From nobody Mon Apr 29 02:05:43 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1519667651700954.2238777433965; Mon, 26 Feb 2018 09:54:11 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4F4972BBDF6; Mon, 26 Feb 2018 17:54:05 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D25E15C8B4; Mon, 26 Feb 2018 17:54:04 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 450364A46B; Mon, 26 Feb 2018 17:54:02 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w1QHs1Q4031039 for ; Mon, 26 Feb 2018 12:54:01 -0500 Received: by smtp.corp.redhat.com (Postfix) id 4F2571915E; Mon, 26 Feb 2018 17:54:01 +0000 (UTC) Received: from mx1.redhat.com (ext-mx04.extmail.prod.ext.phx2.redhat.com [10.5.110.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 87308190D4; Mon, 26 Feb 2018 17:53:58 +0000 (UTC) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0082.outbound.protection.outlook.com [104.47.32.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F15807B9BB; Mon, 26 Feb 2018 17:53:56 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Mon, 26 Feb 2018 17:53:53 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=JFxGlkXxruOV5HsE2r81jE6BH/cBPze/8rnhJudv1d0=; b=gRjRT0lHJamKf/EwJXb7iSA7psdV73Exb37xcLLXx3z2WbVqSrJmkRLcur5FjAc/24II08T+Haq6QGwjrYd0BFnz4FxmtBNhPVdo5iMxLhxsxoUSNdU65sVFtJ4JONGLHehe448oGm2mZlqrUrelsCf4Rp/TEAvCWrNgT0PPhe8= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Mon, 26 Feb 2018 11:53:33 -0600 Message-Id: <20180226175336.79815-2-brijesh.singh@amd.com> In-Reply-To: <20180226175336.79815-1-brijesh.singh@amd.com> References: <20180226175336.79815-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR17CA0004.namprd17.prod.outlook.com (10.173.147.14) To BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 986ef25e-0556-4459-bbce-08d57d41e6e4 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:BY2PR12MB0146; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 3:n5StZg+NCOxJx3rs/YNCOjmUGUKWjK2ugD/FlzyDYh86HKsRkc2DEuEK54g+OSalDsPwwdEGy4T9o5coOyyRWUo7xXhCR/OxL8jVMNNhU3bt7wIVOhEWn+BuW6YaV0wv5v9ltLKYFiimENbPKvupdB5iNO7qajQ+RAeF02RMlL0HsmE5lQv1qkPYfNyaI7tLgoGaXuZu7yjGVnyplBDRILGnfSNfuPdTYyScchyDFFXuno74njb+ec+Z/6O/YzBr; 25:ZmoT9CocxRs3Clv/+7kvVvGX2t5HxuahnF7gD3Ggj88W6C+su8SPYRTuDUIRLLbNSygDYNEubEEj1CBomerS/v9wND1hgj9h+vuTkKayH/hsuUJ/7zRpnbLCfVlFtSlUEbyjyComu7zRSqD0Q0nG4VovE9L1LAGbTPCexFwBEE/AU/GObWkoi+9+aSm1RR5sSR+nsSqHVb3u5NmZTCEtvj8TkAuLMpLMCtPdiFRnAiAJKWS4QQfnY35CZYs3ZJTvQ6DCTFFvmCvBtuYQE/m7EtX8BXtszdQdBNjo06BSup+EHI0N+Y9XMWBDD8Hk5ynvY8FU5yrAQkBBHYpmYQi3CQ==; 31:0q6IRk/pkR8psLH5dXHesS9A5TRDOkOqNGK3qvkttqmugloKu6dx++kUDpO+z6WcQ9ZUQQBO+hxpfPxVcM22b0hxvdBWlnDnzeke53Ig7UFJ8/DGtz3JhkkNS/8DdyjvH8gMcVMCde+j1lYYZ2BYyJHyUMihET0CfiuwDH2SZFYKZRjQM00QcddnxpKPf5ewk+36+BDwer2SV2OtvBh+L8tuOkx7BQPl3lHB4vU/T/4= X-MS-TrafficTypeDiagnostic: BY2PR12MB0146: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:E2cwEv7/ml6Bk4JTD4LMbYmP9j+zUnf8RXrRNOsTXxNRvHm1JsOj0WwiCplVVM9Y/FpLlhj9FzyYrThBwydqHZemKT3+4O14zYdopU4rf73bDdWhW270MhyoAzAfeIkwK/Bbb8EJUOm6cVzWIP/oF/Utff+UAoryd+Vcutf00YexvcVCxAefF7k1WMFXxkJyahGxB/oh6WfVBd9sJYoS5PhYKakq8dRmjT1aszqk6Z0KAzvhlB/9vj3JkwtJEdhS+QRifZpua7/tyVI2BvfTorWrvRXr9uu15fChjhfivmxODuN8dsRZpEsxoCwZmgfdcBRgEHYOfoUHZQBnpffdG+ndRSttRYctv8xRasjbcPEmHlCCoT/h7Ouiwh1pC/3ltDkb+e1zAhk+Dd8OoyxinSPBL/jJD/FRRmzpCNGm7gO7b3/E0GPOGmnGj+u4QE+DL7ZdENjLPL8+Pu+qV9cmVunT0764prliXwhHNbG9B2Vtlh2SVRAT/6nHySG8jLkF; 4:uTuPil/xrYU+emvw04d9N8wU3Nd6uZHvaZxWsCqeUp0omLOIYjXtIVeYdEIxp3po+QiMIjXnxIHJaapbPM1OFZBGJKMqdN+ccg+vJwt5ZK9hkohPBMLZJQQCzTFrCIxJrmPejaIs1MfoRKj5sbD62/wOYrQnnk+A1CqA8/t6ad+ZzXPSlZCBlhvL29mou0d8+iqO54O43ongHuZDolEQhjrsqL3NFELxyhkEJ6u33/IXcKWQNkmnoDMow3RV7Bid6XBPECdgfZvFPAyuaE7ycl0m7qtAvCaAN0dOLChnAPfCqSLdC/OGUHSPBWC9h0i3 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3002001)(3231220)(944501161)(52105095)(93006095)(93001095)(10201501046)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(6072148)(201708071742011); SRVR:BY2PR12MB0146; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0146; X-Forefront-PRVS: 05954A7C45 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(39380400002)(346002)(366004)(396003)(39860400002)(199004)(189003)(53416004)(76176011)(3846002)(8676002)(81156014)(68736007)(186003)(16526019)(6116002)(8936002)(66066001)(36756003)(53936002)(86362001)(54906003)(1076002)(47776003)(26005)(50226002)(316002)(2906002)(81166006)(25786009)(5660300001)(6486002)(478600001)(97736004)(2351001)(50466002)(6916009)(39060400002)(106356001)(7696005)(2361001)(305945005)(52116002)(105586002)(59450400001)(386003)(48376002)(2950100002)(6666003)(4326008)(51416003)(7736002)(16586007); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0146; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR12MB0146; 23:1xMn0j2B3Yv63oIlLUVBcU8/tr+HBUgY1VBj9f57G?= =?us-ascii?Q?4kHnkdIOdWIIfnb5m+TOpJwm3GSv8urYmZlzw7rPCh9tjLrNMegmzaEmg3i6?= =?us-ascii?Q?Ipp176Z8Mw93YGpVQkgJfH3g0IHjE94Uix2mhga0r7YywMY46B0a+XtLAHdY?= =?us-ascii?Q?+BGuEHCrRIB+BiDcaDALM+hwLPAdOT2CE0cB6f43ynmOqJ3vaDHRYCXE0qk4?= =?us-ascii?Q?C7LGfRov9HwE66d2ItFsxW9uhz7BztDxoTVt5nUoMA3tEUp1idJnFI4kow1P?= =?us-ascii?Q?6BLfudzr/MCZYfztPRx6TAPApwfF0pHxVn54bwdh9OdsvGS5dweQ1gnf357i?= =?us-ascii?Q?YbWNSUe3K9VUxNOIuJn6cfneCpIBEHTTwM3Zm10sgUy8AYcrBZq4pcaPdzWo?= =?us-ascii?Q?DMvYIK96RGxqEF8xqsmkQnx0PDpFW6iFYgJ3yUQlKXXLx2jJuMvI4Hfa3Qxh?= =?us-ascii?Q?L/VdUpT1rZERqINX7uW4vdiRr67QMGBzPb2T2UNuQtOPEuHSYez7Ad2k/n1t?= =?us-ascii?Q?NIUpKi9canV5Oid6NDpqLcT36k0j6mYjuhwYBqwNynncuB5HQjBuc/aW7qiI?= =?us-ascii?Q?4xwhyhmfdpA5vjDUCkhWzrviSPKZOcBd3Meh7IlU8pqc4/jUwcttwONaKg1f?= =?us-ascii?Q?OiG6UIAT8bukFrmmgeOlieBVCaYS/NgMCbqfi9/pcVMF6taw0XOyf40W8vCK?= =?us-ascii?Q?2PcIlYz5kZ167OHx9r0Iev6XnsDRK5e+o2sCRZeub/1iFIPsX5moXBagEkG8?= =?us-ascii?Q?UHAE0B8KVJls6aqZtZgPCMkZRPQDGcZskBNYhjA+3lhtCrax64yxTSxh43vA?= =?us-ascii?Q?HawmZhbJTfJArqyjmEjLbQdBeRrBivhBpPVwu8jfYp/OUE6OpXySM8D8KA7m?= =?us-ascii?Q?F+D5Ltnnevevr0iUgPmdnw7Swmp1EqoJERgIWI+HHkDwQHsYQzjOe6nFRorJ?= =?us-ascii?Q?8kzvpSYTN1H55znTf1xsb+hCkWip4oqKjAnqEas1uAp8AK2fpNIMpfXSnB6e?= =?us-ascii?Q?hpmcczThJzsckeFpbc4EZvktLiocvTnsktFNd3RN4xIGeK6z6E9wyELU/zDa?= =?us-ascii?Q?gIHqTyqoQTd1ZR0JrZjx/TI6YprCURBO2X5EE/c5U+Nc0u69wAwuHp4pEJAk?= =?us-ascii?Q?0ECfBi7qV0Avtl85Wf5Toagw8vnYn1I1pJJEjPHonUAIc+MrEHKTn5CWEtKT?= =?us-ascii?Q?Rqy9Z3H2trsm6FR3rMUUwON5n+Qdz/3JRqdp4xRoZMOkarLEB6poI1Yvg=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 6:JM7q+BAA4ZyFzqZdviPN91WTrVfBfo4k5mI458Vkqtuk/6pPWFIQrCgAHJjh/246J6XNGX2fifM4QbohmeIY1Za4tTGJvltipt5fBcLGpvF4gtXHxu9dSRwI13cQCIWe/JEhTQ654V6Bo1lwz7fJf2TaudFRDnGrB5f3zO1jRrw6d5qN+pB+MEoq44AxoHC9tJhfsOKvb0EclhRgmBwUrOYStcCOUrRgslT0qrpx27890VtOIDAolkzDKywUd4QpXGrmKok6lftQL6/K0+d04cnQRkiXz/jWVsUUCS3GHetKpXvgsSD06yTptMpJWPf/xgllrHU5v3QstVahBh85a+M01DH5QO5TNTxv5CWvxXo=; 5:j1kvFJXLdxb2vEtmAIRK3L2CSNX+TK/2JHNDjZJh9GIqb4eHqkWj6I5JNmjQvKJsFD7AXyqKoPL/gKefgd5QmkW6y8WBuDV+tvbAyd7Vv0p4klzy+FxHX7rg+4ulc/DEkvXjq7Zte7glkGILsR0ZKilwXdqnkvWogQZPB/Mw3BM=; 24:3rPaYFnwF7Q2xHViqO+IaLG19/XKW9ApE9rOJmuMemAkStj6PrwASTRPmxrm7fYnbg9jvUWsYIy1DFRynQWoPo8kiiNe3h1CoYJavRRFRA8=; 7:gdokn8YhMQe1nD8/lvoZinZR6iGPSCy52r9djJ5bA1LjfZnPFvLapBrB7jhUGPXZ3eiDsgmm/qd5dGvANDykRtNe3UHwJeodoAWRoSDJ2hpuQUX/zZDzRMQ3mq3yflZL2ZPa8Ku2qMkXKXlSXt/xq2LBku0bEJ4HYD2ACx1wA0N+gr75WE0l2SDenZ4ABbzX383TbR7p4kGIgNuujeQvu2ELI7NGUoudlU544iOQeqV7LP0AFVgDpV06DIPIsb/N SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:qbH6aOq82QRT31P5n2TFempEgkvHAb3LJvl1WNHgrJ7jDaQdmUuu2+ycN48neLClQM+K4lAfxvJ1DkDvBW1kAMc/Uwypl94qgsy3dDwQVy3mw8Y1SFL+r0jrVFt8Lx7Bifyd2fpQhGpMIUaPPzqnR5L+1tN4hMSUsSf2ze0D/b8q5SmNjsvf61yhljMaNwYMPi0vEIQf3PDVrhN4e8nW8rbQsWjNXe0gFV4tWjKak9+zp9qbLoTD2L/zxKzZzt0F X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2018 17:53:53.2889 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 986ef25e-0556-4459-bbce-08d57d41e6e4 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0146 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 26 Feb 2018 17:53:57 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 26 Feb 2018 17:53:57 +0000 (UTC) for IP:'104.47.32.82' DOMAIN:'mail-sn1nam01on0082.outbound.protection.outlook.com' HELO:'NAM01-SN1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.031 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS) 104.47.32.82 mail-sn1nam01on0082.outbound.protection.outlook.com 104.47.32.82 mail-sn1nam01on0082.