From nobody Thu May  2 22:35:13 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527110374150616.5777592483967;
 Wed, 23 May 2018 14:19:34 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 570FBABB20;
	Wed, 23 May 2018 21:19:26 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 1F1D010694C0;
	Wed, 23 May 2018 21:19:26 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id C9A3E4CA83;
	Wed, 23 May 2018 21:19:25 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4NLJAeT028743 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 23 May 2018 17:19:10 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id B5BD11062241; Wed, 23 May 2018 21:19:10 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx10.extmail.prod.ext.phx2.redhat.com
	[10.5.110.39])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 716F4106223E;
	Wed, 23 May 2018 21:19:08 +0000 (UTC)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com
	(mail-sn1nam01on0058.outbound.protection.outlook.com [104.47.32.58])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 4D11113A526;
	Wed, 23 May 2018 21:19:06 +0000 (UTC)
Received: from wsp141597wss.amd.com (165.204.78.1) by
	BL0PR12MB2449.namprd12.prod.outlook.com (2603:10b6:207:4d::31) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.797.11; Wed, 23 May 2018 21:18:56 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=SjpTiH1mLEw/nvA5TKvjTOL2DaU/iu2CKrG1N/AfMAg=;
	b=s5gaUXBmqDZOyQd+ds2XJ0cS/YK5j0Wb6fLrI6nW4r151Kt/pSvwEHQ5TqgHdSnA+t779pr4e7zKHc3hep9svkWj80J1eJHu7h23A6EWqGod0+i/V+YIGz+GHeIH48LWNtC6zmv3v15m/2t4eR5IxcSQMZzANGN7AJlD84/o/6E=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: libvir-list@redhat.com
Date: Wed, 23 May 2018 16:18:26 -0500
Message-Id: <20180523211834.15817-2-brijesh.singh@amd.com>
In-Reply-To: <20180523211834.15817-1-brijesh.singh@amd.com>
References: <20180523211834.15817-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: SN2PR01CA0050.prod.exchangelabs.com (2603:10b6:800::18) To
	BL0PR12MB2449.namprd12.prod.outlook.com
	(2603:10b6:207:4d::31)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);
	SRVR:BL0PR12MB2449;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	3:50aax/bc2swWGOIORim8GjbLC7JLiMBPlyJPRzEKlxYKufxZiE8wuI3c4mabg2HAGwJxJy5IXKCPjIaLCqHaF04nNyim8WRJZflOoiuwXbliYEyGSpGpgiUBsZ2vfjxocd5gY0Pj4ChqBitEHNYHw9agSXdL+AXKFPvt/QD/Vs/f7iOcQH6M5eWUTf213mYceE7JSPLknP3dSYCttTOoTjRhM0YrPi/S4rkmpv1NPrWsYHpRX27WHc0PwhvcSxVy;
	25:wHlmkuEzVj6wR/SaRyFNVHeO5v7G7907RgZFIlyVxCfH8L5F9CklIG4Ow+G1QyA2/L9CWpmsggRiMyJPQeCVGy1EeEmIBOkkWINTKbFOJyQxjD6Pkr3oWT6njOQykoZn4VGwqMsIhKrZEMUrWz/twsr4tokiV3pzv5Vg1LxZAo5FEBj3Ww5y+zSasIKDz+CfD8DAzNA/ROYNGfeeiRMXZWH0FE9QHAFquvKqfrHuoVqnlOM8xmI8e2UUMWSqKVhYUEJMTFtVwGNduhhAStPs6dNBdnDmii4aKKiTlZHLfUnSgJ32FHkxxw5EinnpAt+5goIUuj/hUl1hQ0aztuRWOQ==;
	31:mAKuvg4IByNZx7npvcacYcbWFPlsgqilg06gg9CZYdIWOlKwhJ38ZoAOLh+ixEsMWIE/MYuHnpvqgtxMRNyJGc3W1JgSu+P8vtmlZNSg4pVHW2ZiKxEY3zOaRpder2CQQjWuKcvW0gxDuGrbxUuB/MKdg0K2KLPeeyzj4Z5fxFJfMq0bcyThhZ5jrcPj1wCxBvgj6sfnlNTkxhdtXl082cth12xf5CjCYdt/l39W3pM=
X-MS-TrafficTypeDiagnostic: BL0PR12MB2449:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	20:prBkO/IhOjObMWLpdkWEsHryY4K/JtSTdkn7jF/sPJ60nUVO4liYB3UL7E5hC9FEYopPk4nyfCxEM84It/+oraybyIaquvWQfH8gVl7XgJjEuO9ybEstgtSDlJWbtQS6/Ym3LD3B9po5QBTRC/LwpcJ/13DMdBdk8urvU3ytHpPytnJCcaTsvvxjreC0gSA8slb1o6dCjwh7rwlClhLNyyp/XoH9SEkU85aqRczrcFHzNLhgeSPnU3mgfaKykF7hWJQmeX4lz/ATdWYuGuS/r/u9KQbLfFIsGnPMuGrQJOFG2E8J6JN4SdD5onHFxLk49qJcYWAAoEGwIVyBL6EUO2p9wzotlnBWJqBlYmCqQM96RLoKrpX1H6pgnAnlR0mcIaPpKA9CJ2D3aX9lOv1rFDjTl8zeKgFFxAc8q4HAtLyoRTfyRJ9CIg5ei1PtP0JKXAxiqOMZw68BfPU+h+ckgXuiW87yU3c7FmQ7dvNuC9YDkKkuaUoXvcz7fPgCwX9Y;
	4:GZXq1a7r2McqLk5koYwhMosn64JP07qE0J48DRpa9Wqi6fB5D6jzL9RHGVQitqZGDQXNATN0NnuliGrm5k8wEQ07gk29pRUSbwl8o0NZ6Ye1W/fa9XxZfU1KCxRBP8i14+XBNL4aBHjamqoZbZxeyQs0/Yf1QSse+3UhoKL3rO9uvUNcReM47td7S4DPrUI8rX413yE+Cuu1ZifjUycg6D4IBJ+R9ehe2wN8Km5SNrtOBSvqLFlhZRe3F3Srx2XVDANQVBSpJ/ua1p+SahXudxbpMpW+/g7FP9Bq4Pz9iQE4z8HbI5tkNJuFS/HD4AmE
X-Microsoft-Antispam-PRVS: 
 <BL0PR12MB244957A0B021D49CAE6531C7E56B0@BL0PR12MB2449.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(767451399110);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011)(7699016);
	SRVR:BL0PR12MB2449; BCL:0; PCL:0; RULEID:; SRVR:BL0PR12MB2449;
X-Forefront-PRVS: 06818431B9
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(346002)(376002)(396003)(366004)(39380400002)(39860400002)(199004)(189003)(956004)(6116002)(53936002)(1076002)(3846002)(4326008)(2616005)(36756003)(446003)(97736004)(11346002)(5660300001)(66066001)(16526019)(47776003)(186003)(6916009)(6666003)(44832011)(6486002)(86362001)(575784001)(16586007)(2351001)(26005)(478600001)(59450400001)(2906002)(76176011)(2361001)(51416003)(68736007)(50466002)(25786009)(476003)(52116002)(7696005)(54906003)(48376002)(7736002)(305945005)(106356001)(386003)(316002)(53416004)(486006)(81166006)(81156014)(8676002)(105586002)(50226002)(8936002);
	DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR12MB2449;
	H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en;
	PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BL0PR12MB2449;
