aboutsummaryrefslogtreecommitdiff
path: root/qemu-options.hx
diff options
context:
space:
mode:
authorDov Murik <dovmurik@linux.ibm.com>2021-11-11 10:00:43 +0000
committerDaniel P. Berrangé <berrange@redhat.com>2021-11-18 11:07:44 +0000
commit55cdf566412695b4fc052065c7970632129cd65b (patch)
tree7926c057d9a326389875c392a2cdadc507188cd1 /qemu-options.hx
parent0055ecca84cb948c935224b4f7ca1ceb26209790 (diff)
downloadqemu-55cdf566412695b4fc052065c7970632129cd65b.zip
qemu-55cdf566412695b4fc052065c7970632129cd65b.tar.gz
qemu-55cdf566412695b4fc052065c7970632129cd65b.tar.bz2
qapi/qom,target/i386: sev-guest: Introduce kernel-hashes=on|off option
Introduce new boolean 'kernel-hashes' option on the sev-guest object. It will be used to to decide whether to add the hashes of kernel/initrd/cmdline to SEV guest memory when booting with -kernel. The default value is 'off'. Signed-off-by: Dov Murik <dovmurik@linux.ibm.com> Acked-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'qemu-options.hx')
-rw-r--r--qemu-options.hx6
1 files changed, 5 insertions, 1 deletions
diff --git a/qemu-options.hx b/qemu-options.hx
index 7749f59..ae2c6db 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -5189,7 +5189,7 @@ SRST
-object secret,id=sec0,keyid=secmaster0,format=base64,\\
data=$SECRET,iv=$(<iv.b64)
- ``-object sev-guest,id=id,cbitpos=cbitpos,reduced-phys-bits=val,[sev-device=string,policy=policy,handle=handle,dh-cert-file=file,session-file=file]``
+ ``-object sev-guest,id=id,cbitpos=cbitpos,reduced-phys-bits=val,[sev-device=string,policy=policy,handle=handle,dh-cert-file=file,session-file=file,kernel-hashes=on|off]``
Create a Secure Encrypted Virtualization (SEV) guest object,
which can be used to provide the guest memory encryption support
on AMD processors.
@@ -5229,6 +5229,10 @@ SRST
session with the guest owner to negotiate keys used for
attestation. The file must be encoded in base64.
+ The ``kernel-hashes`` adds the hashes of given kernel/initrd/
+ cmdline to a designated guest firmware page for measured Linux
+ boot with -kernel. The default is off. (Since 6.2)
+
e.g to launch a SEV guest
.. parsed-literal::