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.28 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Xiaogang Chen , Jon Grimm , brijesh.ksingh@gmail.com, Brijesh Singh Subject: [libvirt] [PATCH 1/4] qemu: provide support to query the SEV capability X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Mon, 26 Feb 2018 17:54:05 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" QEMU version >=3D 2.12 provides support for launching an encrypted VMs on AMD X86 platform using Secure Encrypted Virtualization (SEV) feature. This patch adds support to query the SEV capability from the qemu. Signed-off-by: Brijesh Singh --- QEMU SEV v9 patch does not have implementation of query-sev-capabilities co= mmand and I am will be adding this command in next QEMU patch round. Command resu= lt will look like this: { "execute": "query-sev-capabilities" } { "return": { "sev": 1, "pdh": "....", "cert-chain": "...", "cbitpos": 47, "reduced-phys-bits": 5}} src/conf/domain_capabilities.h | 14 +++++++ src/qemu/qemu_capabilities.c | 28 +++++++++++++ src/qemu/qemu_capspriv.h | 4 ++ src/qemu/qemu_monitor.c | 9 +++++ src/qemu/qemu_monitor.h | 3 ++ src/qemu/qemu_monitor_json.c | 92 ++++++++++++++++++++++++++++++++++++++= ++++ src/qemu/qemu_monitor_json.h | 3 ++ 7 files changed, 153 insertions(+) diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index fa4c1e442f57..e13a7fd6ba1b 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -137,6 +137,20 @@ struct _virDomainCapsCPU { virDomainCapsCPUModelsPtr custom; }; =20 +/* + * SEV capabilities + */ +typedef struct _virSEVCapability virSEVCapability; +typedef virSEVCapability *virSEVCapabilityPtr; +struct _virSEVCapability { + bool sev; + char *pdh; + char *cert_chain; + int cbitpos; + int reduced_phys_bits; +}; + + struct _virDomainCaps { virObjectLockable parent; =20 diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index b5eb8cf46a52..2c680528deb8 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -525,6 +525,8 @@ struct _virQEMUCaps { size_t ngicCapabilities; virGICCapability *gicCapabilities; =20 + virSEVCapability *sevCapabilities; + virQEMUCapsHostCPUData kvmCPU; virQEMUCapsHostCPUData tcgCPU; }; @@ -2811,6 +2813,14 @@ virQEMUCapsSetGICCapabilities(virQEMUCapsPtr qemuCap= s, qemuCaps->ngicCapabilities =3D ncapabilities; } =20 +void +virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps, + virSEVCapability *capabilities) +{ + VIR_FREE(qemuCaps->sevCapabilities); + + qemuCaps->sevCapabilities =3D capabilities; +} =20 static int virQEMUCapsProbeQMPCommands(virQEMUCapsPtr qemuCaps, @@ -3318,6 +3328,19 @@ virQEMUCapsProbeQMPGICCapabilities(virQEMUCapsPtr qe= muCaps, return 0; } =20 +static int +virQEMUCapsProbeQMPSEVCapabilities(virQEMUCapsPtr qemuCaps, + qemuMonitorPtr mon) +{ + virSEVCapability *caps =3D NULL; + + if (qemuMonitorGetSEVCapabilities(mon, &caps) < 0) + return -1; + + virQEMUCapsSetSEVCapabilities(qemuCaps, caps); + + return 0; +} =20 bool virQEMUCapsCPUFilterFeatures(const char *name, @@ -4951,6 +4974,11 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps, virQEMUCapsGet(qemuCaps, QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION)) virQEMUCapsSet(qemuCaps, QEMU_CAPS_CPU_CACHE); =20 + /* SEV capabilities */ + if (ARCH_IS_X86(qemuCaps->arch)) { + virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon); + } + ret =3D 0; cleanup: return ret; diff --git a/src/qemu/qemu_capspriv.h b/src/qemu/qemu_capspriv.h index 222f3368e3b6..1fa85cc14f07 100644 --- a/src/qemu/qemu_capspriv.h +++ b/src/qemu/qemu_capspriv.h @@ -86,6 +86,10 @@ virQEMUCapsSetGICCapabilities(virQEMUCapsPtr qemuCaps, virGICCapability *capabilities, size_t ncapabilities); =20 +void +virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps, + virSEVCapability *capabilities); + int virQEMUCapsParseHelpStr(const char *qemu, const char *str, diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index ad5c572aeefb..195248c88ae1 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -4007,6 +4007,15 @@ qemuMonitorGetGICCapabilities(qemuMonitorPtr mon, return qemuMonitorJSONGetGICCapabilities(mon, capabilities); } =20 +int +qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon, + virSEVCapability **capabilities) +{ + QEMU_CHECK_MONITOR_JSON(mon); + + return qemuMonitorJSONGetSEVCapabilities(mon, capabilities); +} + =20 int qemuMonitorNBDServerStart(qemuMonitorPtr mon, diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index 954ae88e4f64..1b2513650c58 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -755,6 +755,9 @@ int qemuMonitorSetMigrationCapability(qemuMonitorPtr mo= n, int qemuMonitorGetGICCapabilities(qemuMonitorPtr mon, virGICCapability **capabilities); =20 +int qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon, + virSEVCapability **capabilities); + typedef enum { QEMU_MONITOR_MIGRATE_BACKGROUND =3D 1 << 0, QEMU_MONITOR_MIGRATE_NON_SHARED_DISK =3D 1 << 1, /* migration with non-= shared storage with full disk copy */ diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index a09e93e464b3..4424abfa7148 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6362,6 +6362,98 @@ qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon, return ret; } =20 +int +qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon, + virSEVCapability **capabilities) +{ + int ret =3D -1; + virJSONValuePtr cmd; + virJSONValuePtr reply =3D NULL; + virJSONValuePtr caps; + virSEVCapability *capability =3D NULL; + const char *pdh =3D NULL, *cert_chain =3D NULL; + bool sev; + int cbitpos, reduced_phys_bits; + + *capabilities =3D NULL; + + if (!(cmd =3D qemuMonitorJSONMakeCommand("query-sev-capabilities", + NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + goto cleanup; + + /* If the 'query-sev-capabilities' QMP command was not available + * we simply successfully return zero capabilities. + * This is the case for QEMU <2.12 */ + if (qemuMonitorJSONHasError(reply, "CommandNotFound")) { + ret =3D 0; + goto cleanup; + } + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + goto cleanup; + + caps =3D virJSONValueObjectGetObject(reply, "return"); + + if (virJSONValueObjectGetBoolean(caps, "sev", &sev) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("'sev' field is missing")); + goto cleanup; + } + + if (!sev) { + goto cleanup; + } + + if (virJSONValueObjectGetNumberInt(caps, "cbitpos", &cbitpos) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("'cbitpos' field is missing")); + goto cleanup; + } + + if (virJSONValueObjectGetNumberInt(caps, "reduced-phys-bits", + &reduced_phys_bits) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("'reduced-phys-bits' field is missing")); + goto cleanup; + } + + if (!(pdh =3D virJSONValueObjectGetString(caps, "pdh"))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("'pdh' field is missing")); + goto cleanup; + } + + if (!(cert_chain =3D virJSONValueObjectGetString(caps, "cert-chain")))= { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("'cert-chain' field is missing")); + goto cleanup; + } + + if (VIR_ALLOC_N(capability, 1) < 0) + goto cleanup; + + if (VIR_STRDUP(capability->pdh, pdh) < 0) + goto cleanup; + + if (VIR_STRDUP(capability->cert_chain, cert_chain) < 0) + goto cleanup; + + capability->sev =3D true; + capability->cbitpos =3D cbitpos; + capability->reduced_phys_bits =3D reduced_phys_bits; + *capabilities =3D capability; + ret =3D 0; + + cleanup: + virJSONValueFree(cmd); + virJSONValueFree(reply); + + return ret; +} + static virJSONValuePtr qemuMonitorJSONBuildInetSocketAddress(const char *host, const char *port) diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index ec243becc4ae..305f789902e9 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -152,6 +152,9 @@ int qemuMonitorJSONSetMigrationCapability(qemuMonitorPt= r mon, int qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon, virGICCapability **capabilities); =20 +int qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon, + virSEVCapability **capabilities); + int qemuMonitorJSONMigrate(qemuMonitorPtr mon, unsigned int flags, const char *uri); --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Mon Apr 29 02:05:43 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1519667670827425.9251516878862; Mon, 26 Feb 2018 09:54:30 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 11EF34ACAC; Mon, 26 Feb 2018 17:54:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D9D6D60C8A; Mon, 26 Feb 2018 17:54:24 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9F54A4A471; Mon, 26 Feb 2018 17:54:24 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w1QHs35s031061 for ; Mon, 26 Feb 2018 12:54:03 -0500 Received: by smtp.corp.redhat.com (Postfix) id 924495E1A4; Mon, 26 Feb 2018 17:54:03 +0000 (UTC) Received: from mx1.redhat.com (ext-mx04.extmail.prod.ext.phx2.redhat.com [10.5.110.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 51A9F5E1A2; Mon, 26 Feb 2018 17:53:59 +0000 (UTC) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0082.outbound.protection.outlook.com [104.47.32.