	23:Z9wCwlP6Lxn89x/YT3WpYSzqFS+4nr7DZtSay+6ms?=
	=?us-ascii?Q?gm8XG3zqPHZmm4+kq4EvBsQ+I3xthzIPsUR1+zPtyVzGwUZisvL2T/FOuVAQ?=
	=?us-ascii?Q?PBv7Jb8n8dlRo5NusETDUz6tHb+1rmlEUnX8s370jPEVd9EwzYKFQ3WZZfuV?=
	=?us-ascii?Q?Pn37fHI18ZNnRRAx3a/C7TblR+qLaAE9dUbRpfL9DsrS8Pq6W3WRf9AwQgxo?=
	=?us-ascii?Q?uebkQHPaWxHUY7pMM65VYUR7st3NKWJJZ3n6OVKRIppYFNWpRbBQwR8uPuew?=
	=?us-ascii?Q?twJWAchguXRoozBCppBFkkQbnzMIlI+aI9aU2/a0XvL+YfkTFRSs27gNdGYk?=
	=?us-ascii?Q?GX9mtYMMCSr4R7RvmbfKJQGmiJYteeEpJSW65rKC454r3ad3wnUBnbZ5M6Rs?=
	=?us-ascii?Q?dpvav0mu4DaTGCiAIBZGAMkMHb9TnscHLIoj+/UKHRVf/un8HkW/nzulrcQ1?=
	=?us-ascii?Q?k6lWPms6U0ZbQOfkiTWQEzXEWUwtudMx2HAatXdn+ygHz3N0mKDLgKl3PWmF?=
	=?us-ascii?Q?zbFIkEEDfWeNrE95/0xN4Di7QChrsi4Ip9sT1FMSEdMAwHpj+1Axweu+1x2S?=
	=?us-ascii?Q?RYtxWbgZRFXgek24pIlScT71KTvUVyg3KM6oMGuGtSlGBUZiiCpDYbsj6R6T?=
	=?us-ascii?Q?w9X/iBOT/WONOx4Bcwbd/u/3D9NPwbmF8/7ZS32w6W0TErZPOWl+Zti/BHjk?=
	=?us-ascii?Q?gqHPwakc1DugoFZQEuoEHSgpMYIoeDqAB8/DBHYcuYqhxTMbXjt6lVNyxKux?=
	=?us-ascii?Q?jtxxtXEFA7z9/WLgktu/bQxFiqruRmVhwXHXIN2/ykJyoxVa02P8dhvhVCSR?=
	=?us-ascii?Q?ORhQ7bJot1f1IifedWiNU4bG+6854geDiVq3+ey5ALOK1NwMEYhl462pdc5I?=
	=?us-ascii?Q?cjeFLCUS4Naz/dBONmGotRTqL0OF1Fai1+7NQ6PWn5R88wefzhGBqOPs9vOv?=
	=?us-ascii?Q?AEE35RXHrNf7O78W1+BzZZHcte7DANM5PRgz9EkjPNafWaSft0ue6vkM2w7I?=
	=?us-ascii?Q?8sXDXxMFThDFm/NdwHCXMIKe406G5V1JzfLXhaFNON1/2BYltp65b9uqQQOI?=
	=?us-ascii?Q?C847nrbX0H+M0G4j7KMSKbDZKhkiH7NRcvS7sTci18lHl1eHshkTwCDOMhxc?=
	=?us-ascii?Q?vRj8gn86S9uf18t0ZZxSEpLWL9ErWNljvUnEQFwUOnY5R5hn65+joUwFzssm?=
	=?us-ascii?Q?EDWgEYSZnodcGVSR1q7lA/RCgHeH/3RtCSFZWGsomvYsdoSJxLYn0Lgyash1?=
	=?us-ascii?Q?Qy0e/m0/Pykz3dvRryetmm3qf1t/fWzZGmfbMLskRDQ50BkXSr4EMT0CVFr0?=
	=?us-ascii?Q?MyCYUBQ1La10YKRjXxtc/pl7DWJGcS7dlaJQYE7QThG?=
X-Microsoft-Antispam-Message-Info: 
 3u5rH2f53lNeIyOc1+2wGWrIbXWjWb0LNoMLOqrNev71+zSBP3F16oRsmckTcuvXB+JJj4LIeKIKwtKYMx72I8Q+VpD1C6zULI5GByF0wePH7CfXYcyoPV0eDxEQ2QybKJ9v+7UQJHVflkAtNQ5P726LZOSQBfJFTaCmFL+Cr+RfJRl84Cc/4z0CvmUObfB+
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	6:0HB3stz3K888AYguQ+S9wFfPEaxVgBZifcKi3VspwwOZtzh4COpUvZonpViZ3JC52mXYvao//JNx4Ooi9/rJbUaK2xxo5Xeyb61bv5hYx2eP8anvR8+8/hbV7QXKZNH+99dbLE6zdUJswkpiNl0Zcqe8dH4sEZa0JJFnajvbBS0SSoWQ+MLZpZVTEcQ4IB7cVPeyX3MRtHmt2RVro+Dn34nukiT17tL/zRNxCBZG1/bnHNzW2fORUX5tN2285W1ZjAo5wBQfr7xnfIoZconHo8vzlPPYtStaZ+imIYBbqOI3xMZGYYPtsjuZ+IxcDs/WlQ+5MuKaEG/PWHOXDv0oB8cBf+9FffE6Ab//5kvfsul5spCQ+i9GHLxcIBZejCWHOmte6Ix6sWkq0ayw5IChawfH3U3thIIFLVcwv7uDfcwvJVXC/GU1gVVLQtPVGWIE1J2WOU0hcf8msQDKkqiUbQ==;
	5:4LRUH1+vczkZke5FvQLSx9+6YAY9EBsTnG0MgSXU/2TfCidV9CZ2UR3r5pW+iCmyhqd13rWi0LV2WHaEauJoYGE9VrKHCb9CNbLSZFklfjGg1+fNngY6BMx6YCm6yhMY72s2Lir9Mo3WoNEJca3H5TofvXE6bulA4jTrW88L2DA=;
	24:QkJGcVmJV5ypt4ErPRm0qzrVYBaankHZdVvsLyJ9QTv3DxF1Iys9YJ+aq6aYv7Ddo1k1zC+EYB7IJlDF+Rfv+LLNZ/I4hVXdxVfKqTNfWhY=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	7:gdTEQ1OJdCMY/MNUBAOAQO0W+pSA4G2PGA5+oLDronTR3/S4VLesUvsVpsiciysXMIueBhqNLTO5hxwiwqNnp4tuy+wsArEoI4UgGG413NOUDg2Uqm8oRH2VKNi+JDPsR7QZ1QLW+Fb9XSJM3xEXoxnwiq53MZ5EOiylmRpu8aXd5oI1NQjc0hewLkpUuy0a/o3Byw9PQRDwY1Jppm81HIfnD/g/Vy/+HdCvL4AcP0iKyrlp7I90hXnyd0hvxF/E;
	20:mFExJjdZG2G6ilU8XIWJ0yHc4ZhHcEHStqz4JIuH6XDiQQ48O5s/1xSG9ZadqYOcmr9dIWYP1YUQEBOfwTS1DX2kSxIoI5pfm3Ytq3qNCuYj10KLFqyeMYORuVN3R+ijfMHF/R6jNFopuCMFHhENsib2fumwu20tOQpUwOks1fdM8cpwD+PGd5DDPS6IOnoeXXCfM0IEWADoFzNdKXdeDJIZwvk84flBT/6VFVC1pV5P2SaoXJAUr+T+sXQ3lZc6
X-MS-Office365-Filtering-Correlation-Id: 913b1ee5-039b-46fe-566a-08d5c0f2cb42
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2018 21:18:56.0669 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 913b1ee5-039b-46fe-566a-08d5c0f2cb42
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2449
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.39]); Wed, 23 May 2018 21:19:06 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.39]);
	Wed, 23 May 2018 21:19:06 +0000 (UTC) for IP:'104.47.32.58'
	DOMAIN:'mail-sn1nam01on0058.outbound.protection.outlook.com'
	HELO:'NAM01-SN1-obe.outbound.protection.outlook.com'
	FROM:'brijesh.singh@amd.com' RCPT:''
X-RedHat-Spam-Score: -0.021  (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE,
	SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.32.58
	mail-sn1nam01on0058.outbound.protection.outlook.com
	104.47.32.58
	mail-sn1nam01on0058.outbound.protection.outlook.com
	<brijesh.singh@amd.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.39
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Tom Lendacky <thomas.lendacky@amd.com>, Peter Krempa <pkrempa@redhat.com>,
	Erik Skultety <eskultet@redhat.com>, Jon Grimm <Jon.Grimm@amd.com>,
	Andrea Bolognani <abologna@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>, Borislav Petkov <bp@suse.de>
Subject: [libvirt] [PATCH v6 1/9] qemu: provide support to query the SEV
	capability
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
 Wed, 23 May 2018 21:19:33 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

QEMU version >=3D 2.12 provides support for launching an encrypted VMs on
AMD x86 platform using Secure Encrypted Virtualization (SEV) feature.
