diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 427e7d1bb54109687c0e4a709586d1c5ce991835..fa108b1813b95edb3523496450ffb096551f5059 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3560,6 +3560,9 @@ virDomainSecDefFree(virDomainSecDef *def)
case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
g_free(def->data.sev.dh_cert);
g_free(def->data.sev.session);
+ g_free(def->data.sev.user_id);
+ g_free(def->data.sev.secret_header);
+ g_free(def->data.sev.secret);
break;
case VIR_DOMAIN_LAUNCH_SECURITY_PV:
case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
@@ -14850,6 +14853,9 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
def->policy = policy;
def->dh_cert = virXPathString("string(./dhCert)", ctxt);
def->session = virXPathString("string(./session)", ctxt);
+ def->user_id = virXPathString("string(./userid)", ctxt);
+ def->secret_header = virXPathString("string(./secretHeader)", ctxt);
+ def->secret = virXPathString("string(./secret)", ctxt);
return 0;
}
@@ -27179,6 +27185,13 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
if (sev->session)
virBufferEscapeString(&childBuf, "%s\n", sev->session);
+ if (sev->user_id)
+ virBufferEscapeString(&childBuf, "%s\n", sev->user_id);
+ if (sev->secret_header)
+ virBufferEscapeString(&childBuf, "%s\n", sev->secret_header);
+ if (sev->secret)
+ virBufferEscapeString(&childBuf, "%s\n", sev->secret);
+
break;
}
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 930af36868e80fa724131eef8488dfab0e6ffe70..2bc4358a79495e43a2d60e17b4e4fafed25e2aa5 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2717,6 +2717,9 @@ struct _virDomainSEVDef {
bool haveReducedPhysBits;
unsigned int reduced_phys_bits;
virTristateBool kernel_hashes;
+ char *user_id;
+ char *secret_header;
+ char *secret;
};
struct _virDomainSecDef {
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 978ce899dfefeb9b600c258d664afa6d840278c9..2b6b5fb5f39f314537e8221d285fd298080524a0 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9926,23 +9926,37 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
qemuDomainObjPrivate *priv = vm->privateData;
g_autofree char *dhpath = NULL;
g_autofree char *sessionpath = NULL;
+ g_autofree char *secretheaderpath = NULL;
+ g_autofree char *secretpath = NULL;
VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d",
sev->policy, sev->cbitpos, sev->reduced_phys_bits);
+ if (sev->user_id)
+ VIR_DEBUG("user_id=%s", sev->user_id);
+
if (sev->dh_cert)
dhpath = g_strdup_printf("%s/dh_cert.base64", priv->libDir);
if (sev->session)
sessionpath = g_strdup_printf("%s/session.base64", priv->libDir);
+ if (sev->secret_header)
+ secretheaderpath = g_strdup_printf("%s/secret_header.base64", priv->libDir);
+
+ if (sev->secret)
+ secretpath = g_strdup_printf("%s/secret.base64", priv->libDir);
+
if (qemuMonitorCreateObjectProps(&props, "sev-guest", "lsec0",
"u:cbitpos", sev->cbitpos,
"u:reduced-phys-bits", sev->reduced_phys_bits,
"u:policy", sev->policy,
+ "S:user-id", sev->user_id,
"S:dh-cert-file", dhpath,
"S:session-file", sessionpath,
"T:kernel-hashes", sev->kernel_hashes,
+ "S:secret-header-file", secretheaderpath,
+ "S:secret-file", secretpath,
NULL) < 0)
return -1;
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 73d54f01cd8009636b73270b9683bdd76f13270e..dac44ce9a34e2b31fc13d895e4d64de914d546ba 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6650,6 +6650,16 @@ qemuProcessPrepareSEVGuestInput(virDomainObj *vm)
return -1;
}
+ if (sev->secret_header) {
+ if (qemuProcessSEVCreateFile(vm, "secret_header", sev->secret_header) < 0)
+ return -1;
+ }
+
+ if (sev->secret) {
+ if (qemuProcessSEVCreateFile(vm, "secret", sev->secret) < 0)
+ return -1;
+ }
+
return 0;
}