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5FAAA7B9A8; Mon, 26 Feb 2018 17:53:58 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Mon, 26 Feb 2018 17:53:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=EUUvPvepVTKYhtAgGcjjN21htchSKWfBms8R6bEPqcc=; b=FQw4b8MsFV02T4YDufub4gfGfjKZ787iMH9gV7MjoTn4lQRPFU4ygg+aI+0c5Psy7RBJM22jnNo9G9hGcTnVBKdfJxlEm8ez19PLWUBKvsuInEihaLtlReaMqL9GRQmk4URzxHD6f0JBuGD5uiOTXi8HWtmsrxP0Z7DwOSWYEuo= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Mon, 26 Feb 2018 11:53:34 -0600 Message-Id: <20180226175336.79815-3-brijesh.singh@amd.com> In-Reply-To: <20180226175336.79815-1-brijesh.singh@amd.com> References: <20180226175336.79815-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR17CA0004.namprd17.prod.outlook.com (10.173.147.14) To BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 9f9de223-45f7-4715-1478-08d57d41e7c0 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:BY2PR12MB0146; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 3:ctj5lVOHD9Glo4+7fa1GNxTTeDnASByuDdmgAlGAMW08ye23ywiQMNO5vJXwl7jIPcqrhI2Drod08SHbIDtUuSHlX1NL+dTjGgl2uE1ZF97rQOYStfVpilxNp4OdAmHn7hmmlGc8DwoWVIwj+TCh2w0WehjhgKKLFwfoIGLRG4jvRubc3SeMurHV7hZDZ5EB0y7eIPcNWE5GG/Dj1CLFHqwimZNfyO3NGB4IGaGgNCE3M0FckXUBUDCPuFQ/2UgX; 25:KrM/iBJeERmHhvVUCICC9+eOcrVBfHKaC2voXelIiZIeCl8CHfk0OV/RaSjwq/TLIBHr7bs4aeU2cZO2odvCM1HaNfTcIzozJZfQmmfnK9/p2aDHbVHSWRZv7gqCz04Fto8TpgHMlVlId0GvSEXGZtq0VLpjZXyAgiwVT8nqezBo07u/BIdvGsvoOrFUaqPXHX/JlqG4DQTXSqCIRn6lNb5Fqxo0B3ANFhYbW+L3ld0iJ4dhNbsySdazfIZ3r5HdjFpxD5lfOLxBwLwDEUm7LQ8UzNy6IOwYwTBNdxZcDxOI2g02VkVSU16xc8aL0Oixy6gNEPp5lmSfme0hR0lZKg==; 31:A4bsy9oq67zh1LpETAK1L7bxBxlqFrdbfPk7cNlEdIEo/T4dEntkJhTwcrV/Yru97eTJ5wAROFZfhC3sAMxYiHaAH/AdXZnKJZynNuC84bbik9YnUZXQgsRk7gl3jlbT6pqSVqg8D/KaQ1CFrxIEL8v4HDufmrMOpwTbK6PbYD+dOMGzZ1ITaNV1UcJB6uQCeX6rXIEyrztBBXWBDp75GV6G20oVB/pJV6uihDOo00E= X-MS-TrafficTypeDiagnostic: BY2PR12MB0146: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:xUs12w78ZL7rRwxxZQ0gpsHiGA3g6WfGbDnwqpxAKb8u5AubKBcmFONSR23fBTONhVCXgXU12pXpOTBXb8o99IHGleXQPtXwsPzdazOS+waImd+SvCJCpS5PwC+QpJ9QsOF1tTXu/BIXi/TydaA20xWGeBevB+Sz1zO+xK1q4FBFrNZDQ+tN3kLjtWhucbb+z/3wixIhzrAlgfGtriopPnCucpHfcbIs3Mz0L2WEifGPzjPjhYrCt128t82Aspu+wgPs7cQbdFk0h/w0NZRcVpvoFH82M/PZKB6wYzk1Ux9D8esHtxO0QrmwLDMxWVKjKEcmw2O/gAHynPRwNvVizeUa8FXD4wJfVbKwMoyuJghh6wM9+kXDwYEOUh1jtbjk3tnw3dFQhFxBZGwKqMFaVw+2ljx0I41cLEX6uNjnkWUJlq5+aU38j0RICh+gXaZ1tQuclMUF0MzYE0uoWe8fp+lb6knqzcB5sRKHR8mwO6rHrjIBPSIdBlWA6xY8hWOd; 4:NRqbuYciTk7WLqMSXvJKzZ07emBp7Nxs6i9uKL0H8zSr0KW5Eceda0EkuRUGQvh22GSjbrlIz6t4xHrtsuEWBxHr19iQCrs3XChgPGIcu57aS0QeYGvmsd8ElNEnQaDKETNXHRB4LtCw9CBdZAih2uM8djS8nxnGRoD1+GKEIln13XnKbIjhQAoZj3aiFUoMpNUtu4ohFMVmkBAxnGCB7ZkisHIQgXnn4jaQ/gZUh0lDqoeXCVKtXb/smigBCIPNs5mVLQWUrzEveBangxbwTzqT9VDLOT1v13I0einSYce09l+TYvfvYbRDC9bIa6Z3 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3002001)(3231220)(944501161)(52105095)(93006095)(93001095)(10201501046)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(6072148)(201708071742011); SRVR:BY2PR12MB0146; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0146; X-Forefront-PRVS: 05954A7C45 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(39380400002)(346002)(366004)(396003)(39860400002)(199004)(189003)(53416004)(76176011)(3846002)(8676002)(81156014)(68736007)(186003)(16526019)(6116002)(8936002)(66066001)(36756003)(53936002)(86362001)(54906003)(1076002)(47776003)(26005)(50226002)(316002)(2906002)(81166006)(25786009)(5660300001)(6486002)(478600001)(97736004)(2351001)(50466002)(6916009)(39060400002)(106356001)(7696005)(2361001)(52116002)(105586002)(59450400001)(298455003)(386003)(48376002)(2950100002)(6666003)(4326008)(51416003)(7736002)(16586007); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0146; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR12MB0146; 23:W8GA195+Jl/chnpU1jnFSu3cff5IALZ9plmShtQzY?= =?us-ascii?Q?PMadoX3mcrzto6eOmXAKRBlOlzAXg/OeeZg4p0WRSlBfhBcae0V0XY2pPAVg?= =?us-ascii?Q?LxF3dnESRzPOdW7KAgLTxcy+8yeb7loncRKbGIKpT3uVM0QXmTV5QYVH6Yur?= =?us-ascii?Q?socdc1lY/r8XYvhSHeP71g6P/MILt0ky9NY73Qg9pv54hxLWa3uk2kq55N/q?= =?us-ascii?Q?mw7pBPZNpojxhiBYGPciN7tvsTxl9t06kgmfimeumRPAfOX5rY5foNxcGA7S?= =?us-ascii?Q?mTUUNwGDx1b94AiaCPxeH3n1xD/mJ49B44ZL+quz79yL9BzTC1odiKHLzfC+?= =?us-ascii?Q?GkQ4s9yJ7U2txBBCNSPseTgeeNSVzgm9E+fFxf7LtsLsmjkXjCyFAGSgR93T?= =?us-ascii?Q?4qHxeBHxbi9xyf/APLt+/RV7pFbPe8kgPun80KUuvYmHqmbpRMu9WifAu3nE?= =?us-ascii?Q?gDAARvy1ahQnG7W5NfIGKUZqdjbzRnocJh1SlvCFMTsxHi4Tga2LrDa6zG9y?= =?us-ascii?Q?Svb093A68vsRo6af+rXE3bvp2/rEijxeRyRFgYDrRXFmoQyH599QYtF6Yv4C?= =?us-ascii?Q?iVh9NEH8lqGzuP10g6vkf+wM3+9hrNYi43WsHe+Mi0HURcbr8eB5qXHmgayu?= =?us-ascii?Q?VFq+W0P+iGqD0Z6wuQdNEj/ioBcvrlQWDjIJ3/csWtGypwTHjafY58s1/OYu?= =?us-ascii?Q?xA2wrPnXxO7ylUdY8CETHF77PwAIjveLKK8/wAHELNo24PXEIWN0HXKnf+NK?= =?us-ascii?Q?1w3JuswwUA1n4Aw77cIyPSxHtnpwzj9YXJt1aD0uNpFAiVlNdpaZ+/MaHVQ+?= =?us-ascii?Q?CK9ZlZ2w/LKRsR7UvBwEJC4fEitcQODfnz2M0VmvEx4gQ011qIoWXcS0tCz/?= =?us-ascii?Q?iQVMfkk9TqSDtmjSwwvnsRQfLrEiLRuLgMDbLTRZQ/RU6oA5Yu5endkddwkX?= =?us-ascii?Q?V0jctwqNvtZY/EOoTIeHGgldToYvhwe6Ah/Sz+9wA6lr+RLGDFDQFB/ahAdV?= =?us-ascii?Q?r2ebCm+uGmuTHNU1ZTyV1L7U8zFcQbnCx76uCETB38zF/KMM5JTGWToz1tD+?= =?us-ascii?Q?Lc+W0XBp2wxhQdpL3HBnBLF3FAEjViUggyt9ZPBpEdAtHsZQKaOL34naIKrO?= =?us-ascii?Q?Hx4DbY6neJCp1tdAXer0G2zdpSuBj9hXct5RM9d4wMUeoHeMHdrcmMPpWu2l?= =?us-ascii?Q?YjmLlbvnvA6O1WxkvPusUhlIsMs8XitoN/ZYX3ya6qHV1ssQi7mn/tFUw=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 6:GPjgDzrPRiMQxP9+tjOwIUFp+6XuIstbN+rRG4ZLfPuM2jOocx+C6sYsIO8LcNWF1PpORL9t7uFsXHeL4Dib+LYWZuIszwI1r65hVJag4sLw+NSI31ubYlXBFKSC+UdIBht1ywHtUwJ2u4ezRsIoE4V0Rtu5UIj9Gq3CeFexTn3hsoLhc6ORHpz6kRLY3iuypq+iTrL7ONrWX3N0VHx8M6uslrwfVtTuI69nUGxmDbq1lZN1dsu3Ba8vEh5gS1299Z9QdQOtnlDEOqQwIYQyrZJUNt6HGOHsR3uxu3QULsq8e6g0XJfbuirbdGR29xOcVy1nxqI0iwf9rRsyl1xEDwy772UN+EXmiQiZ/o1YVIQ=; 5:wQwFRBCOJ4hjx9FtEmo2BQrIUgaej+expIR+IqA8/AJ9/cKrIVtRQaDurQsu9IlcA30HGzik3AQlEe/QUxUxWChx0gluCp6ZAGcye3uLSNr30GD6cYsvTehOJdF2bRh0ZIOJC5xJh+oSxMMXigQg14+JunSLv2y1wI0EeHxXXgU=; 24:J0ZTr83khiV2HFDz3Mo4Gqja68/3aIa451AphvV3WjnXR6NXDniPkI2hbkAM4d/9ZMymBAbqkHvvvmABc51vndPh27tM3u4+IpxzL2+PGnY=; 7:60P6U1qOCJ0mgmYDd+RlWWWLHSOxosVTLM9xcCzGIA+s4omF8dkv9RoaZ38183Wba75WrEoMe8j3xGdrrnbvBbTIVGvydyriO8lEZ+VhcoXT29fPXdCBl9rdcuEmMxdTcRZM6e8IbijDQVHz6dF5hxz+VVgSp9rEK3yILWW31Rjias0HABl29rkJInRRP/idQpgv8H7xDKZY7y+YsPjxIYu6BHs892jsnKk7Xohwn22jmmeK80H2Ij4ww+u4rZur SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:g1r4xhORlFVs6g/j9gaajrXeuWT9aVTjnkC8P2EVrDnBpeADVyiyDFlhqTcLuH21eTLf4CeIzr/gi1WkxEkdaBD7H21uNJcBPJ3Rws73JProKwssy0n0pWEDEATWX+t28znctoudaeEoEKEAAdLV4AcKWHv5SwUIb9/2GBcf31nYg+7uqrLSfAteR4/mg7UFyY+2o2OFt770Y4T3sN+G5QZq/vDTkns/7IpxdVpkfGsnvdXSPEtTqp3eZS561WLK X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2018 17:53:54.6951 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9f9de223-45f7-4715-1478-08d57d41e7c0 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0146 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 26 Feb 2018 17:53:58 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 26 Feb 2018 17:53:58 +0000 (UTC) for IP:'104.47.32.82' DOMAIN:'mail-sn1nam01on0082.outbound.protection.outlook.com' HELO:'NAM01-SN1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.031 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS) 104.47.32.82 mail-sn1nam01on0082.outbound.protection.outlook.com 104.47.32.82 mail-sn1nam01on0082.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.28 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Xiaogang Chen , Jon Grimm , brijesh.ksingh@gmail.com, Brijesh Singh Subject: [libvirt] [PATCH 2/4] qemu: introduce SEV feature in hypervisor capabilities X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Mon, 26 Feb 2018 17:54:25 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Extend hypervisor capabilities to include sev feature. When available, hypervisor supports launching an encrypted VM on AMD platform. The sev feature tag provides additional details like platform diffie-hellman key and certificate chain which can be used by the guest owner to establish a cryptographic session with the SEV firmware to negotiate keys used for attestation or to provide secret during launch. Signed-off-by: Brijesh Singh --- docs/formatdomaincaps.html.in | 31 +++++++++++++++++++++++++++++++ docs/schemas/domaincaps.rng | 10 ++++++++++ src/conf/domain_capabilities.c | 19 +++++++++++++++++++ src/conf/domain_capabilities.h | 11 +++++++++++ src/qemu/qemu_capabilities.c | 41 ++++++++++++++++++++++++++++++++++++++= ++- 5 files changed, 111 insertions(+), 1 deletion(-) diff --git a/docs/formatdomaincaps.html.in b/docs/formatdomaincaps.html.in index 6bfcaf61caae..8f833477772c 100644 --- a/docs/formatdomaincaps.html.in +++ b/docs/formatdomaincaps.html.in @@ -417,6 +417,12 @@ <value>3</value> </enum> </gic> + <sev supported=3D'yes'> + <pdh> </pdh> + <cert-chain> </cert-chain> + <cbitpos> </cbitpos> + <reduced-phys-bits> </reduced-phys-bits> + </sev> </features> </domainCapabilities> @@ -441,5 +447,30 @@ gic element. =20 +