This patch adds support to query the SEV capability from the qemu.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 src/conf/domain_capabilities.h                     | 13 ++++
 src/qemu/qemu_capabilities.c                       | 47 ++++++++++++++
 src/qemu/qemu_capabilities.h                       |  4 ++
 src/qemu/qemu_capspriv.h                           |  4 ++
 src/qemu/qemu_monitor.c                            |  9 +++
 src/qemu/qemu_monitor.h                            |  3 +
 src/qemu/qemu_monitor_json.c                       | 74 ++++++++++++++++++=
++++
 src/qemu/qemu_monitor_json.h                       |  3 +
 .../caps_2.12.0.x86_64.replies                     | 10 +++
 tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml  |  3 +-
 10 files changed, 169 insertions(+), 1 deletion(-)

diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index 9b852e8649bf..c1093234ceb8 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -137,6 +137,19 @@ struct _virDomainCapsCPU {
     virDomainCapsCPUModelsPtr custom;
 };
=20
+/*
+ * SEV capabilities
+ */
+typedef struct _virSEVCapability virSEVCapability;
+typedef virSEVCapability *virSEVCapabilityPtr;
+struct _virSEVCapability {
+    char *pdh;
+    char *cert_chain;
+    unsigned int cbitpos;
+    unsigned int reduced_phys_bits;
+};
+
+
 struct _virDomainCaps {
     virObjectLockable parent;
=20
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 8a63db5f4f33..49b74f7e12c1 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -489,6 +489,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
               "screendump_device",
               "hda-output",
               "blockdev-del",
+              "sev-guest",
     );
=20
=20
@@ -555,6 +556,8 @@ struct _virQEMUCaps {
     size_t ngicCapabilities;
     virGICCapability *gicCapabilities;
=20
+    virSEVCapability *sevCapabilities;
+
     virQEMUCapsHostCPUData kvmCPU;
     virQEMUCapsHostCPUData tcgCPU;
 };
@@ -1121,6 +1124,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[=
] =3D {
     { "virtual-css-bridge", QEMU_CAPS_CCW },
     { "vfio-ccw", QEMU_CAPS_DEVICE_VFIO_CCW },
     { "hda-output", QEMU_CAPS_HDA_OUTPUT },
+    { "sev-guest", QEMU_CAPS_SEV_GUEST },
 };
=20
 static struct virQEMUCapsStringFlags virQEMUCapsDevicePropsVirtioBalloon[]=
 =3D {
@@ -2050,6 +2054,28 @@ virQEMUCapsSetGICCapabilities(virQEMUCapsPtr qemuCap=
s,
 }
=20
=20
+void
+virQEMUSevCapabilitiesFree(virSEVCapability *cap)
+{
+    if (!cap)
+        return;
+
+    VIR_FREE(cap->pdh);
+    VIR_FREE(cap->cert_chain);
+    VIR_FREE(cap);
+}
+
+
+void
+virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps,
+                              virSEVCapability *capabilities)
+{
+    virQEMUSevCapabilitiesFree(qemuCaps->sevCapabilities);
+
+    qemuCaps->sevCapabilities =3D capabilities;
+}
+
+
 static int
 virQEMUCapsProbeQMPCommands(virQEMUCapsPtr qemuCaps,
                             qemuMonitorPtr mon)
@@ -2580,6 +2606,21 @@ virQEMUCapsProbeQMPGICCapabilities(virQEMUCapsPtr qe=
muCaps,
 }
=20
=20
+static int
+virQEMUCapsProbeQMPSEVCapabilities(virQEMUCapsPtr qemuCaps,
+                                   qemuMonitorPtr mon)
+{
+    virSEVCapability *caps =3D NULL;
+
+    if (qemuMonitorGetSEVCapabilities(mon, &caps) < 0)
+        return -1;
+
+    virQEMUCapsSetSEVCapabilities(qemuCaps, caps);
+
+    return 0;
+}
+
+
 bool
 virQEMUCapsCPUFilterFeatures(const char *name,
                              void *opaque)
@@ -3965,6 +4006,12 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps,
             virQEMUCapsClear(qemuCaps, QEMU_CAPS_DEVICE_VFIO_CCW);
     }
=20
+    /* Probe for SEV capabilities */
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
+        if (virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon) < 0)
+            virQEMUCapsClear(qemuCaps, QEMU_CAPS_SEV_GUEST);
+    }
+
     ret =3D 0;
  cleanup:
     return ret;
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 3e120e64c0b4..8b7eef4359b7 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -473,6 +473,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
     QEMU_CAPS_SCREENDUMP_DEVICE, /* screendump command accepts device & he=
ad */
     QEMU_CAPS_HDA_OUTPUT, /* -device hda-output */
     QEMU_CAPS_BLOCKDEV_DEL, /* blockdev-del is supported */
+    QEMU_CAPS_SEV_GUEST, /* -object sev-guest,... */
=20
     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
@@ -599,4 +600,7 @@ bool virQEMUCapsGuestIsNative(virArch host,
 bool virQEMUCapsCPUFilterFeatures(const char *name,
                                   void *opaque);
=20
+void
+virQEMUSevCapabilitiesFree(virSEVCapability *capabilities);
+
 #endif /* __QEMU_CAPABILITIES_H__*/
diff --git a/src/qemu/qemu_capspriv.h b/src/qemu/qemu_capspriv.h
index 0199501c931b..20b03876d470 100644
--- a/src/qemu/qemu_capspriv.h
+++ b/src/qemu/qemu_capspriv.h
@@ -85,6 +85,10 @@ virQEMUCapsSetGICCapabilities(virQEMUCapsPtr qemuCaps,
                               virGICCapability *capabilities,
                               size_t ncapabilities);
=20
+void
+virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps,
+                              virSEVCapability *capabilities);
+
 int
 virQEMUCapsProbeQMPCPUDefinitions(virQEMUCapsPtr qemuCaps,
                                   qemuMonitorPtr mon,
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 43f1d2f81671..3b034930408c 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -3778,6 +3778,15 @@ qemuMonitorGetGICCapabilities(qemuMonitorPtr mon,
     return qemuMonitorJSONGetGICCapabilities(mon, capabilities);
 }
=20
+int
+qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon,
+                              virSEVCapability **capabilities)
+{
+    QEMU_CHECK_MONITOR(mon);
+
+    return qemuMonitorJSONGetSEVCapabilities(mon, capabilities);
+}
+
=20
 int
 qemuMonitorNBDServerStart(qemuMonitorPtr mon,
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index c28db1a52b8b..b1b7ef09c929 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -710,6 +710,9 @@ int qemuMonitorSetMigrationCapabilities(qemuMonitorPtr =
mon,
 int qemuMonitorGetGICCapabilities(qemuMonitorPtr mon,
                                   virGICCapability **capabilities);
=20
+int qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon,
+                                  virSEVCapability **capabilities);
+
 typedef enum {
   QEMU_MONITOR_MIGRATE_BACKGROUND       =3D 1 << 0,
   QEMU_MONITOR_MIGRATE_NON_SHARED_DISK  =3D 1 << 1, /* migration with non-=
shared storage with full disk copy */
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 9f5c35879587..24d3a2ff412f 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -6436,6 +6436,80 @@ qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon,
     return ret;
 }
=20
+int
+qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon,
+                                  virSEVCapability **capabilities)
+{
+    int ret =3D -1;
+    virJSONValuePtr cmd;
+    virJSONValuePtr reply =3D NULL;
+    virJSONValuePtr caps;
+    virSEVCapability *capability =3D NULL;
+    const char *pdh =3D NULL, *cert_chain =3D NULL;
+    int cbitpos, reduced_phys_bits;
+
+    *capabilities =3D NULL;
+
+    if (!(cmd =3D qemuMonitorJSONMakeCommand("query-sev-capabilities",
+                                           NULL)))
+        return -1;
+
+    if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+        goto cleanup;
+
+
+    if (qemuMonitorJSONCheckError(cmd, reply) < 0)
+        goto cleanup;
+
+    caps =3D virJSONValueObjectGetObject(reply, "return");
+
