launch_security: Use SEV-ES policy=0x07 if host supports it

author: Charles Arnold <carnold@suse.com> 2022-08-03 08:47:02 -0400
committer: Cole Robinson <crobinso@redhat.com> 2022-08-03 08:47:35 -0400
commit: 424283ad1db9c4da519fac698486967e6b6557b0 (patch)
tree: b59ced42c1166e06045a6ad0707295b1d71b365e /tests
parent: 2984c13cffd39cd2fd607d66ce6acfe9709b494c (diff)
download: virt-manager-424283ad1db9c4da519fac698486967e6b6557b0.tar.gz
2 files changed, 90 insertions, 0 deletions
diff --git a/tests/data/cli/compare/virt-install-amd-sev.xml b/tests/data/cli/compare/virt-install-amd-sev.xml
new file mode 100644
index 00000000..68b236dd
--- /dev/null
+++ b/tests/data/cli/compare/virt-install-amd-sev.xml
@@ -0,0 +1,89 @@
+<domain type="kvm">
+  <name>linux2020</name>
+  <uuid>00000000-1111-2222-3333-444444444444</uuid>
+  <metadata>
+    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+      <libosinfo:os id="http://libosinfo.org/linux/2020"/>
+    </libosinfo:libosinfo>
+  </metadata>
+  <memory>65536</memory>
+  <currentMemory>65536</currentMemory>
+  <vcpu>2</vcpu>
+  <os>
+    <type arch="x86_64" machine="q35">hvm</type>
+    <loader readonly="yes" type="pflash">/usr/share/OVMF/OVMF_CODE.fd</loader>
+    <boot dev="hd"/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state="off"/>
+  </features>
+  <cpu mode="host-passthrough"/>
+  <clock offset="utc">
+    <timer name="rtc" tickpolicy="catchup"/>
+    <timer name="pit" tickpolicy="delay"/>
+    <timer name="hpet" present="no"/>
+  </clock>
+  <pm>
+    <suspend-to-mem enabled="no"/>
+    <suspend-to-disk enabled="no"/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type="file" device="disk">
+      <driver name="qemu" type="qcow2" discard="unmap"/>
+      <source file="/var/lib/libvirt/images/linux2020.qcow2"/>
+      <target dev="vda" bus="virtio"/>
+    </disk>
+    <controller type="usb" model="qemu-xhci" ports="15"/>
+    <controller type="pci" model="pcie-root"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <interface type="bridge">
+      <source bridge="testsuitebr0"/>
+      <mac address="00:11:22:33:44:55"/>
+      <model type="virtio"/>
+    </interface>
+    <console type="pty"/>
+    <channel type="unix">
+      <source mode="bind"/>
+      <target type="virtio" name="org.qemu.guest_agent.0"/>
+    </channel>
+    <channel type="spicevmc">
+      <target type="virtio" name="com.redhat.spice.0"/>
+    </channel>
+    <input type="tablet" bus="usb"/>
+    <tpm model="tpm-crb">
+      <backend type="emulator"/>
+    </tpm>
+    <graphics type="spice" port="-1" tlsPort="-1" autoport="yes">
+      <image compression="off"/>
+    </graphics>
+    <sound model="ich9"/>
+    <video>
+      <model type="virtio"/>
+    </video>
+    <redirdev bus="usb" type="spicevmc"/>
+    <redirdev bus="usb" type="spicevmc"/>
+    <memballoon model="virtio"/>
+    <rng model="virtio">
+      <backend model="random">/dev/urandom</backend>
+    </rng>
+  </devices>
+  <launchSecurity type="sev">
+    <policy>0x07</policy>
+  </launchSecurity>
+</domain>
diff --git a/tests/test_cli.py b/tests/test_cli.py
index 47b59055..7d7b5a9b 100644
--- a/tests/test_cli.py
+++ b/tests/test_cli.py
@@ -1108,6 +1108,7 @@ c.add_compare("--connect " + utils.URIs.kvm_x86_remote + " --import --disk %(EXI
 c.add_compare("--connect %(URI-KVM-X86)s --os-variant fedora26 --graphics spice --controller usb,model=none", "graphics-usb-disable")
 c.add_compare("--osinfo generic --boot uefi --disk size=1", "boot-uefi")
 c.add_compare("--osinfo generic --boot uefi --disk size=1 --tpm none --connect " + utils.URIs.kvm_x86_oldfirmware, "boot-uefi-oldcaps")
+c.add_compare("--osinfo linux2020 --boot uefi --launchSecurity sev --connect " + utils.URIs.kvm_amd_sev, "amd-sev")
 
 c.add_invalid("--disk none --location nfs:example.com/fake --nonetworks", grep="NFS URL installs are no longer supported")
 c.add_invalid("--disk none --boot network --machine foobar", grep="domain type None with machine 'foobar'")
author	Charles Arnold <carnold@suse.com>	2022-08-03 08:47:02 -0400
committer	Cole Robinson <crobinso@redhat.com>	2022-08-03 08:47:35 -0400
commit	424283ad1db9c4da519fac698486967e6b6557b0 (patch)
tree	b59ced42c1166e06045a6ad0707295b1d71b365e /tests
parent	2984c13cffd39cd2fd607d66ce6acfe9709b494c (diff)
download	virt-manager-424283ad1db9c4da519fac698486967e6b6557b0.tar.gz