SEV capabilities

+ +

AMD Secure Encrypted Virtualization (SEV) capabilities are exposed = under + the sev element. + SEV is an extension to the AMD-V architecture which supports running + virtual machines (VMs) under the control of a hypervisor. When support= ed, + guest owner can create a VM whose memory contents will be transparently + encrypted with a key unique to that VM. +

+ +
+
pdh
+
Platform diffie-hellman key, which can be exported to remote ent= ities + which wish to establish a secure transport context with the SEV plat= form + in order to transmit data securely. The key is encoded in base64
+
cert-chain
+
Platform certificate chain -- which includes platform endorseme= nt key + (PEK), owners certificate authory (OCA) and chip endorsement key (CE= K). + The certificate chain is encoded in base64.
+
cbitpos
+
C-bit position in page-table entry
+
reduced-phys-bits
+
Physical Address bit reduction
+
+ diff --git a/docs/schemas/domaincaps.rng b/docs/schemas/domaincaps.rng index 39053181eb9a..6ce8d296c703 100644 --- a/docs/schemas/domaincaps.rng +++ b/docs/schemas/domaincaps.rng @@ -184,6 +184,16 @@ =20 + + + + + + + + + + diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index f7d9be50f82d..6a7a30877042 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -549,6 +549,24 @@ virDomainCapsFeatureGICFormat(virBufferPtr buf, FORMAT_EPILOGUE(gic); } =20 +static void +virDomainCapsFeatureSEVFormat(virBufferPtr buf, + virDomainCapsFeatureSEVPtr const sev) +{ + FORMAT_PROLOGUE(sev); + + if (sev->supported) { + virBufferAsprintf(buf, "%d\n", sev->cbitpos); + virBufferAsprintf(buf, "%d\= n", + sev->reduced_phys_bits); + virBufferAsprintf(buf, "%s\n", sev->pdh); + virBufferAsprintf(buf, "%s\n", + sev->cert_chain); + } + + FORMAT_EPILOGUE(sev); +} + =20 char * virDomainCapsFormat(virDomainCapsPtr const caps) @@ -587,6 +605,7 @@ virDomainCapsFormat(virDomainCapsPtr const caps) virBufferAdjustIndent(&buf, 2); =20 virDomainCapsFeatureGICFormat(&buf, &caps->gic); + virDomainCapsFeatureSEVFormat(&buf, &caps->sev); =20 virBufferAdjustIndent(&buf, -2); virBufferAddLit(&buf, "\n"); diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index e13a7fd6ba1b..aed5ec28e9cc 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -102,6 +102,16 @@ struct _virDomainCapsFeatureGIC { virDomainCapsEnum version; /* Info about virGICVersion */ }; =20 +typedef struct _virDomainCapsFeatureSEV virDomainCapsFeatureSEV; +typedef virDomainCapsFeatureSEV *virDomainCapsFeatureSEVPtr; +struct _virDomainCapsFeatureSEV { + bool supported; + char *pdh; /* host platform-diffie hellman key */ + char *cert_chain; /* PDH certificate chain */ + int cbitpos; + int reduced_phys_bits; +}; + typedef enum { VIR_DOMCAPS_CPU_USABLE_UNKNOWN, VIR_DOMCAPS_CPU_USABLE_YES, @@ -171,6 +181,7 @@ struct _virDomainCaps { /* add new domain devices here */ =20 virDomainCapsFeatureGIC gic; + virDomainCapsFeatureSEV sev; /* add new domain features here */ }; =20 diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 2c680528deb8..ee8c542679eb 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -5880,6 +5880,44 @@ virQEMUCapsSupportsGICVersion(virQEMUCapsPtr qemuCap= s, return false; } =20 +/** + * virQEMUCapsFillDomainFeatureSEVCaps: + * @qemuCaps: QEMU capabilities + * @domCaps: domain capabilities + * + * Take the information about SEV capabilities that has been obtained + * using the 'query-sev-capabilities' QMP command and stored in @qemuCaps + * and convert it to a form suitable for @domCaps. + * + * Returns: 0 on success, <0 on failure + */ +static int +virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCapsPtr qemuCaps, + virDomainCapsPtr domCaps) +{ + virDomainCapsFeatureSEVPtr sev =3D &domCaps->sev; + virSEVCapability *cap =3D qemuCaps->sevCapabilities; + + if (!cap) + return 0; + + sev->supported =3D cap->sev; + + if (VIR_STRDUP(sev->pdh, cap->pdh) < 0) + goto failed; + + if (VIR_STRDUP(sev->cert_chain, cap->cert_chain) < 0) + goto failed; + + sev->cbitpos =3D cap->cbitpos; + sev->reduced_phys_bits =3D cap->reduced_phys_bits; + + return 0; +failed: + sev->supported =3D false; + return 0; +} + =20 /** * virQEMUCapsFillDomainFeatureGICCaps: @@ -5958,7 +5996,8 @@ virQEMUCapsFillDomainCaps(virCapsPtr caps, virQEMUCapsFillDomainDeviceGraphicsCaps(qemuCaps, graphics) < 0 || virQEMUCapsFillDomainDeviceVideoCaps(qemuCaps, video) < 0 || virQEMUCapsFillDomainDeviceHostdevCaps(qemuCaps, hostdev) < 0 || - virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps) < 0) + virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps) < 0 || + virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps)) return -1; return 0; } --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Mon Apr 29 02:05:43 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1519667671947602.5841476894575; Mon, 26 Feb 2018 09:54:31 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EC4D081DE9; Mon, 26 Feb 2018 17:54:27 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B499160C95; Mon, 26 Feb 2018 17:54:27 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 81F9A18033F0; Mon, 26 Feb 2018 17:54:27 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w1QHs4Kn031076 for ; Mon, 26 Feb 2018 12:54:04 -0500 Received: by smtp.corp.redhat.com (Postfix) id 469DB60C95; Mon, 26 Feb 2018 17:54:04 +0000 (UTC) Received: from mx1.redhat.com (ext-mx04.extmail.prod.ext.phx2.redhat.com [10.5.110.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 251B460BE6; Mon, 26 Feb 2018 17:54:01 +0000 (UTC) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0082.outbound.protection.outlook.com [104.47.32.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B34707B9A0; Mon, 26 Feb 2018 17:53:59 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Mon, 26 Feb 2018 17:53:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=tvhcWJbbyvvvVQc2oQAVuzhKfMDkMSRsce2u+mifNjA=; b=3SnSuFoq5I/kq/CNGAoP2V+Qg9+eK3PZF1GQZ8Ca1HWS0nkKUtOT8LJPogUdGU7oS7K23xsPZoXmy0FT1kFAu2+2hKt2wGyD//BWpOnfQO2J7b/aK+y78xfcQxySQXjbYT6hx3uOPXGnLVASdX7j8UefhnMruXG8VcHAPKFKu9c= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Mon, 26 Feb 2018 11:53:35 -0600 Message-Id: <20180226175336.79815-4-brijesh.singh@amd.com> In-Reply-To: <20180226175336.79815-1-brijesh.singh@amd.com> References: <20180226175336.79815-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR17CA0004.namprd17.prod.outlook.com (10.173.147.14) To BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e2d7e832-4525-4c7e-6d27-08d57d41e89b X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:BY2PR12MB0146; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 3:vQmzt+QkFN2bi5eqgrKY3zEtqGUkaev1oQWcvjIuR4Oj9oDG80FFhx43GCXiC2sGq2a5P+7YaN/rDD4riTzOnbFGGeIq6wvh+5YGyUoWS3dC8Ovz+wFeqUQMKybcJwtiRhCgn+LIBv36jE7Pz/zsKGCPIMm7X7XZdYUnguOhfGxg+2O0jwOUSJsQeMDNEbKyb47l9u05fsIeXAlZXFTKQm/hwgd+oRtFoK6gW1RB0C9gcN3wHQkWebgEU6AYt6Yu; 25:8DNk3N5ga5k91LAWSr0sVn9o08aJ1bntUI5BqP7ihhv8Leqj3s66IlTWfQeY4m4M9RfXUHGDniI8DHmKOjeJUEqo/VWrrtRn2bi5YMIajf1brFSKxKaFcyn9KotgmqhPIGidD+8g2w7WGZGywXRTPRi+f+Mfc/dYi3OIUxVA/JIqOw5Bu/2EfvzY/7wtArGHbR2Hd2fcx0COzgM4OCzK5FVNPjzCKJOLLCecVHxawP3gYPzyuQMFDTXPHAllCXNyp6D6rPnDF3tjqpbHkW617TrloX4JbGsRN1pB6MFjsDZypCqRqjEpxqGxlRWU/+2Mnn34NoI1/QNXGkK2xOXn+A==; 31:Sd6OlZbIjkJWa7FT6ByAY538NjGPtpLVczqqNUTh4pOFmWoDR1ydXeXL7aoR+qpIKs00Hz6EbYFlmZSm7zpv+pml5dJETwNVXgs8VpHoWKv21kmq2AAoZBgWeopMBKafsSly2THstUjsDAJdym8yZW/BLfDLqw/ytGcySomTGmltXi86wNkiH7604GZj+RxKxgZ2TSSSXvVq7fjhhJPj/sD93qpNP9NHnis7xkSYjPA= X-MS-TrafficTypeDiagnostic: BY2PR12MB0146: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:MIJQMcGAFd/DQNShD6DAt7ylLiaAfer+yG9chOl4RJX8TFG5lHaPAM1vqWcfGmwTsEsGcm3NTL54c9XEJVvuVK8lfwHRQWxTL0PdxMHVMbT6qZ8WDm2mSHgD9gekNEUxA0Y+wuqm1F3FG+s47H990gmvJmJ5G468A5BvQyRqExZiiXFCkr88PTLHHAjaqST17t6NGN5Gs6dK3IPG3va9Nvbb5hZZ2K0GjKG7LuljHLbSWydSRzOGtG7mS9cXm9rQ6+H4cvSDWshjBn1yCy+a8HRah1IJZd53QZrxXWo50NrvduirdScSppxkffcdd5bLanqGyl+qt9DK110RMzrecGpiVDlHeJj7yeQwEm9cMaGo0NlzQ6a/5t7IXbPhlByPjs2RsEbr3cgajv8YufvcRPI4E1tMWR+tMaowPSLl42YG2WRkJ4UAa9el1imGOxBf18LhahYnljwwti4+Voyrp1BsqLHhuC00QX/pFVNou+DfbgAkq3D+OVBteG9WObTJ; 4:RYZFTXR655N122KT8MkMVVJEdrNWXw1iyKUKs8/PLAiOLDYIInDYJD5nn5R8ioaFMrJLWvlURKmZfEYq5D7d0cnE40GJ0CKC//ZHO9tA48DTylRBaTijKEvALBMqsR3Tm1g9+3Ah1xsnKlET5l6GnnDdvZfvdFrcVotynTZTrrn/2zp0ira70Tu2ylojgp04ks2duzybB2waGFrwfaqp/HBKCNJIEvTu/gM9P7OEpVB+RPxmzr/lJNN5i9ya/6RLStO8D4FAAQE/22qcDgOeY4zsjjjTrLWpfNqwGD0FhHWze9F2PtfKNNqK+7oK6xDm X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3002001)(3231220)(944501161)(52105095)(93006095)(93001095)(10201501046)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(6072148)(201708071742011); SRVR:BY2PR12MB0146; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0146; X-Forefront-PRVS: 05954A7C45 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(39380400002)(346002)(366004)(396003)(39860400002)(199004)(189003)(53416004)(76176011)(3846002)(8676002)(81156014)(68736007)(186003)(16526019)(6116002)(8936002)(66066001)(575784001)(36756003)(53936002)(86362001)(54906003)(1076002)(47776003)(26005)(50226002)(316002)(2906002)(81166006)(25786009)(5660300001)(6486002)(478600001)(97736004)(2351001)(50466002)(6916009)(39060400002)(106356001)(7696005)(2361001)(305945005)(52116002)(105586002)(59450400001)(386003)(48376002)(2950100002)(6666003)(4326008)(51416003)(7736002)(16586007); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0146; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR12MB0146; 23:BLniQOspdT9OYe46oxzogTNvZLEYitYyqF2zDeS87?= =?us-ascii?Q?SInfFXBTDdlOQvnpfKlZlKqOKgaq0/VMUgC08C2ROCgV3vW0U36DfC0jc2eZ?= =?us-ascii?Q?HzQtfCj018HH1TVINPZfR1eMsqvdM/2qno1/N6a6HoyxCupCnXWOjOkUKwpS?= =?us-ascii?Q?M0o/CRzHyO66+IfAkf53+iNmo3i+uH6AWoZ3fxUT13B1vKHQBYRh2Z3xZ41W?= =?us-ascii?Q?0ppoUdaxSAKBmJXMJjNe2bQDVSBbA/vvDPVNM253AlZ6mpTyrBDnCVpu2G2l?= =?us-ascii?Q?MrxfZ/sIeirSLEk44VKuEJnPfT8MC0IuBhBIr1y/M8yS+mUEASTetWb3YBW4?= =?us-ascii?Q?kp8WDFRaoxpl2XnGlvjGdvq/3cTcFpdgf6hppkQUsi57Bhv70nBVmKyRv5nC?= =?us-ascii?Q?r9qN/fUSo8HQDsTt2Hm3vFlopeu8jP5GOrFTcSHKT5U68/pUZOb7Qit3DXE+?= =?us-ascii?Q?oXAGFZXlFwhN9iiBK5hiICvCDFcDZIZ0H2bzjt6ZELvkYG/nQKCtZZfB5jC5?= =?us-ascii?Q?yQp9PjULo8eGn2OGgbwV/ePiQFr9nKPzB3YcPaxKlxPTtXtqCvysx5AuMGBl?= =?us-ascii?Q?Mv4jGJ5/XY6T+wDBfTPwkiGRfS9n7cf3STtS1WHWxiRb1GzHEJwA04Vg4kiU?= =?us-ascii?Q?Dlav0fwj47VylurcujH+4l+AR60eBJHFDgNNgH2B08I3DobFi2E4J/NLwxI5?= =?us-ascii?Q?Bc4jb7+sOCj4ivTy/zICDFYmu8sldb9nZbabFuXpGq9C48nBTTfPJrIl/x/p?= =?us-ascii?Q?lokDra+Urce4O/Q01bOEZR4OXuBSgzKY3t8/UwV8+YbNkC9cQ1S8DcfbmP7c?= =?us-ascii?Q?lXFWqzZsXMbFVZsLItLtUfO+XoXcMsTcbKXZRmBy1N4TBLY/WB+S1ZBN1eEc?= =?us-ascii?Q?igqixep1LRUFAsmyl6j7MEK8JDoGx/amqFbn2r8pBjMvzyQ6jOkhIK7mpm9Z?= =?us-ascii?Q?l9fuDACZFDrCzAnEM+m3W8EqZBwSDA5k4ZpLWrbhjf2/6Wv92E1YcCPw9xqG?= =?us-ascii?Q?yztGWwfzJ2ExWNZGaPe6gL11uxHjg4Ql+Tx38UDOKU+qX3uyuBIbHu0/MpWJ?= =?us-ascii?Q?2BDEpV4Are4CuGHIvuCWKt7p/IFHWb4JRXJqKCgYBgATPEP6aXPgZyYEEVfh?= =?us-ascii?Q?wqIdMk/nGgJzacyFFeXTcjnNhQjXhoTyraE4oaAJ3rqnqpBkNYmI48fq8eIn?= =?us-ascii?Q?RO61N4VU+xnR0xzDuweZOM4dm8PfqXZuGEOTyf9dll5qG5FsFgngH2tg748J?= =?us-ascii?Q?R+RSKIh9EoTjT/M7yg=3D?= X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 6:n45kXmB9MBSkFfAUo6VZPVAlhb3LwQvYcoJRfZc9F7++ow1KHMqaemMCzrZGUU+XisgpI6aUgh7LklcNKDxuNFulHo/OYuUMBYAydQpZuuxu+tbb9yE6dU8lDQGBOFTD3ombkJ6dMDzfVnOFz11dTbI/w+XUJX8Gp4n9DPu7VAZ5QPet26FZyWinrx1wJB4Qas/zW/i5djzYBaexNwpthVFDcskrh+giQijgawwVtJ+K4Gxx+JL/X+RvAy++U4i09nrk8Bg8/zI4btyuik4KSJJqnTL3REuV8awpemlrqPehUdcXtLjE0yeDNb3IzXXIUa54S8K2iZZad/DQ8etuY8oQ9D1jbZD/YXtmLxj3qB0=; 5:AVAUpIFTpmNVHJ3j9m6rMcDzvt1Lm0eBEylXTShi8ccWcexzLkxwGGbXfb1fWyx8HVHLoiMBD83S3aAcGIsfQuOi+cPaflQubV5LIMI4sUL2P2d4nxBtZI/rL1Xdj83HyxFUYpPEgdw9R48DQNUeYzTf2CW3gQuMmqtjpKKFeJo=; 24:hM3fOMe9L8km8f5yj/giOUM/HYgQ+uO1IPsUWyxiyrL3wf6bgu8eUuUD69Fh1cE1BQd/rzFJiJUbwOE9QfQ6/qDNd0FGQ5+gtoSSa470nMU=; 7:amdsGEukymPAUsGRRP3i6c92hGpZtDhoVZomZw8CJAlFX8r6d4Ryst1yfOrLAY/tyOyO7sX1MVqrWHFhoagICAOdmogYpeKH/UUPFbfQAoButffII2Pt3ECse2zSJkRq/tUnINe0XEvtUbjwr/DE0G5bgu3rFQgsA1PlJI2IHh99E6RgrPwIz4P9JcgxuehKcIE9NwxS781v7kjEQK6g/fQoHKGH4EA0POAZiisDNkCBBcugX6G36gQpu93JZvyt SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:LUHfe9R4b2UX6WE4Ld0v4l3ryZ6ZatLCPuIDPENNms+NfgTF0PnW08XI4ZfrIIF4rNbHPzS//NU4Cdy5uBZEYRVtBvGd+oNuObKYOq082V1z5s2yQDF5y8/R04h9st935N8pm7qnj6s0Cocl/zD4d0eVS9DDU8UVpjLzjxDiN+Zp6R/5RXYS+o1WdRWX4oKvsXJfKnD7UTYyZTjFJIaG4uhgN1/7T8YIwbZIT+J70ljpbaamqUPStZiaQgUcK4xe X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2018 17:53:56.1483 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e2d7e832-4525-4c7e-6d27-08d57d41e89b X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0146 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 26 Feb 2018 17:53:59 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 26 Feb 2018 17:53:59 +0000 (UTC) for IP:'104.47.32.82' DOMAIN:'mail-sn1nam01on0082.outbound.protection.outlook.com' HELO:'NAM01-SN1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.031 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS) 104.47.32.82 mail-sn1nam01on0082.outbound.protection.outlook.com 104.47.32.82 mail-sn1nam01on0082.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.28 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Xiaogang Chen , Jon Grimm , brijesh.ksingh@gmail.com, Brijesh Singh Subject: [libvirt] [PATCH 3/4] conf: introduce sev element in domain X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Mon, 26 Feb 2018 17:54:28 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Secure Encrypted Virtualization (sev) element is used to provide the guest owners input parameters used for creating an encrypted VM using AMD SEV feature. SEV feature supports running encrypted VM under the control of KVM. Encrypted VMs have their pages (code and data) secured such that only the guest itself has access to the unencrypted version. Each encrypted VM is associated with a unique encryption key; if its data is accessed to a different entity using a different key the encrypted guests data will be incorrectly decrypted, leading to unintelligible data. QEMU >=3D 2.12 provides 'sev-guest' object which supports launching encrypt= ed VMs. A typical command line # $QEMU ... \ -machine memory-encryption=3Dsev0 \ -object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D5 \ ... Signed-off-by: Brijesh Singh --- docs/formatdomain.html.in | 71 +++++++++++++++++++++++++++++++++++++++++++ src/conf/domain_conf.c | 64 +++++++++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 18 +++++++++++ src/qemu/qemu_command.c | 77 +++++++++++++++++++++++++++++++++++++++++++= ++++ 4 files changed, 230 insertions(+) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 6fd2189cd2f4..d18e3fb1d976 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -8195,6 +8195,77 @@ qemu-kvm -net nic,model=3D? /dev/null =20

Note: DEA/TDEA is synonymous with DES/TDES.