+    if (virJSONValueObjectGetNumberInt(caps, "cbitpos", &cbitpos) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("'cbitpos' field is missing"));
+        goto cleanup;
+    }
+
+    if (virJSONValueObjectGetNumberInt(caps, "reduced-phys-bits",
+                                       &reduced_phys_bits) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("'reduced-phys-bits' field is missing"));
+        goto cleanup;
+    }
+
+    if (!(pdh =3D virJSONValueObjectGetString(caps, "pdh"))) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("'pdh' field is missing"));
+        goto cleanup;
+    }
+
+    if (!(cert_chain =3D virJSONValueObjectGetString(caps, "cert-chain")))=
 {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("'cert-chain' field is missing"));
+        goto cleanup;
+    }
+
+    if (VIR_ALLOC(capability) < 0)
+        goto cleanup;
+
+    if (VIR_STRDUP(capability->pdh, pdh) < 0)
+        goto cleanup;
+
+    if (VIR_STRDUP(capability->cert_chain, cert_chain) < 0)
+        goto cleanup;
+
+    capability->cbitpos =3D cbitpos;
+    capability->reduced_phys_bits =3D reduced_phys_bits;
+    VIR_STEAL_PTR(*capabilities, capability);
+    ret =3D 0;
+
+ cleanup:
+    virQEMUSevCapabilitiesFree(capability);
+    virJSONValueFree(cmd);
+    virJSONValueFree(reply);
+
+    return ret;
+}
+
 static virJSONValuePtr
 qemuMonitorJSONBuildInetSocketAddress(const char *host,
                                       const char *port)
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index f4ac8319ac8a..129aab22bf98 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -152,6 +152,9 @@ int qemuMonitorJSONSetMigrationCapabilities(qemuMonitor=
Ptr mon,
 int qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon,
                                       virGICCapability **capabilities);
=20
+int qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon,
+                                      virSEVCapability **capabilities);
+
 int qemuMonitorJSONMigrate(qemuMonitorPtr mon,
                            unsigned int flags,
                            const char *uri);
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies b/tests/=
qemucapabilitiesdata/caps_2.12.0.x86_64.replies
index c40046beef6b..ace35374ef96 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies
@@ -18995,6 +18995,16 @@
   "id": "libvirt-51"
 }
=20
+{
+  "return" : {
+   "reduced-phys-bits": 1,
+   "cbitpos": 47,
+   "cert-chain": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA",
+   "pdh": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAO=
AAA"
+  },
+  "id": "libvirt-52"
+}
+
 {
   "return": {
   },
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml b/tests/qemu=
capabilitiesdata/caps_2.12.0.x86_64.xml
index 3c7dadffcd8a..58a1bf835a73 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
@@ -204,9 +204,10 @@
   <flag name=3D'screendump_device'/>
   <flag name=3D'hda-output'/>
   <flag name=3D'blockdev-del'/>
+  <flag name=3D'sev-guest'/>
   <version>2011090</version>
   <kvmVersion>0</kvmVersion>
-  <microcodeVersion>390813</microcodeVersion>
+  <microcodeVersion>391059</microcodeVersion>
   <package>v2.12.0-rc0</package>
   <arch>x86_64</arch>
   <hostCPU type=3D'kvm' model=3D'base' migratability=3D'yes'>
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Thu May  2 22:35:13 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527110381568972.6828756879453;
 Wed, 23 May 2018 14:19:41 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com
 [10.5.11.27])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 8421530AA385;
	Wed, 23 May 2018 21:19:32 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 51CFF959CA;
	Wed, 23 May 2018 21:19:31 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id DC7FD18033F0;
	Wed, 23 May 2018 21:19:29 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com
	[10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4NLJBWr028748 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 23 May 2018 17:19:11 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 0F3AA959C4; Wed, 23 May 2018 21:19:11 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com
	[10.5.110.45])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 86F53959C0;
	Wed, 23 May 2018 21:19:07 +0000 (UTC)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com
	(mail-sn1nam02on0040.outbound.protection.outlook.com [104.47.36.40])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id F112730DCC20;
	Wed, 23 May 2018 21:19:05 +0000 (UTC)
Received: from wsp141597wss.amd.com (165.204.78.1) by
	BL0PR12MB2449.namprd12.prod.outlook.com (2603:10b6:207:4d::31) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.797.11; Wed, 23 May 2018 21:18:57 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=0ARNRrlpHq9GS6oRZnuSEOHztOwXgXzWOxENbJkl/9k=;
	b=GkJdpbXXsTnpO9DZ4mq7/UWSkDbQjcUKEc+9eYIR+zhzdfUALrr+VDgsI+oG6FOJmVbiehRbA35jb7aCbioYIesefy459E4Gb6b2FVyUtkLOsWUxslj27SoO1bk1Fin0JTJqI474K6V0IuvXuaOMY2RytXOEQryvMb/vCNlW7O8=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: libvir-list@redhat.com
Date: Wed, 23 May 2018 16:18:27 -0500
Message-Id: <20180523211834.15817-3-brijesh.singh@amd.com>
In-Reply-To: <20180523211834.15817-1-brijesh.singh@amd.com>
References: <20180523211834.15817-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: SN2PR01CA0050.prod.exchangelabs.com (2603:10b6:800::18) To
	BL0PR12MB2449.namprd12.prod.outlook.com
	(2603:10b6:207:4d::31)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);
	SRVR:BL0PR12MB2449;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	3:9punBNHMtE6HW+TyccH9wlJ78+3TFtSP1+THcYERfuDLqkDSq4Ia5IUET1dVrcKt5I+1Cju2ys/Ot3Ou0BJITDBvyYisQ8cphtIp70kNryWNJdfSbXIYuKNMI0wUL1bgNNDW1FxTzya7NKxT/pV7oltLCh1iPWSaDwNxfDdvFXyFTBDN14MaoPf/cyuWWhb80SkDpbm9Up+WnAclP37KemZqcnFtSSflArMJFNWQgpL6CNtlRCgye7sK6iu6+Kyz;
	25:REEFE35yoUoxx7+I4THFwg5hvGPAOZaRqGwF7bP6ZafvNOjww9wpow/mT7rIOZGe/bXwXCYG9VXlkG2OYfJ5ID68Hb7BM4Qj9lMBKtZ+QN6eCTDQHdVbf54CyE10qAqPz0AuLnJXBQ6x/9yjY+HPz3OJWIVSPRCAEnAJg9W9ON0dqRemGC3wEXKkdFI4E9Y0ERyiB0rx9N5I/iwdAOUDseBELWQgreSvYdW9dyH96A6cXKyXLNwWS9QyhK/wiZZW+s8CBbD+NOdkk66gQTGk8qOdIWeAtPnzipSUStNRCJRXv8edPV7PfDHOA6nKpYm/A+B0n67M2c15Vel47FSdeA==;
	31:R0vbhPVy6AJx4R5MOajb1agSZ75qS/dlA88tkyQvs3mlIBosIT9QrRMQLlXaIsdt49wY20rZ/apo3oYNLjENLoT4BKjfaKKbJpPWGx8QVU7a2FrorZ2tluWTBo4lwJ/xxwATJXtVxOadTEIIWkhmX4ZbE8H0m9WKl08jYrlue+0H6ExR0udje4goSD6JesOsDYs0Xy6qx68F2tx47nWJDFrIXvfTiCSagmOnAwbqvLo=
X-MS-TrafficTypeDiagnostic: BL0PR12MB2449:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	20:q6KUDl8P9WHKA7+f7UUx9EgUz8q9stmU0EnNuytpIb5QHYwvG2cgOKeDN+vChtAqH52NuRucsw1T1JyoIu1X1VrBzplJZLEn1YCKqgbEJVhcLNWhyDJ/K+B6RcWSlQbShmn3a/3GtMzUx8bYNUigj1KWhUYYHbImLc0TM9GrUTaPFcJdHdcyLWaiOugzfnoRyygUpyf6Gx3Jr6vo0uxrSAkNuxrahCKhXON3Q2MLXWq0sKfXvTp0t5r3vodKbgwPHAOwszPBslydodcjyinXiwW/lTACicq1vgTqck4Q+MVCTfJCyq6W91CLft4OMHVsIZSSYezW/KT8N278mih93AbNzWBHpI2qK31klKcquWNX799IgxjLEMZYs5Fi7EeHSnVBekqzwBuY3+wMyqbg7pg6JXffbW8p4kHanTM/Dn+05YOy8zp2tYHqdQTYZwbHwqJ+UqSrJmqH0Sda+7ViBIEFJp00j7xJBLdXn5pbo3v9V9HqVsU/pmkN6IyMP6Tq;
	4:ZNRWhJyposbQvGcg64hytSBQAZ66kdGXFqGMlbrX+LggrdMATTf7QctESsj5xrvZWXLZlJ5UPQ38WaLEawZXprSLLgLSZ5tZYPwymsu4ITHo14CIauXUSwy3Ous2ZUuINxeFwboOx8DsW1INcHnnZKJ77EAituFiEnauMnz3o4uGlmq4f1pbAQogdOumCC+LFcE+7NFrxE/F3NIiMMtYRZ9V4rY81puVuEyutdU1QGUathLNhzlAR/J+vhY7QXOOw3GXvRPuecXrbS55OsJzX4dTsto4QeDGJ27/BKf1EN9s/pCKqvGW08xpNhbHsCPweHPd4MFUNG/VCsR82si53A==
X-Microsoft-Antispam-PRVS: 
 <BL0PR12MB244931C0A3B699E293443EAAE56B0@BL0PR12MB2449.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(20558992708506)(767451399110);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011)(7699016);
