g_free(ms->memory_encryption);

    ms->memory_encryption = g_strdup(value);

}



void machine_class_allow_dynamic_sysbus_dev(MachineClass *mc, const char *type)

{

    strList *item = g_new0(strList, 1);
@@ -612,6 +628,12 @@ static void machine_class_init(ObjectClass *oc, void *data) 
        &error_abort);

    object_class_property_set_description(oc, "enforce-config-section",

        "Set on to enforce configuration section migration", &error_abort);



    object_class_property_add_str(oc, "memory-encryption",

        machine_get_memory_encryption, machine_set_memory_encryption,

        &error_abort);

    object_class_property_set_description(oc, "memory-encryption",

        "Set memory encyption object to use", &error_abort);

}



static void machine_class_base_init(ObjectClass *oc, void *data)

include/hw/boards.h

+1 −0
Original line number Diff line number Diff line
@@ -243,6 +243,7 @@ struct MachineState { 
    bool suppress_vmdesc;

    bool enforce_config_section;

    bool enable_graphics;

    char *memory_encryption;



    ram_addr_t ram_size;

    ram_addr_t maxram_size;

qemu-options.hx

+4 −1
Original line number Diff line number Diff line
@@ -43,7 +43,8 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \ 
    "                suppress-vmdesc=on|off disables self-describing migration (default=off)\n"

    "                nvdimm=on|off controls NVDIMM support (default=off)\n"

    "                enforce-config-section=on|off enforce configuration section migration (default=off)\n"

    "                s390-squash-mcss=on|off (deprecated) controls support for squashing into default css (default=off)\n",

    "                s390-squash-mcss=on|off (deprecated) controls support for squashing into default css (default=off)\n"

    "                memory-encryption=@var{} memory encryption object to use (default=none)\n",

    QEMU_ARCH_ALL)

STEXI

@item -machine [type=]@var{name}[,prop=@var{value}[,...]]
@@ -110,6 +111,8 @@ code to send configuration section even if the machine-type sets the 
@option{migration.send-configuration} property to @var{off}.

NOTE: this parameter is deprecated. Please use @option{-global}

@option{migration.send-configuration}=@var{on|off} instead.

@item memory-encryption=@var{}

Memory encryption object to use. The default is none.

@end table

ETEXI