=20 +

Secure Encrypted Virtualization (SEV)

+ +

+ The contents of the sev element is used to provide the + guest owners input used for creating an encrypted VM using the AMD + Secure Encrypted Virtualization (SEV) feature. + + SEV is an extension to the AMD-V architecture which supports running + encrypted virtual machine (VMs) under the control of KVM. Encrypted + VMs have their pages (code and data) secured such that only the gue= st + itself has access to the unencrypted version. Each encrypted VM is + associated with a unique encryption key; if its data is accessed to= a + different entity using a different key the encrypted guests data wi= ll + be incorrectly decrypted, leading to unintelligible data. +

+ 
+<domain>
+  ...
+  <sev>
+    <policy> 1 </policy>
+    <cbitpos> 47 </cbitpos>
+    <reduced-phys-bits> 5 </reduced-phys-bits>
+    <session> ... </session>
+    <dh-cert> ... </dh>
+  </sev>
+  ...
+</domain>
+
+ +

+ A least cbitpos and reduced-phys-bits must b= e nested + within the sev element. +

+
+
cbitpos
+
The cbitpos attribute provides the C-bit (aka encry= ption bit) + location in guest page table entry. The value of cbitpos is + hypervisor dependent and can be obtained through the sev element + from domaincapabilities. +
+
reduced-phys-bits
+
The reduced-phys-bits attribute provides the physic= al + address bit reducation. Similar to cbitpos the value of= + reduced-phys-bit is hypervisor dependent and can be obtained + through the sev element from domaincapabilities. +
+
policy
+
The policy attribute provides the guest policy whic= h must + be maintained by the SEV firmware. This policy is enforced by the fi= rmware + and restricts what configuration and operational commands can be per= formed + on this guest by the hypervisor. The guest policy provided during gu= est + launch is bound to the guest and cannot be changed throughout the li= fetime + of the guest. The policy is also transmitted during snapshot and mig= ration + flows and enforced on the destination platform. +
+
dh-cert
+
The dh-cert attribute provides the guest owners pub= lic + Diffie-Hellman (DH) key. The key is used to negotiate a master secret + key between the SEV firmware and guest owner. This master secret key= is + then used to establish a trusted channel between SEV firmware and gu= est + owner. The value must be encoded in base64. +
+
session
+
The session attribute provides the guest owners ses= sion + blob defined in SEV API spec. The value must be encoded in base64. +
+
+ +

Note: More information about policy bit definition, + dh and session is available in SEV API spec.