	SRVR:BL0PR12MB2449; BCL:0; PCL:0; RULEID:; SRVR:BL0PR12MB2449;
X-Forefront-PRVS: 06818431B9
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(346002)(376002)(396003)(366004)(39380400002)(39860400002)(199004)(189003)(956004)(6116002)(53936002)(1076002)(3846002)(4326008)(2616005)(6306002)(236005)(36756003)(446003)(97736004)(11346002)(5660300001)(66066001)(16526019)(47776003)(186003)(6916009)(6666003)(44832011)(6486002)(86362001)(575784001)(16586007)(2351001)(26005)(478600001)(298455003)(59450400001)(2906002)(76176011)(2361001)(51416003)(68736007)(50466002)(606006)(25786009)(476003)(52116002)(7696005)(54906003)(48376002)(7736002)(106356001)(386003)(316002)(53416004)(486006)(81166006)(81156014)(8676002)(105586002)(50226002)(8936002);
	DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR12MB2449;
	H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en;
	PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BL0PR12MB2449;
	23:3wClUijBX7u8xwukybdCat3WtLczeuS1SLTAlZD8Q?=
	=?us-ascii?Q?yM4h+p2OkQYJ/LUcQOaWaJSuXuG14xmsxTmI0jnMHqDq7x3Ymdl16SA+4PUE?=
	=?us-ascii?Q?/aPHYjrvndW9YSnkHf2vUNkCVV/lvrrX9nqAT6iO2wdvJNzyyhqja6NXG+L4?=
	=?us-ascii?Q?0KBs4V3/eUKc9mx4n63KTr5BZvV41vdyjSWoM/2tIZxDx32s+FuoDhF0uUCP?=
	=?us-ascii?Q?jVIbKmKyIZzwDt3iE/ykmO/QlIjzSzXlPjvVxMSXKuFUtVLmJzi7xcXhpxes?=
	=?us-ascii?Q?A5qnOllKFiNPNQVWI91KgZ7QaSVhaewdxT36iZGVhiy2q1g2Q1QA+aoxrUSZ?=
	=?us-ascii?Q?TfDQA5f2oLqi3jSBkLGvwBtM7MQ/RGHXxtJUWwSPl/yr72/J89I+ETP4gCx3?=
	=?us-ascii?Q?izbi6eG8BIM5jHRuJVIZAjjtYj06/AbFnqLbVR2akhECg/55CF8nC6EJsufn?=
	=?us-ascii?Q?eOJzYusY7LIQL5dvL2by1k0cdxDSWOvSHRJuIAsKElJbhy3YqezyLxvaAjhx?=
	=?us-ascii?Q?Ir/6ausqiDd8x2pIO+ym89/LRl6s9Y0UeJBYvGsgxRTfemne57ug08gqmWOL?=
	=?us-ascii?Q?fusn5fnM0E3tiij70AUmpTKRD8QVnWOc6XvggcWR94plkyl0koLv6LcCaJ8f?=
	=?us-ascii?Q?EWHwrS0eqqZTuQYMg9hWioAVcltbLvRptWg5gSmkR0leQzs4sxTt97dSGAKo?=
	=?us-ascii?Q?jtrcpncVsmR1X4Qt9cuvPfsHL9Y0RwY8ZewQMNtkP73lDs1A/4A1lt/EobBr?=
	=?us-ascii?Q?zxU/rR1aYujjX/MBR/+kupD42Fi4GRk/lIrJiusajKxZnYtmKS9KgiYYQUC3?=
	=?us-ascii?Q?SoM6uPwVCGpArcA+NquxisexsHLcsOJFKSIfuaTzhWSPbTAk6JoTcAo3JVU6?=
	=?us-ascii?Q?OM+1RVuRRHWaznEe7nQ8xcAgc65kiz8Z6gJv8ufagsvm/vAn0S18rO3lEIC6?=
	=?us-ascii?Q?TrjLK2sGqLtyG28A1vHZ8qNrtXWgZV78qM/AIu7c2eL71sz7NOZOv1aXeta2?=
	=?us-ascii?Q?eyF8TKZWEVhx5L9ROJ7y8LW9IWNYeG+HMPVP0A1u8qCSiQdehhKlJOdQOCiS?=
	=?us-ascii?Q?WeQfkmxI6aycRaj32CWtGo4ljZhzc5xV4jH+DK31VqLs+jXHZuiaYAoDBPWw?=
	=?us-ascii?Q?CqXqw5RgvnOzloylLqE+kTx96jnT95Gc7aP2AloDNemDiupbSpv8vUrt2HbL?=
	=?us-ascii?Q?Dhulry2flETHxSLtGVvDvv2VD4f6AuG05cWkp7olei8/1J0q7wp7/2qn1BX4?=
	=?us-ascii?Q?0E31wGW7J5WN1cHZOzr8r6SwgPsjMsTR5sEeR0apKqtF7Pwpn4E+dR3hjWpx?=
	=?us-ascii?Q?mC6NIn3VUWFH2T67TmWgWHscSEOeXXfzcAUdU4o9IObFxgSnPAu24p6lzyKS?=
	=?us-ascii?Q?3I0cgJU3R3t0nakYmssdGYXFXg=3D?=
X-Microsoft-Antispam-Message-Info: 
 S0qn3zRKotkup5t7HE6pEqhJZ+bSVO65uV1OBld9qxG4r/ZEv33ZPcJte8Z7HI/rGaijxKpX3uKy39CnGq/LiffHFj8r0pFaAOjDpekQWUU6LXee4/JAEKjVyAfux9lF1xncshgRK60dlN2ozmTeY6RkTRvlz6fVBm9O6hOWeaf/G5L4200CRjub8jCh7QwI
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	6:twkWzUDdu0dJ+IGdM+jVpPP5CqLaw/aekU/LipgbHyOZ9USm7CAEaoHv0FjOyCgoC40ek84Zv4rFIVZNHIZcQYM9KFBsywdWEmkJWv3d4wqWYk+/rxeb9Jqf5FsPuEti/IUNl6w4zmtIsKwlD1+8EBDwEjdcLjxV/1M/rE/5+VQ5beYK6NzUGPgEmP9Zx0UX7OFDGTWYaUO/M9gVa04Wwkim2XMZQVLJF9ScviamPnaSPIRm1lgswWCfAy6QGQloUIIOlN4MTAmKueU4KDElmQGBYGjCNkBHlqoQY/jI1kLR1DE5hBds/Q5OYRUKpfxWApOnRmQnZ/uihYNQYeTPx+lZeuLwZNndbboVfmXqhuvt68Hjkzy63QvWt0iuT5Ssm9xRzp3PI3+yLzx0KuZL2eAIV5oRdd752TC1AjlM6qNeaoiZ1rn8N/wtY6YxWXC40lQ8WrZN9St02LZ9GzVIAg==;
	5:kA7dmauvy4iUBY2vaa+0HAUtx1TR9evCwvHRFRLpI3Glmh5nVVhCU+cWLUMM+8L4aICHZS1qMK5dMw+pWx4KWqsbkSU2uNac5TlCBQZbIm2Z32a5uY6UDxAf9/RpwZm64ugBpmrBcnrMMxiTIdherumpLaSMIu0TsFMwQA4ii1s=;
	24:VEVPgEgO3CvqqMz/DDUGzB88olyCQeH1duxr1BVC38PnW1APUaXc1c+fIfQ7eqFxoOg66m9pPDkH0Y713PIha1F4wz1YVEooIJIbIqIRL6A=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	7:bC4gg/95iBLlOfLBBw0wJ1yFesfC6+8SaZPv0LNobpq263f2HDJCeMxE3V/CwNWdcngVi1vSA/w+TXrhdAy/MX75+g92Y16VfnYVCsQJybWqpMZXv8n8QvORvpHa9+0lrNIdQIdB5mrKmigzQeM0Chf7c/DMF/wQDwXo0/1aj127ecmtqarqQIbPy0CW9c8Z/7gEiLFxMkVFwWYW+QyY5G07N3rDZ4XUIqVrl0KL4gb1LRlyredqJUSUsr6pySML;
	20:xBwFstBld2wEiz/9H/kdka4DHkYKFZcHxgdDzot4m24tmQNw8zHtKi0cVM+Mg/g2kYL8wLFBnF/9AtW+8pvozl0gSTq9JhR6D4H33V6pEnd8bIq6o7DCSlbEWHer4/T+R4sAcxbw2+KbWVfwazly32Nx5r0iHw0zb8LjGgM4H7bfI1kbW3exc87JqTCHLc2zgkizfA9ajE1nHe+hRl7aEUkh4Ohp27HE7npog//PEvAIZuy9Fewas1IxBxH2eV0z
X-MS-Office365-Filtering-Correlation-Id: 6f873e8f-3606-410c-d760-08d5c0f2cbd5
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2018 21:18:57.0286 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 6f873e8f-3606-410c-d760-08d5c0f2cbd5
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2449
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.45]); Wed, 23 May 2018 21:19:06 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.45]);
	Wed, 23 May 2018 21:19:06 +0000 (UTC) for IP:'104.47.36.40'
	DOMAIN:'mail-sn1nam02on0040.outbound.protection.outlook.com'
	HELO:'NAM02-SN1-obe.outbound.protection.outlook.com'
	FROM:'brijesh.singh@amd.com' RCPT:''
X-RedHat-Spam-Score: -1.031  (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,
	T_DKIMWL_WL_MED) 104.47.36.40
	mail-sn1nam02on0040.outbound.protection.outlook.com
	104.47.36.40
	mail-sn1nam02on0040.outbound.protection.outlook.com
	<brijesh.singh@amd.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.45
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27
X-loop: libvir-list@redhat.com
Cc: Tom Lendacky <thomas.lendacky@amd.com>, Peter Krempa <pkrempa@redhat.com>,
	Erik Skultety <eskultet@redhat.com>, Jon Grimm <Jon.Grimm@amd.com>,
	Andrea Bolognani <abologna@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>, Borislav Petkov <bp@suse.de>
Subject: [libvirt] [PATCH v6 2/9] qemu: introduce SEV feature in hypervisor
	capabilities
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]);
 Wed, 23 May 2018 21:19:40 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Extend hypervisor capabilities to include sev feature. When available,
hypervisor supports launching an encrypted VM on AMD platform. The
sev feature tag provides additional details like Platform Diffie-Hellman
(PDH) key and certificate chain which can be used by the guest owner to
establish a cryptographic session with the SEV firmware to negotiate
keys used for attestation or to provide secret during launch.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 docs/formatdomaincaps.html.in  | 40 ++++++++++++++++++++++++++++++++++++++=
++
 docs/schemas/domaincaps.rng    | 20 ++++++++++++++++++++
 src/conf/domain_capabilities.c | 20 ++++++++++++++++++++
 src/conf/domain_capabilities.h |  1 +
 src/qemu/qemu_capabilities.c   |  2 ++
 5 files changed, 83 insertions(+)

diff --git a/docs/formatdomaincaps.html.in b/docs/formatdomaincaps.html.in
index b68ae4b4f1f3..f37b059ba6b1 100644
--- a/docs/formatdomaincaps.html.in
+++ b/docs/formatdomaincaps.html.in
@@ -434,6 +434,12 @@
       &lt;/enum&gt;
     &lt;/gic&gt;
     &lt;vmcoreinfo supported=3D'yes'/&gt;
+    &lt;sev&gt;
+      &lt;pdh&gt;UWxKSlNrVlRTRk5KVGtkSVFVMUU=3D&lt;/pdh&gt;
+      &lt;cert-chain&gt;VVd4S1NsTnJWbFJUUms1S1ZHdGtTVkZWTVVVPQ=3D=3D&lt;/c=
ert-chain&gt;
+      &lt;cbitpos&gt;47&lt;/cbitpos&gt;
+      &lt;reduced-phys-bits&gt;1&lt;/reduced-phys-bits&gt;
+    &lt;/sev&gt;
   &lt;/features&gt;
 &lt;/domainCapabilities&gt;
 </pre>
@@ -462,5 +468,39 @@
=20
     <p>Reports whether the vmcoreinfo feature can be enabled</p>
=20
+    <h4><a id=3D"elementsSEV">SEV capabilities</a></h4>
+
+    <p>AMD Secure Encrypted Virtualization (SEV) capabilities are exposed =
under
+    the <code>sev</code> element.
