SEV-SNP: Invalid parameter 'certs-path'

[kimullaa]

When I specified the --certs option with launch-qemu.sh, it failed with the message: Invalid parameter: certs-path'.

$ sudo ./launch-qemu.sh -hda "../ubuntu1.qcow2" -sev-snp -certs /opt/snp/cert_chain.cert
...
qemu-system-x86_64: -object sev-snp-guest,id=sev0,policy=0xb0000,cbitpos=51,reduced-phys-bits=1,certs-path=/opt/snp/cert_chain.cert: Invalid parameter 'certs-path'

I checked the target/i386/sev.c file in the snp-latest branch of AMDESE/qemu, but it doesn't seem to accept a certs-path option.https://github.com/AMDESE/qemu/blob/snp-latest/target/i386/sev.c#L2410-L2430

I think we probably need to apply the patch from this commit to the snp-latest branch.

[tlendacky]

Upstream is still ironing out the interface for this, so an extended guest request in the kernel will not return any certificates at this time and Qemu did not incorporate the certificate related arguments. That should all be worked out soon, hopefully.

[kimullaa]

Thank you for your response!

It seems misleading to include an option in launch-qemu.sh that always results in failure. Do you think it's ok since it's only temporary?

[tlendacky]

Probably just an oversight on our part.