+

Example configs

=20

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index d96b012b98f0..4c9921b5dca6 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -15539,6 +15539,61 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node, return ret; } =20 +static void +virDomainSevDefFree(virDomainSevDefPtr def) +{ + VIR_FREE(def->dh_cert); + VIR_FREE(def->session); + + VIR_FREE(def); +} + +static virDomainSevDefPtr +virDomainSevDefParseXML(xmlNodePtr sevNode, + xmlXPathContextPtr ctxt) +{ + char *tmp =3D NULL; + xmlNodePtr save =3D ctxt->node; + virDomainSevDefPtr def; + unsigned long policy; + + ctxt->node =3D sevNode; + + if (VIR_ALLOC(def) < 0) + return NULL; + + if ((tmp =3D virXPathString("string(./dh-cert)", ctxt))) { + if (VIR_STRDUP(def->dh_cert, tmp) < 0) + goto error; + + VIR_FREE(tmp); + } + + if ((tmp =3D virXPathString("string(./session)", ctxt))) { + if (VIR_STRDUP(def->session, tmp) < 0) + goto error; + + VIR_FREE(tmp); + } + + if (virXPathULongHex("string(./policy)", ctxt, &policy) =3D=3D 0) { + def->policy =3D policy; + } else { + def->policy =3D -1; + } + + virXPathInt("string(./cbitpos)", ctxt, &def->cbitpos); + virXPathInt("string(./reduced-phys-bits)", ctxt, &def->reduced_phys_bi= ts); + + ctxt->node =3D save; + return def; + +error: + VIR_FREE(tmp); + virDomainSevDefFree(def); + ctxt->node =3D save; + return NULL; +} =20 static virDomainMemoryDefPtr virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt, @@ -20212,6 +20267,15 @@ virDomainDefParseXML(xmlDocPtr xml, ctxt->node =3D node; VIR_FREE(nodes); =20 + /* Check for SEV feature */ + if ((n =3D virXPathNodeSet("./sev", ctxt, &nodes)) < 0) + goto error; + + if (n) { + def->sev =3D virDomainSevDefParseXML(nodes[0], ctxt); + VIR_FREE(nodes); + } + /* analysis of memory devices */ if ((n =3D virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0) goto error; diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 368f16f3fbf9..f0f267b28f40 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -142,6 +142,9 @@ typedef virDomainPanicDef *virDomainPanicDefPtr; typedef struct _virDomainMemoryDef virDomainMemoryDef; typedef virDomainMemoryDef *virDomainMemoryDefPtr; =20 +typedef struct _virDomainSevDef virDomainSevDef; +typedef virDomainSevDef *virDomainSevDefPtr; + /* forward declarations virDomainChrSourceDef, required by * virDomainNetDef */ @@ -2289,6 +2292,18 @@ struct _virDomainKeyWrapDef { int dea; /* enum virTristateSwitch */ }; =20 +typedef struct _virDomainSevDef virDomainSevDef; +typedef virDomainSevDef *virDomainSevDefPtr; + +struct _virDomainSevDef { + char *dh_cert; + char *session; + int policy; + int cbitpos; + int reduced_phys_bits; +}; + + typedef enum { VIR_DOMAIN_IOMMU_MODEL_INTEL, =20 @@ -2454,6 +2469,9 @@ struct _virDomainDef { =20 virDomainKeyWrapDefPtr keywrap; =20 + /* SEV-specific domain */ + virDomainSevDefPtr sev; + /* Application-specific custom metadata */ xmlNodePtr metadata; =20 diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index fa0aa5d5c3d4..653bbe154332 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9663,6 +9663,80 @@ qemuBuildTPMCommandLine(virCommandPtr cmd, return 0; } =20 +static char * +qemuBuildSevCreateFile(const virDomainDef *def, const char *name, char *da= ta) +{ + char *base =3D virGetUserConfigDirectory(); + char *configDir, *configFile; + char uuidstr[VIR_UUID_STRING_BUFLEN]; + + virUUIDFormat(def->uuid, uuidstr); + + if (virAsprintf(&configDir, "%s/sev/%s", base, uuidstr) < 0) + goto error; + VIR_FREE(base); + + if (virFileMakePathWithMode(configDir, S_IRWXU) < 0) { + virReportSystemError(errno, _("cannot create config directory '%s'= "), + configDir); + goto error; + } + + if (!(configFile =3D virFileBuildPath(configDir, name, ".base64"))) + goto error; + + if (virFileRewriteStr(configFile, S_IRUSR | S_IWUSR, data) < 0) { + virReportSystemError(errno, _("failed to write data to config '%s'= "), + configFile); + goto error; + } + + return configFile; + +error: + return NULL; +} + +static int +qemuBuildSevCommandLine(virCommandPtr cmd, + const virDomainDef *def) +{ + virDomainSevDefPtr sev =3D def->sev; + virBuffer buf =3D VIR_BUFFER_INITIALIZER; + virBuffer obj =3D VIR_BUFFER_INITIALIZER; + char *dh_cert_file =3D NULL; + char *session_file =3D NULL; + + /* qemu accepts DH and session blob as file, create a temporary file */ + if (sev->dh_cert && + !(dh_cert_file =3D qemuBuildSevCreateFile(def, "dh_cert", sev->dh_= cert))) + return -1; + + if (sev->session && + !(session_file =3D qemuBuildSevCreateFile(def, "session", sev->ses= sion))) + return -1; + + virCommandAddArg(cmd, "-machine"); + virBufferAddLit(&buf, "memory-encryption=3Dsev0"); + virCommandAddArgBuffer(cmd, &buf); + + virCommandAddArg(cmd, "-object"); + virBufferAddLit(&obj, "sev-guest,id=3Dsev0"); + if (sev->policy > 0) + virBufferAsprintf(&obj, ",policy=3D0x%x", sev->policy); + virBufferAsprintf(&obj, ",cbitpos=3D%d", sev->cbitpos); + virBufferAsprintf(&obj, ",reduced-phys-bits=3D%d", sev->reduced_phys_b= its); + if (dh_cert_file) + virBufferAsprintf(&obj, ",dh-cert-file=3D%s", dh_cert_file); + if (session_file) + virBufferAsprintf(&obj, ",session-file=3D%s", session_file); + virCommandAddArgBuffer(cmd, &obj); + + VIR_DEBUG("policy=3D0x%x cbitpos=3D%d reduced_phys_bits=3D%d dh=3D%s s= ession=3D%s", + sev->policy, sev->cbitpos, sev->reduced_phys_bits, dh_cert_fi= le, + session_file); + return 0; +} =20 static int qemuBuildVMCoreInfoCommandLine(virCommandPtr cmd, @@ -10108,6 +10182,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver, if (qemuBuildVMCoreInfoCommandLine(cmd, def, qemuCaps) < 0) goto error; =20 + if (def->sev && qemuBuildSevCommandLine(cmd, def) < 0) + goto error; + if (snapshot) virCommandAddArgList(cmd, "-loadvm", snapshot->def->name, NULL); =20 --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Mon Apr 29 02:05:43 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1519671603016672.7895436122935; Mon, 26 Feb 2018 11:00:03 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3E4235D67A; Mon, 26 Feb 2018 17:54:05 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 037E060181; Mon, 26 Feb 2018 17:54:05 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0C6C218033ED; Mon, 26 Feb 2018 17:54:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w1QHs3BE031062 for ; Mon, 26 Feb 2018 12:54:03 -0500 Received: by smtp.corp.redhat.com (Postfix) id 920755E1A3; Mon, 26 Feb 2018 17:54:03 +0000 (UTC) Received: from mx1.redhat.com (ext-mx04.extmail.prod.ext.phx2.redhat.com [10.5.110.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7DCDB5C70F; Mon, 26 Feb 2018 17:54:02 +0000 (UTC) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0082.outbound.protection.outlook.com [104.47.32.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 32D627B9A9; Mon, 26 Feb 2018 17:54:01 +0000 (UTC) Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Mon, 26 Feb 2018 17:53:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/1W3XFNjXNPCxz3h60+dIqSRbY2kaGSyPXsSr39PZL8=; b=BvkBx16z5zYzc5rYkERzh0e9VPNid9TM3lvq6/894kVXgLCv/6YowAaeM1Ohfw+lgeOJSux2pTcoU9sgrSYVZUzQAZJOOzvt+fGfIEd63UzyqnuIiHvkppFcmvD58x+q7p8GtbG4aKOXHZ5bjylfqIVSUpOCU5Ho8wB76+X60vw= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Mon, 26 Feb 2018 11:53:36 -0600 Message-Id: <20180226175336.79815-5-brijesh.singh@amd.com> In-Reply-To: <20180226175336.79815-1-brijesh.singh@amd.com> References: <20180226175336.79815-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR17CA0004.namprd17.prod.outlook.com (10.173.147.14) To BY2PR12MB0146.namprd12.prod.outlook.com (10.162.82.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 1a6d8c71-1b48-4d48-4f4d-08d57d41e980 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:BY2PR12MB0146; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 3:WttHxd1FmDFOg7GgJiwL+In5Kpij4Sst8yMsmCcQGSX7calA2vSSlnyY0KbJCeaDThUK9yoF7qAvIo8x7j/ne9t+P5e4QDU29XxsGaGIl1M4ee7gTMh/zCVaFfRpUNHRhEO6Gpqe5ftzAAwzNugNG5qCps5n16VeOGqnRjssoojKwplEQol9/oTJOFBB0niNXR0l6K3d4tJ4xONQDBBLSNHZ6l4xr9JXqyZw6WaSFFPYsXRSjPIwEu0t1RMkP5zk; 25:R/d1lNnzxRwDQChU/UXTl6vBzCrlYBMXC48uMZPTdb5FxhMstUmDeFK4FS0urrHX85O6b25U1gMTtXGrX91iV5wOHXXL9b3VYXHhuWXHNkPKjQNm8wdbPJmWQGNKe5bQ/aB9NerjxvBx/h5hket/W60HtUSPeg7Zvcpu26znwmkTKF20wF7UK+aFoLFhYgMB4RYu8KWfTXWGF2ZfDlcCIuQXyKi8r4syD2Z7hmj7hw6o9PmtRF69EuA5jwH18uGXfUPI8mj4y8uv0WQHvbZ26E8yzL23NW8pI6ikhNOIkakVBD1H50mYiktut7vUIYpDKWfOUV1K0u4180GYJlkbDQ==; 31:5aUqNLdjkoP93njNlSBNshYurQqilcZXSaxmsIAsr8nt+8bn5y9BUL/cZW4EZsKeWe4nr8WYiqmX46Vw7/cSLOJkQNcUON/0wrInqmkROCQl5ojdWhif4OfgGu5GQSgBkBbgHyaUk4eGTLO8xIxEm1MbFSyD4HpzEFe0hRgQ8uDOUlX5DYXK+NrXew6b89UXPLU+iym9VfSvWQmBV2r1G6cBDW+HqjbTcNrWyndUah0= X-MS-TrafficTypeDiagnostic: BY2PR12MB0146: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:SOFf9fhaT57molnFxEG1EWljFGGgCRleCXJcLeu41IFcrNJ5Vy+a8USJ2U8k9R+aRKDp//Bs+0ekaJTYROKDK/Ql7yKa+aJjFsVnHd6B/fEmalFTxuA3mlBjny8zHSYDrVSa5G2D78QiW1/KhSFCEleGGBG8E3QPF4+f/UsFn2koh+CvVzkQKR5py2ZDaD6VjkkfkA7lKMupDVjOyjjNluzJ0cF6GBTXW8rsmUvrGgn/5e4tU2J5SasIdwUhZ126VQ9VY9oxs6KMk3SbCu+gzoRhObBrgg2XFlCZh5pConUK5HgincDaWahG7PEwdBvJQzoXKUTj9avHyPyt1jdi6NkFF6d83hoT8ffxgXAHE+UXFMU0lZQIS+8+HLnEJoECr+QltO74rcD/D1EmJetgDxF5ZWU7Lk4FkpbIiUI0SQFlFDsLK6TYn4KuVouYYd9zGAlaqbCj/yuJpt42BLEy/wGLkVtVXmD561lnkgR+y1U2QkxE2jWlPzETL9p0mQ6z; 4:hVsQeMEoYL3wFl9XqtpncQ1TTisi7iMRvUfUbshlvtzz4JOmI1FgnUasTzhy8ISKyYgTRZCKoDWnUB4QA8c06rV3dBbUmu/nJDaZbVMfC4NT5Xt5i6Q2uTRxFmOiKfFEkTahmVhyGZ+TZ67VZQ3ZxO7KAOc8J+3omoEwiAjRiezewqPmV3nV9yLirwHUbAbxaIYnAD1gs7DRT3RcZnbswTrukJ+GMOp+LXocB0FkAKkLEw5QsOJ308tMxalfhH8jnQIKIXRg9OMGY7Z/peA9uDuWQzb5ydM9DtF+rJcES+fpZ0QRbkrCDERmhFJ40Uqa X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3002001)(3231220)(944501161)(52105095)(93006095)(93001095)(10201501046)(6055026)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(6072148)(201708071742011); SRVR:BY2PR12MB0146; BCL:0; PCL:0; RULEID:; SRVR:BY2PR12MB0146; X-Forefront-PRVS: 05954A7C45 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6029001)(376002)(39380400002)(346002)(366004)(396003)(39860400002)(199004)(189003)(53416004)(76176011)(3846002)(8676002)(81156014)(68736007)(186003)(16526019)(6116002)(8936002)(66066001)(575784001)(36756003)(53936002)(86362001)(54906003)(1076002)(47776003)(26005)(50226002)(316002)(2906002)(81166006)(25786009)(5660300001)(6486002)(478600001)(97736004)(2351001)(50466002)(6916009)(39060400002)(106356001)(7696005)(2361001)(305945005)(52116002)(105586002)(59450400001)(386003)(48376002)(2950100002)(6666003)(4326008)(51416003)(7736002)(16586007); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0146; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR12MB0146; 23:g48LH2bT4a2Yjp9HRRnIhWRelo0FKvhA5jV1fJKWn?= =?us-ascii?Q?45C8Q+mnUVjllWPMd++SxPPOQ+g/mtN98XnmstoSHMItfJHBDdUgoAEgSpFg?= =?us-ascii?Q?fSagQYOBjX9PHKss1jBTyWwZvD3HK2LB88ih3rgSaFZIFLc28Si4sOyx1Nzf?= =?us-ascii?Q?4th3k1VBQfw0Ymj+qggzQIpEMQ6tCd9mD7J2ekPXsRdyIH5aMvS4EN1fFwTp?= =?us-ascii?Q?6a6SyL8prVZb8JCSnwzxgXqF6wI2vQhw5CzQBwYzksHkbYkpn0xch49aqutd?= =?us-ascii?Q?0UXNObx5J+NVV0B5cg/V7JV2m98nYx/zPMQ1RRXslDdLjNtonN5/ZOUkWztw?= =?us-ascii?Q?upz26UnaBPd63vxjwgjZxMGLzSV79k5tUnDrNObTaB/2aDBgSR2bEJLxBD+U?= =?us-ascii?Q?og/8Yy1s4+YwpPXOV0j82/lCaZGnnibmG4MdPnH4bNy9SBgpIjRQLSwdUBh5?= =?us-ascii?Q?8mNGGYRhl1Jlze1Hg2jn2gG4+50K6bfmA5iqAMTkpJVQAbD+ouJdlRzVE3Mm?= =?us-ascii?Q?lDKwzQildLtV6ptxLwRpiN8b2Ek4y19lmi1JQ8ubnnWty6Q3HjPJRiy4bCuO?= =?us-ascii?Q?WiQFxU+jChngWGxqHshgqwRmRZolQ6UltFqhQ5XDPvUg3FLUSGBCKeph36yH?= =?us-ascii?Q?pKMBcyYoFobBuo10OoRL/o+lbY2T9RWDjjg/erN1HUlsGDoxV0vUMMDCBlvu?= =?us-ascii?Q?9QHeI/Cs5kqmjCegP+/oPZAzSZTjtAyjwmRqeVZrMQh6l01qPn3wDve1+bX9?= =?us-ascii?Q?w5bkj0bbyjfRTH/iVQg8SIWhfyJ8HNfUpHPt9KT2ioMq5qYyJh4bQy6yIcRu?= =?us-ascii?Q?FDQJcLW506bQJRjp63SW9LSPzNO65revT6yMma/95BV0Zu3YmmSYiKLnOWSa?= =?us-ascii?Q?TWP1f23Qwe++FDF/AaUzvnOKle1i67BwyLIlV/jAHi6NGAyf/9P2yPH1t65/?= =?us-ascii?Q?hYGOr0JDu/JphRqS0W428bxL1mxgdcz+OpPtputRh4gc5uoSZFXX4Va0G+Ns?= =?us-ascii?Q?KaEmqcMRC7er+2nuCVnISbGEtrZyv0TAXJy9RKZMeJjsY7JCNAZcV2euq2Nn?