+    SEV is an extension to the AMD-V architecture which supports running
+    virtual machines (VMs) under the control of a hypervisor. When support=
ed,
+    guest owner can create a VM whose memory contents will be transparently
+    encrypted with a key unique to that VM.</p>
+
+    <p>
+    For more details on SEV feature see:
+      <a href=3D"https://support.amd.com/TechDocs/55766_SEV-KM%20API_Speci=
fication.pdf">
+        SEV API spec</a> and <a href=3D"http://amd-dev.wpengine.netdna-cdn=
.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf=
">
+        SEV White Paper</a>
+    </p>
+
+    <dl>
+      <dt><code>pdh</code></dt>
+      <dd>A base64 encoded platform Diffie-Hellman public key which can be
+      exported to remote entities that desire to establish a secure transp=
ort
+      context with the SEV platform in order to transmit data securely.</d=
d>
+      <dt><code>cert-chain</code></dt>
+      <dd> A base64 encoded platform certificate chain that includes the p=
latform
+      endorsement key (PEK), owners certificate authority (OCD), and chip
+      endorsement key (CEK).</dd>
+      <dt><code>cbitpos</code></dt>
+      <dd>When memory encryption is enabled, one of the physical address b=
its
+      (aka the C-bit) is utilized to mark if a memory page is protected. T=
he
+      C-bit position is Hypervisor dependent.</dd>
+      <dt><code>reduced-phys-bits</code></dt>
+      <dd>When memory encryption is enabled, we lose certain bits in physi=
cal
+      address space. The number of bits we lose is hypervisor dependent.</=
dd>
+    </dl>
+
   </body>
 </html>
diff --git a/docs/schemas/domaincaps.rng b/docs/schemas/domaincaps.rng
index 5913d711a3fe..26265645b82a 100644
--- a/docs/schemas/domaincaps.rng
+++ b/docs/schemas/domaincaps.rng
@@ -184,6 +184,9 @@
       <interleave>
         <ref name=3D'gic'/>
         <ref name=3D'vmcoreinfo'/>
+        <optional>
+        <ref name=3D'sev'/>
+        </optional>
       </interleave>
     </element>
   </define>
@@ -201,6 +204,23 @@
     </element>
   </define>
=20
+  <define name=3D'sev'>
+    <element name=3D'sev'>
+      <element name=3D'pdh'>
+        <data type=3D'string'/>
+      </element>
+      <element name=3D'cert-chain'>
+        <data type=3D'string'/>
+      </element>
+      <element name=3D'cbitpos'>
+        <data type=3D'unsignedInt'/>
+      </element>
+      <element name=3D'reduced-phys-bits'>
+        <data type=3D'unsignedInt'/>
+      </element>
+    </element>
+  </define>
+
   <define name=3D'value'>
     <zeroOrMore>
       <element name=3D'value'>
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 6e2ab0a28796..3b767c45cbb3 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -542,6 +542,25 @@ virDomainCapsFeatureGICFormat(virBufferPtr buf,
     FORMAT_EPILOGUE(gic);
 }
=20
+static void
+virDomainCapsFeatureSEVFormat(virBufferPtr buf,
+                              virSEVCapabilityPtr const sev)
+{
+    if (!sev)
+        return;
+
+    virBufferAddLit(buf, "<sev supported=3D'yes'>\n");
+    virBufferAdjustIndent(buf, 2);
+    virBufferAsprintf(buf, "<cbitpos>%d</cbitpos>\n", sev->cbitpos);
+    virBufferAsprintf(buf, "<reduced-phys-bits>%d</reduced-phys-bits>\n",
+                          sev->reduced_phys_bits);
+    virBufferEscapeString(buf, "<pdh>%s</pdh>\n", sev->pdh);
+    virBufferEscapeString(buf, "<cert-chain>%s</cert-chain>\n",
+                          sev->cert_chain);
+    virBufferAdjustIndent(buf, -2);
+    virBufferAddLit(buf, "</sev>\n");
+}
+
=20
 char *
 virDomainCapsFormat(virDomainCapsPtr const caps)
@@ -585,6 +604,7 @@ virDomainCapsFormat(virDomainCapsPtr const caps)
     virDomainCapsFeatureGICFormat(&buf, &caps->gic);
     virBufferAsprintf(&buf, "<vmcoreinfo supported=3D'%s'/>\n",
                       caps->vmcoreinfo ? "yes" : "no");
+    virDomainCapsFeatureSEVFormat(&buf, caps->sev);
=20
     virBufferAdjustIndent(&buf, -2);
     virBufferAddLit(&buf, "</features>\n");
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index c1093234ceb8..e33bef525ef4 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -172,6 +172,7 @@ struct _virDomainCaps {
=20
     virDomainCapsFeatureGIC gic;
     bool vmcoreinfo;
+    virSEVCapabilityPtr sev;
     /* add new domain features here */
 };
=20
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 49b74f7e12c1..3345b09fa384 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4998,6 +4998,8 @@ virQEMUCapsFillDomainCaps(virCapsPtr caps,
         virQEMUCapsFillDomainDeviceHostdevCaps(qemuCaps, hostdev) < 0 ||
         virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps) < 0)
         return -1;
+
+    domCaps->sev =3D qemuCaps->sevCapabilities;
     return 0;
 }
=20
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Thu May  2 22:35:13 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527110379173176.21833974579852;
 Wed, 23 May 2018 14:19:39 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 77CCE3003988;
	Wed, 23 May 2018 21:19:37 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 404EB60BEB;
	Wed, 23 May 2018 21:19:37 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id EB69A4CA89;
	Wed, 23 May 2018 21:19:36 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
	[10.5.11.12])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4NLJDKF028766 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 23 May 2018 17:19:13 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id B8D33619FF; Wed, 23 May 2018 21:19:13 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com
	[10.5.110.45])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id E768760BEB;
	Wed, 23 May 2018 21:19:09 +0000 (UTC)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com
	(mail-sn1nam02on0040.outbound.protection.outlook.com [104.47.36.40])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 9414A3082A32;
	Wed, 23 May 2018 21:19:07 +0000 (UTC)
Received: from wsp141597wss.amd.com (165.204.78.1) by
	BL0PR12MB2449.namprd12.prod.outlook.com (2603:10b6:207:4d::31) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.797.11; Wed, 23 May 2018 21:18:58 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=jJOyCUB9O0HdZbHQxCOS+1TBUJ/4gDz9bfQPNLTuSjI=;
	b=zZbcd5EgJ5UjCFAr3Ty4no57vDFF5u/EyF6YlCtPfBwIFrhuUZNMYX2CF6SWW4oFkxFkKahm1GQ5D4QYE2gcNKTwG1iELU7Har5KUfRk7jNCtAvH0XnQdPgNEwtw6Hzn2eyTvypXMmrA/Ckup6TKdH847WRA/yJToxVS74EC7UQ=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: libvir-list@redhat.com
Date: Wed, 23 May 2018 16:18:28 -0500
Message-Id: <20180523211834.15817-4-brijesh.singh@amd.com>
In-Reply-To: <20180523211834.15817-1-brijesh.singh@amd.com>
References: <20180523211834.15817-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: SN2PR01CA0050.prod.exchangelabs.com (2603:10b6:800::18) To
	BL0PR12MB2449.namprd12.prod.outlook.com
	(2603:10b6:207:4d::31)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);
