#include "hw/mem/nvdimm.h"
#include "migration/global_state.h"
#include "migration/vmstate.h"
+#include "exec/confidential-guest-support.h"
GlobalProperty hw_compat_5_2[] = {};
const size_t hw_compat_5_2_len = G_N_ELEMENTS(hw_compat_5_2);
{
MachineState *ms = MACHINE(obj);
- return g_strdup(ms->memory_encryption);
+ if (ms->cgs) {
+ return g_strdup(object_get_canonical_path_component(OBJECT(ms->cgs)));
+ }
+
+ return NULL;
}
static void machine_set_memory_encryption(Object *obj, const char *value,
Error **errp)
{
- MachineState *ms = MACHINE(obj);
+ Object *cgs =
+ object_resolve_path_component(object_get_objects_root(), value);
+
+ if (!cgs) {
+ error_setg(errp, "No such memory encryption object '%s'", value);
+ return;
+ }
- g_free(ms->memory_encryption);
- ms->memory_encryption = g_strdup(value);
+ object_property_set_link(obj, "confidential-guest-support", cgs, errp);
+}
+
+static void machine_check_confidential_guest_support(const Object *obj,
+ const char *name,
+ Object *new_target,
+ Error **errp)
+{
+ /*
+ * So far the only constraint is that the target has the
+ * TYPE_CONFIDENTIAL_GUEST_SUPPORT interface, and that's checked
+ * by the QOM core
+ */
}
static bool machine_get_nvdimm(Object *obj, Error **errp)
object_class_property_set_description(oc, "suppress-vmdesc",
"Set on to disable self-describing migration");
+ object_class_property_add_link(oc, "confidential-guest-support",
+ TYPE_CONFIDENTIAL_GUEST_SUPPORT,
+ offsetof(MachineState, cgs),
+ machine_check_confidential_guest_support,
+ OBJ_PROP_LINK_STRONG);
+ object_class_property_set_description(oc, "confidential-guest-support",
+ "Set confidential guest scheme to support");
+
+ /* For compatibility */
object_class_property_add_str(oc, "memory-encryption",
machine_get_memory_encryption, machine_set_memory_encryption);
object_class_property_set_description(oc, "memory-encryption",
cc->deprecation_note);
}
- if (machine->memory_encryption) {
+ if (machine->cgs) {
/*
- * With memory encryption, the host can't see the real
+ * With confidential guests, the host can't see the real
* contents of RAM, so there's no point in it trying to merge
* areas.
*/
}
};
-static SevGuestState *
-lookup_sev_guest_info(const char *id)
-{
- Object *obj;
- SevGuestState *info;
-
- obj = object_resolve_path_component(object_get_objects_root(), id);
- if (!obj) {
- return NULL;
- }
-
- info = (SevGuestState *)
- object_dynamic_cast(obj, TYPE_SEV_GUEST);
- if (!info) {
- return NULL;
- }
-
- return info;
-}
-
bool
sev_enabled(void)
{
}
}
-int
-sev_guest_init(const char *id)
+int sev_kvm_init(ConfidentialGuestSupport *cgs)
{
- SevGuestState *sev;
+ SevGuestState *sev = SEV_GUEST(cgs);
char *devname;
int ret, fw_error;
uint32_t ebx;
return -1;
}
- sev = lookup_sev_guest_info(id);
- if (!sev) {
- error_report("%s: '%s' is not a valid '%s' object",
- __func__, id, TYPE_SEV_GUEST);
- goto err;
- }
-
sev_guest = sev;
sev->state = SEV_STATE_UNINIT;