= =?us-ascii?Q?M/pkrSIww4Rt8wjQPtGxWhfFqW3OprIVbPvBi8G+yWNnhCaBA8/tqA9ijaWC?= =?us-ascii?Q?ZMWkox/ZJwkwj7kZYWNsVrewhkMAhtjJ9mki/KqJZtWjcrUbvcHcvFhysuqL?= =?us-ascii?Q?6Tb2mZaLniFd96u6uaAY7AYManTbuDhP7eCHGmCCmRt18tDE0C/QKd9WOsXU?= =?us-ascii?Q?i8YafQpTEj4aFUebvAixHsBGBUQweDp++StE8Dk?= X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 6:UabQ0qqTD8c0Wtj7E3kuYxvg3XvK1n4QEc+T5dZwNIC4b0fKDI3GyYw/BbwOZrCHUSwU6YHeZCC1dEPl4A+MvZssDucyVwIRhWPR9cpeQZJ0MQ7qP8WiJ25eR4JYSSkfhM6/4k4f3/Vjzmu+lAfEo3WaajFlS/eJdmqBBv9ygbPTKd7+tp82oddXKXH7WDztGsZuE/ARw4EvGW6lPvKiw5xKODSQHmWgS0wSzWZdv9WJ9VOadIOjRzlFBYavXpr3rgtDQyXvfv/I+HGeTqZKRaeROlEj6yDNMSAULuayQAvnQQIMKnuQmG3+3japBXoNJXiJRd6xm0N28cYjRyApxSYawLMh3/1XfAAA1pvWmko=; 5:5BKU3sDBSPWGh4AZB2A/K8K6UhAd4cw5wLileg47M/frqZj32jc/GYePcLv7i22S+DatpXA8eo4rTybr9Cyf5IWsnMdrq/rTTit1yAPW6wF2CRzizuHCz70zsXIxyGAtCJt4ejs0ljZoWjzq3G4bSoBClU8Sxlkyc/mwuEpKv/c=; 24:fktBQenZZnpi98nfgsEA+aBvV3FQVQPnOhbLPFMWxLj9ewM1NeE7IurKh9d1S6FOSBGwemEUJ50gcppDFIANbheUAu/bmN1RCaEa1Yl2Jss=; 7:KRvVpWW5fPGJD06kd3zw99Pl6/txHFPAIPm4A1WIuU+ilhvq2P7mtWMdX0RueHzukXq3OB431Cg1uDQ90Bmxf8qy4Oox5dtl7WsCLgoAUztzrVWhSp6xilEL/kpOoi0VRlHrobuo4TSV9MV2oQrXNNytwWPN6YZ/pwYrNbah9yBCJor7u7FnpWd0SeLiYyJYMtI7/QnAJ1D9wA1Y+LDS1kroKKyBd/5FqX4RwUUUye4MHanikEG4Je1gvoRXkW0I SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0146; 20:2/6TmHgri34GlirBpqNad0uG51HrauKpu1khKa5l1L4NC9lFP5p6z8w5ajfRdrGru7y1nHI4QPfRIteoqM6q3c9jYR1uTOg6tIlsrGt+6MCg+FFjgU4lKI5F8IIdjC7ucDyhCDQsTQlRTvuUFQmcYwa2oJQBAoz8yIdf+/jlSZaaRyYdFI3ZuNvN472+7UD8qi+dxtHzO5twgA9AbfwdE3wMMWCCNc0NucXjCzTgbraHIXEyBNwnPH0JC81VZdt6 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2018 17:53:57.6170 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1a6d8c71-1b48-4d48-4f4d-08d57d41e980 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0146 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 26 Feb 2018 17:54:01 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Mon, 26 Feb 2018 17:54:01 +0000 (UTC) for IP:'104.47.32.82' DOMAIN:'mail-sn1nam01on0082.outbound.protection.outlook.com' HELO:'NAM01-SN1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.031 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS) 104.47.32.82 mail-sn1nam01on0082.outbound.protection.outlook.com 104.47.32.82 mail-sn1nam01on0082.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.28 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Xiaogang Chen , Jon Grimm , brijesh.ksingh@gmail.com, Brijesh Singh Subject: [libvirt] [PATCH 4/4] libvirt-domain: add new virDomainGetSevVmMeasurement() API X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Mon, 26 Feb 2018 17:54:05 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The virDomainGetSevVmMeasurement() can be used to retrieve the measurement of encrypted VM launched using AMD SEV feature. The measurement is a signature of the memory contents that can be sent to the guest owner as an attestation that the memory was encrypted correctly by the firmware before booting the guest. Signed-off-by: Xiaogang Chen Signed-off-by: Brijesh Singh --- include/libvirt/libvirt-domain.h | 4 +++ src/driver-hypervisor.h | 4 +++ src/libvirt-domain.c | 41 +++++++++++++++++++++++++++++ src/libvirt_public.syms | 1 + src/qemu/qemu_driver.c | 57 ++++++++++++++++++++++++++++++++++++= ++++ src/qemu/qemu_monitor.c | 8 ++++++ src/qemu/qemu_monitor.h | 3 +++ src/qemu/qemu_monitor_json.c | 33 +++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 2 ++ src/remote/remote_driver.c | 3 ++- src/remote/remote_protocol.x | 17 +++++++++++- 11 files changed, 171 insertions(+), 2 deletions(-) diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-dom= ain.h index 4048acf38aaf..c0bcfea4723c 100644 --- a/include/libvirt/libvirt-domain.h +++ b/include/libvirt/libvirt-domain.h @@ -4756,4 +4756,8 @@ int virDomainSetLifecycleAction(virDomainPtr domain, unsigned int action, unsigned int flags); =20 +char * +virDomainGetSevVmMeasurement(virDomainPtr domain, + unsigned int flags); + #endif /* __VIR_LIBVIRT_DOMAIN_H__ */ diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h index ce0e2b252552..73edcd8f059f 100644 --- a/src/driver-hypervisor.h +++ b/src/driver-hypervisor.h @@ -1283,6 +1283,9 @@ typedef int unsigned int action, unsigned int flags); =20 +typedef char * +(*virDrvDomainGetSevVmMeasurement)(virDomainPtr dommain, + unsigned int flags); =20 typedef struct _virHypervisorDriver virHypervisorDriver; typedef virHypervisorDriver *virHypervisorDriverPtr; @@ -1528,6 +1531,7 @@ struct _virHypervisorDriver { virDrvDomainSetVcpu domainSetVcpu; virDrvDomainSetBlockThreshold domainSetBlockThreshold; virDrvDomainSetLifecycleAction domainSetLifecycleAction; + virDrvDomainGetSevVmMeasurement domainGetSevVmMeasurement; }; =20 =20 diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index eaec0979ad49..f285a3121548 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -12095,3 +12095,44 @@ int virDomainSetLifecycleAction(virDomainPtr domai= n, virDispatchError(domain->conn); return -1; } + +/** + * virDomainGetSevVmMeasurement: + * @domain: pointer to domain object + * @flags: currently unused, pass 0 + * + * Get launch measurement of SEV guest VM + * + * Returns a measurement string, or NULL in case of error. + */ +char * +virDomainGetSevVmMeasurement(virDomainPtr domain, + unsigned int flags) +{ + virConnectPtr conn; + VIR_DOMAIN_DEBUG(domain, "flags=3D0x%x", flags); + + virResetLastError(); + + virCheckDomainReturn(domain, NULL); + conn =3D domain->conn; + + virCheckReadOnlyGoto(conn->flags, error); + + if (conn->driver->domainGetSevVmMeasurement) { + char *ret; + + ret =3D conn->driver->domainGetSevVmMeasurement(domain, + flags); + if (!ret) + goto error; + + return ret; + } + + virReportUnsupportedError(); + +error: + virDispatchError(domain->conn); + return NULL; +} diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index 95df3a0dbc7b..6e956d965a26 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -783,6 +783,7 @@ LIBVIRT_3.9.0 { LIBVIRT_4.1.0 { global: virStoragePoolLookupByTargetPath; + virDomainGetSevVmMeasurement; } LIBVIRT_3.9.0; =20 # .... define new API here using predicted next version number .... diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 313d730c791f..852d1f0fd2f7 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -21254,6 +21254,62 @@ qemuDomainSetLifecycleAction(virDomainPtr dom, return ret; } =20 +static char * +qemuDomainGetSevVmMeasurement(virDomainPtr dom, + unsigned int flags) +{ + virQEMUDriverPtr driver =3D dom->conn->privateData; + virDomainObjPtr vm; + char *ret =3D NULL, *tmp; + + virCheckFlags(0, NULL); + + if (!(vm =3D qemuDomObjFromDomain(dom))) + goto cleanup; + + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0) + goto cleanup; + + if (!virDomainObjIsActive(vm)) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("domain is not running")); + goto endjob; + } + + if (virDomainGetSevVmMeasurementEnsureACL(dom->conn, vm->def) < 0){ + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("get sev vm measurement is not allowed")); + goto cleanup; + } + + if (vm->def->sev) { + goto endjob; + virReportError(VIR_ERR_INTERNAL_ERROR, + _("domain is not SEV guest")); + } + + if (qemuDomainObjEnterMonitorAsync(driver, vm, QEMU_ASYNC_JOB_NONE) < = 0) + goto endjob; + + VIR_DEBUG("query sev launch measurement"); + if(!(tmp =3D qemuMonitorGetSevMeasurement(QEMU_DOMAIN_PRIVATE(vm)->mon= ))){ + virReportError(VIR_ERR_INTERNAL_ERROR, + _("failed to get measurement")); + goto endjob; + } + + if (qemuDomainObjExitMonitor(driver, vm) < 0) + goto endjob; + + ret =3D tmp; + + endjob: + qemuDomainObjEndJob(driver, vm); + + cleanup: + virDomainObjEndAPI(&vm); + return ret; +} =20 static virHypervisorDriver qemuHypervisorDriver =3D { .name =3D QEMU_DRIVER_NAME, @@ -21474,6 +21530,7 @@ static virHypervisorDriver qemuHypervisorDriver =3D= { .domainSetVcpu =3D qemuDomainSetVcpu, /* 3.1.0 */ .domainSetBlockThreshold =3D qemuDomainSetBlockThreshold, /* 3.2.0 */ .domainSetLifecycleAction =3D qemuDomainSetLifecycleAction, /* 3.9.0 */ + .domainGetSevVmMeasurement =3D qemuDomainGetSevVmMeasurement, /* 4.2.0= */ }; =20 =20 diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 195248c88ae1..e3dd078e4e73 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -4400,3 +4400,11 @@ qemuMonitorSetWatchdogAction(qemuMonitorPtr mon, =20 return qemuMonitorJSONSetWatchdogAction(mon, action); } + +char * +qemuMonitorGetSevMeasurement(qemuMonitorPtr mon) +{ + QEMU_CHECK_MONITOR_NULL(mon); + + return qemuMonitorJSONGetSevMeasurement(mon); +} diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index 1b2513650c58..dd0821178c47 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -1176,4 +1176,7 @@ virJSONValuePtr qemuMonitorQueryNamedBlockNodes(qemuM= onitorPtr mon); =20 int qemuMonitorSetWatchdogAction(qemuMonitorPtr mon, const char *action); +char * +qemuMonitorGetSevMeasurement(qemuMonitorPtr mon); + #endif /* QEMU_MONITOR_H */ diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 4424abfa7148..1d7f0e7c168e 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -7974,3 +7974,36 @@ qemuMonitorJSONSetWatchdogAction(qemuMonitorPtr mon, virJSONValueFree(reply); return ret; } + +char * +qemuMonitorJSONGetSevMeasurement(qemuMonitorPtr mon) +{ + const char *tmp; + char *measurement =3D NULL; + virJSONValuePtr cmd; + virJSONValuePtr reply =3D NULL; + virJSONValuePtr data; + + if (!(cmd =3D qemuMonitorJSONMakeCommand("query-sev-launch-measure", N= ULL))) + return NULL; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + goto cleanup; + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + goto cleanup; + + data =3D virJSONValueObjectGetObject(reply, "return"); + + if (!(tmp =3D virJSONValueObjectGetString(data, "data"))) + goto cleanup; + + if (VIR_STRDUP(measurement, tmp) < 0){ + goto cleanup; + } + +cleanup: + virJSONValueFree(cmd); + virJSONValueFree(reply); + return measurement; +} diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index 305f789902e9..b03b35ae0e8b 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -342,6 +342,8 @@ int qemuMonitorJSONGetBlockIoThrottle(qemuMonitorPtr mo= n, =20 int qemuMonitorJSONSystemWakeup(qemuMonitorPtr mon); =20 +char * qemuMonitorJSONGetSevMeasurement(qemuMonitorPtr mon); + int qemuMonitorJSONGetVersion(qemuMonitorPtr mon, int *major, int *minor, diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 9ea726dc45c0..080d244db156 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -8497,7 +8497,8 @@ static virHypervisorDriver hypervisor_driver =3D { .domainSetGuestVcpus =3D remoteDomainSetGuestVcpus, /* 2.0.0 */ .domainSetVcpu =3D remoteDomainSetVcpu, /* 3.1.0 */ .domainSetBlockThreshold =3D remoteDomainSetBlockThreshold, /* 3.2.0 */ - .domainSetLifecycleAction =3D remoteDomainSetLifecycleAction /* 3.9.0 = */ + .domainSetLifecycleAction =3D remoteDomainSetLifecycleAction, /* 3.9.0= */ + .domainGetSevVmMeasurement =3D remoteDomainGetSevVmMeasurement /* 4.2.= 0 */ }; =20 static virNetworkDriver network_driver =3D { diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 9dbd497b2fff..227ee8345683 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -3448,6 +3448,15 @@ struct remote_domain_set_lifecycle_action_args { unsigned int flags; }; =20 +struct remote_domain_get_sev_vm_measurement_args { + remote_nonnull_domain dom; + unsigned int flags; +}; + +struct remote_domain_get_sev_vm_measurement_ret { + remote_nonnull_string sev_measurement; +}; + /*----- Protocol. -----*/ =20 /* Define the program number, protocol version and procedure numbers here.= */ @@ -6135,5 +6144,11 @@ enum remote_procedure { * @priority: high * @acl: storage_pool:getattr */ - REMOTE_PROC_STORAGE_POOL_LOOKUP_BY_TARGET_PATH =3D 391 + REMOTE_PROC_STORAGE_POOL_LOOKUP_BY_TARGET_PATH =3D 391, + + /** + * @generate: both + * @acl: domain:read + */ + REMOTE_PROC_DOMAIN_GET_SEV_VM_MEASUREMENT =3D 392 }; --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list