	SRVR:BL0PR12MB2449;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	3:F447o+M5MCw+vLOjUjdx95au9wsL5IHgi/dK4FJh9wz2+C6zZZOwaM9n1bdSZBohvMMAkSdl7fJ27dMffDHaqcxH/1HrwWhIEfPs7HK2G2YGMSJjnU+UjHjGZmbMYvbn0Np5x2X+XC1WXAhdsceSOPlDGQAbZwHOonoqK5sEbfG09udtfglXmhkuCTL2KDrzjJlYEFQc6kuFSvpo9A5QUNh1qyJerzqW9EPWmNunUEVIbIR/YNN4CRx4dm4bMWkD;
	25:U+0caRSgtNXoO+33TaYLKs1riX0DuySVBGqRfE0BTVG4xjC8ykIBV2TUfeo0wd3gOmM+fbIrSHzNSGNPjcNxGxLF6QLDXgTG6f5SaQHDpQo+32fM4mwg1earU0tmmdtBcyBqVuLIf2nQZHfgDfn54xp96M/D+8gouOCuBZKYj6IcQ1Imy43qCnmbEAR7ujilufB59cg++jPTGeRY3o0w6lOBZGT78bnWM8FIoWsHP4mJT/8bcdJ3nWNIdj1vuJUZmpkY4CEE+leWAhlVFwh/gP+EYFjFTf++zc4/bqVewg213ixX2pBhDobXO8NkZNlPZympUS0bEoOP+M0zotsytw==;
	31:m4/85NjagLu17UCPWqWRmX/gf25si8YynSYgpItUX2hAbYumZHIqu5L42HEu1oD6wZVwzwLvMnIGOvguxxKzxv63p7zNC+V6om/mMG2HZ55wN0FjSR1NKWHXNVI3AyAfSk7OSGo1EJoQHCcVHEXY443Dn84M//1QhIH51FRtuJXk1IsQFk6h3rGZCduKf0C5jeugPM+kc9AWszGtgrOHk4d1P8mtFjPBFFPOw+n7oZ4=
X-MS-TrafficTypeDiagnostic: BL0PR12MB2449:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	20:AdLWzKcHMVUzSotkbrMLEHfKyWouK15S9auhTCVOmJ8uw8t7CygxYT1uHAM/O9VII4i322+5jqQWBd8vm87773VosZu/GMgr3VoVsgKMjHEa7/FYAnIwUESyBTF1YwYq6Rv5uy+7/nK77bxG2YAINwway93itTip9wwGGsBB7vMA65rMXXXHDAdr9lBGgs/khErbGA9Ve4CubbFI2MtgRjGLS9vKgmv+bTHil4nH4MnT94sF+vKWcGBo9oVyzqIvnudRcTwQCwiHUcn2G5wR8scBU1lnm91MHNPJPzHwFw2Q/TBB4U7agkCnxAqo48SfeXv9MxnOK9xi4JdTomSnQApn3m0LZjMZ9etLOJM9csUbOppOab+QkuWuP2lUbILwdAO5WVeyaxzOeTrqzawmnKdreFfXUc7GrA5CN5hud6bCobQquZzLOLQ8o2Ffo/dY/K/U5pFYMtS/nu+hIjeeaeXvIymP9Evyza1z15SN1hwZ/7fybwgWnd1426tSuhk9;
	4:FAN8tK1jVeLFsDD1C7RrYC4TiDVPdsq0H1mnn7TzHiPagkr94u2ydT8kO4D1e4Vvyr383cqUyOJ42Ke66TymZZiTFfLADAQ0+RfsNN0w3f1Z2qoJg2qLVV1wPuOglWawTr58v+Rl0eVbo4M56bze3I/VrkNFKeP3tFpYc25PFODYxNjHN5XVnnvShLW+VEa7VJUNg5B7k4ANIGPtA+sCvbniatP7+oogCUXHdZyrKk5nhu7NfsrLL5U0aLOCo3B8b1F2lfNwAaPwZnIZeSafbG7qQIQbo6PolEIfXWpCsdzz3gHjBSIImgBnPHrcv0N/DOB3oBYhuenD7Gv5PJM0XA==
X-Microsoft-Antispam-PRVS: 
 <BL0PR12MB244961597D8BB179E9642B20E56B0@BL0PR12MB2449.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(767451399110);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011)(7699016);
	SRVR:BL0PR12MB2449; BCL:0; PCL:0; RULEID:; SRVR:BL0PR12MB2449;
X-Forefront-PRVS: 06818431B9
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(346002)(376002)(396003)(366004)(39380400002)(39860400002)(15404003)(199004)(189003)(956004)(6116002)(53936002)(1076002)(3846002)(4326008)(2616005)(6306002)(236005)(36756003)(446003)(97736004)(11346002)(5660300001)(66066001)(16526019)(15650500001)(47776003)(186003)(6916009)(6666003)(44832011)(6486002)(86362001)(575784001)(16586007)(2351001)(26005)(478600001)(59450400001)(2906002)(76176011)(2361001)(51416003)(68736007)(50466002)(966005)(606006)(25786009)(476003)(52116002)(7696005)(54906003)(48376002)(7736002)(305945005)(106356001)(386003)(316002)(53416004)(486006)(81166006)(81156014)(8676002)(105586002)(50226002)(8936002)(44824005)(19607625011);
	DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR12MB2449;
	H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en;
	PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BL0PR12MB2449;
	23:ddGUpQvDymWQq0G9z/5s4lFCREEvUWGuDstDJ9sbe?=
	=?us-ascii?Q?nPcVLJOKaf3rDorO3G1KINlfxr8RL1sqzy5VzxqFHWnxiESnTaPjYNvnwqpE?=
	=?us-ascii?Q?ehBJduq7hL63rkxoxzU+QHN5ODfryKT5TbGLNDiYaoSkAzWP3pR+Daf/UEWm?=
	=?us-ascii?Q?LuXSH/eLHGAj+0ZH6vDqz/H0qaexjBnu3Kcml749s6UHvOg4YKnqBIgVZLlV?=
	=?us-ascii?Q?0WGr0pY6kKSZJzcFYaou3Y2S3SUg6Zp3zG1MF9ENjGDzARCOFEB75yH77Nbq?=
	=?us-ascii?Q?vQK9UhtlnbOZ/9x5XIkea/sFhp/Tu+rcrkqKPxTFKN0RpKSwMXssKNixBbZx?=
	=?us-ascii?Q?wonSEecJ0NMG/5TQYQrwqUsD/WDAIhuWNSf9ncnLZlTMGpgzVKSMvJ5dsXGH?=
	=?us-ascii?Q?aWxFzgJfTb5TM5wgA1p9zWum5FNrILMxPelOxcw14mQ8mIRh03PXlh1KYZMq?=
	=?us-ascii?Q?f8nDZTH34JCaZysYQiD2+cQD0vBX5Z15qKFFhBDqAVLZDTNW/EenvTZ3GI5E?=
	=?us-ascii?Q?qj0YkWzNWxK3Ktx3qe0UGtvFuUfa+/AP0glDKjdGoE2RZs+MHSjq640XzvkY?=
	=?us-ascii?Q?iyvzw2hje3HznKiithntMbVI6xHQpaA4PRdk0hGUFubb6GcRNTEupB0FQhg5?=
	=?us-ascii?Q?AMye94B9mddnWXuOSrU/cMdmlkqgpHGUqZW+VVb1lPJU5bcf6w988YidIYSv?=
	=?us-ascii?Q?iYlOizshJ+9e+rGzZzWbqnNOZulAJBedbIezwMBQBMr0QUAGJDHIyZWzTPvp?=
	=?us-ascii?Q?CLgQoM+ihlvJysPUeNU1xCdCKbiDfoDuNsMeaHIVIRWIRB5bgZYFC0yW6UAV?=
	=?us-ascii?Q?IIPk3zmHRg2I5dZWdCTFwua+/7APZP7Th2FR2IuL/laEfIRSPv7R2rCtWFbR?=
	=?us-ascii?Q?eWZAYzVYulNt9W4OxYctPF/kaOFbWq4Pt5UPbc3gO08RWTTEr+4KQZc3ZHRb?=
	=?us-ascii?Q?v3fQZC4q8FVSDALNhxeSK1eLXXHjcjbW/Kv+YLUZHJghX0TxWq2PBB8w2aem?=
	=?us-ascii?Q?L8cxT1Dck96y1RrqAu4nVGas3vMHL/dehxvEZHOisZtKYIkGo5+pzx7PQVZz?=
	=?us-ascii?Q?cq0L1kxbtyyTmDJyQ08wHCr7DDj6F0kG3UpnV6+Rn7Fhwcc8z0fFS+BRNHKi?=
	=?us-ascii?Q?CzXJVNskJUXaPX2wePPFsyHycJ2gHcurWFuU2Lrbk5zI3zDkx3NzIdAc2UEm?=
	=?us-ascii?Q?PVzGHOdA14Jw3BtIl3xn+TUBfyKrFrXrz4qieF5yE1SV3KpYo3yB3AyL6IrP?=
	=?us-ascii?Q?r4oB1fkfSzai+xdjXwgelzn7aqXS6pKq1FRTXVLQVQPik1SfCWjmP8jVMpO6?=
	=?us-ascii?Q?SAehyWJB3vJ1WvsDv5xNk1wdDyS2dmhP/LTI7TaHebaCc5urrDNkCMneCnr6?=
	=?us-ascii?Q?wVZmU+bztigBFO9QcHHa6/XcLHvjfkW1nilgfhHdq1WmTekfJrQ98AuKeFex?=
	=?us-ascii?Q?A3et9ggNTQlx+thjje01jLRGCoIRglRqQ2PK2CfzkMdl2bDuJEXu8bOYPPKI?=
	=?us-ascii?Q?3s0EbFfx6O2mg=3D=3D?=
X-Microsoft-Antispam-Message-Info: 
 HWFQZpsksjjSO/tf7PltFt83eDRpqMLMclmFjkFcMRLNpm7Hk9xHOavyx/WAEtvC+NO2KOHt+bq1m4tMZ3F8DTGcJ2H2fKjXMT0V7fea78+GoXO0MgJvSX3aI6R5vLbq5jxdBKC6a5Q6XY7HdnsRnS7x7xHHGPGHtRBDzezwopE1h4sj8uBhYdgftuAvpmrI
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	6:KMQ3Td34hnrj4X5yOSYGiTptqVbYUOqwgvS7a1by/dPMUIpimRrGALcqCeeolplqHAGjeMag1V6q9ajidhtEiAdVycn2OjmjOUTxhYd50+7sot7hM2vNdPfbh4WP8Onq6INwGXcHkeV+1DBBRzazFumHAR8n+IKDTKpat6OCHxa6xheAzhgK6DlyhDeJsu+qhs7xXpe6fu9Tc8aWZFjgQRdZNy1MVrC396ro7+2RugQXTCpzKpeZl44LrYBir86zOeeOsTP5nH6RTL5T37pQef81ID22eQ3ERtd/tnRDYMqXD6djCu55h3xyDPFGoTjSSo2zDH1E6A003QYYbjLnl70q71L9ekal3bBAK8XtGDzsJaTY40HAv7PjmfX1yZlr1sOyUltWDhVGR5/55ZQKTCqxJ4IYKwZ+ceDfs2egcMVFwFqB1ti7A2qcCSei0g9EVYjh0olkxk/2stZ5kUQsRw==;
	5:ReBjkUVy5MeG9+9Hqh2VhIeJzFO5S6sy0QkuLSQMxEdHPXRsW8TXZLZm+uXPP8zNdRfckl4EYBkwsDFZIBlPiUDM08aCXhiNDpuLmF93Fz9bbq9kduHbFftHUW5TnwL0+W5tv7XAIsevZnXP9gOdLZWy4TIH4jStWCoPWMV/He0=;
	24:oqn4Hl+mtCaFsCwRmH6TayLl967wmm1r3T9sVpPeRGkDQCoEZic21ZMDMn9Wnkxh7MVKlh8FPHSArL+cB6bUuJxIqLHI3rKtbKLixGtGsqU=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	7:oEMJNZt5tUOprybzLfgne7eH7BM4DWsRi4wYF7MkbVqTB5sjwpNmiCsHdCO503BIJKwPMmcIToAhXHIzAu9v9+nAlOCqnh6/ygmkgsFROwbxcb9ZvAW3IPdXNHHnJo6yK1xC7EpGlcu8oTqmWF9Cdl3POTbIXAEdf20/7IO19hwbe7GWeZWFdecgPly3znbhrQ7pd7ZIBNEVgPajwESsrcPXDN/Ee9Q96EicHz5haVKu09HW7C1cbBUuiTsb4SPl;
	20:o7po/x92rPx3Xl4+LD5Y/UJ2T1ljrDwXHAo9G9salcGkg2xzSqlAYU9GmD6eaeMzDsuL4L7o8QuEo0wTUKw/YoOeka2UjJ+qAnEnx3PSPw/O8nYK7IPUF2gypGQc5/a1SCNH8ZjX+d6N2f/X/7yh2hhYfXFtQUAn6j948EnRD29LqqbC1QOlLmkHg3JpPJkdLkBj3CT/hVmDFOwZfTk8GXQrTP1tZKFBoXxWmairwGMGEQBFl18fKbufuaffVQYe
X-MS-Office365-Filtering-Correlation-Id: 83eec2e8-b42f-40ad-66ed-08d5c0f2cc80
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2018 21:18:58.1574 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 83eec2e8-b42f-40ad-66ed-08d5c0f2cc80
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2449
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.45]); Wed, 23 May 2018 21:19:07 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.45]);
	Wed, 23 May 2018 21:19:07 +0000 (UTC) for IP:'104.47.36.40'
	DOMAIN:'mail-sn1nam02on0040.outbound.protection.outlook.com'
	HELO:'NAM02-SN1-obe.outbound.protection.outlook.com'
	FROM:'brijesh.singh@amd.com' RCPT:''
X-RedHat-Spam-Score: -1.031  (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,
	T_DKIMWL_WL_MED) 104.47.36.40
	mail-sn1nam02on0040.outbound.protection.outlook.com
	104.47.36.40
	mail-sn1nam02on0040.outbound.protection.outlook.com
	<brijesh.singh@amd.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.45
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-loop: libvir-list@redhat.com
Cc: Tom Lendacky <thomas.lendacky@amd.com>, Peter Krempa <pkrempa@redhat.com>,
	Erik Skultety <eskultet@redhat.com>, Jon Grimm <Jon.Grimm@amd.com>,
	Andrea Bolognani <abologna@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>, Borislav Petkov <bp@suse.de>
Subject: [libvirt] [PATCH v6 3/9] conf: introduce launch-security element in
	domain
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]);
 Wed, 23 May 2018 21:19:38 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

The launch-security element can be used to define the security
model to use when launching a domain. Currently we support 'sev'.

When 'sev' is used, the VM will be launched with AMD SEV feature enabled.
SEV feature supports running encrypted VM under the control of KVM.
Encrypted VMs have their pages (code and data) secured such that only the
guest itself has access to the unencrypted version. Each encrypted VM is
associated with a unique encryption key; if its data is accessed to a
different entity using a different key the encrypted guests data will be
incorrectly decrypted, leading to unintelligible data.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 docs/formatdomain.html.in                          | 115 ++++++++++++++++++
 docs/schemas/domaincommon.rng                      |  39 ++++++
 src/conf/domain_conf.c                             | 133 +++++++++++++++++=
++++
 src/conf/domain_conf.h                             |  27 +++++
 tests/genericxml2xmlindata/launch-security-sev.xml |  24 ++++
 tests/genericxml2xmltest.c                         |   2 +
 6 files changed, 340 insertions(+)
 create mode 100644 tests/genericxml2xmlindata/launch-security-sev.xml

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 665d0f25293e..cab08ea52003 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -8310,6 +8310,121 @@ qemu-kvm -net nic,model=3D? /dev/null
=20
     <p>Note: DEA/TDEA is synonymous with DES/TDES.</p>
=20
+    <h3><a id=3D"sev">Secure Encrypted Virtualization (SEV)</a></h3>
+
+    <p>
+       The contents of the <code>&lt;launch-security type=3D'sev'&gt;</cod=
e> element
+       is used to provide the guest owners input used for creating an encr=
ypted
+       VM using the AMD SEV feature.
+
+       SEV is an extension to the AMD-V architecture which supports running
+       encrypted virtual machine (VMs) under the control of KVM. Encrypted
+       VMs have their pages (code and data) secured such that only the gue=
st
+       itself has access to the unencrypted version. Each encrypted VM is
+       associated with a unique encryption key; if its data is accessed to=
 a
+       different entity using a different key the encrypted guests data wi=
ll
+       be incorrectly decrypted, leading to unintelligible data.
+
+       For more information see various input parameters and its format se=
e the SEV API spec
+       <a href=3D"https://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec=
ification.pdf"> https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specifi=
cation.pdf </a>
+       <span class=3D"since">Since 4.4.0</span>
+       </p>
+    <pre>
+&lt;domain&gt;
+  ...
+  &lt;launch-security type=3D'sev'&gt;
+    &lt;policy&gt; 0x0001 &lt;/policy&gt;
+    &lt;cbitpos&gt; 47 &lt;/cbitpos&gt;
+    &lt;reduced-phys-bits&gt; 1 &lt;/reduced-phys-bits&gt;
+    &lt;session&gt; AAACCCDD=3DFFFCCCDSDS &lt;/session&gt;
+    &lt;dh-cert&gt; RBBBSDDD=3DFDDCCCDDDG &lt;/dh&gt;
+  &lt;/sev&gt;
+  ...
+&lt;/domain&gt;
+</pre>
+
+    <dl>
+      <dt><code>cbitpos</code></dt>
+      <dd>The required <code>cbitpos</code> element provides the C-bit (ak=
a encryption bit)
+      location in guest page table entry. The value of <code>cbitpos</code=
> is
+      hypervisor dependent and can be obtained through the <code>sev</code=
> element
+      from the domain capabilities.
+      </dd>
+      <dt><code>reduced-phys-bits</code></dt>
+      <dd>The required <code>reduced-phys-bits</code> element provides the=
 physical
+      address bit reducation. Similar to <code>cbitpos</code> the value of=
 <code>
+      reduced-phys-bit</code> is hypervisor dependent and can be obtained
+      through the <code>sev</code> element from the domain capabilities.
+      </dd>
+      <dt><code>policy</code></dt>
+      <dd>The required <code>policy</code> element provides the guest poli=
cy
+      which must be maintained by the SEV firmware. This policy is enforce=
d by
+      the firmware and restricts what configuration and operational comman=
ds
+      can be performed on this guest by the hypervisor. The guest policy
+      provided during guest launch is bound to the guest and cannot be cha=
nged
+      throughout the lifetime of the guest. The policy is also transmitted
+      during snapshot and migration flows and enforced on the destination =
platform.
+
+      The guest policy is a 4 unsigned byte with the fields shown in Table:
+
+      <table class=3D"top_table">
+        <tr>
+          <th> Bit(s) </th>
+          <th> Description </th>
+        </tr>
+        <tr>
+          <td> 0 </td>
+          <td> Debugging of the guest is disallowed when set </td>
+        </tr>
+        <tr>
+          <td> 1 </td>
+          <td> Sharing keys with other guests is disallowed when set </td>
+        </tr>
+        <tr>
+          <td> 2 </td>
+          <td> SEV-ES is required when set</td>
+        </tr>
+        <tr>
+          <td> 3 </td>
+          <td> Sending the guest to another platform is disallowed when se=
t</td>
+        </tr>
+        <tr>
+          <td> 4 </td>
+          <td> The guest must not be transmitted to another platform that =
is
+               not in the domain when set. </td>
+        </tr>
+        <tr>
+          <td> 5 </td>
+          <td> The guest must not be transmitted to another platform that =
is
+               not SEV capable when set. </td>
+        </tr>
+        <tr>
+          <td> 15:6 </td>
+          <td> reserved </td>
+        </tr>
+        <tr>
+          <td> 16:32 </td>
+          <td> The guest must not be transmitted to another platform with a
+               lower firmware version. </td>
+        </tr>
+      </table>
+
+      </dd>
+      <dt><code>dh-cert</code></dt>
+      <dd>The optional <code>dh-cert</code> element provides the guest own=
ers
+      base64 encoded Diffie-Hellman (DH) key. The key is used to negotiate=
 a
+      master secret key between the SEV firmware and guest owner. This mas=
ter
+      secret key is then used to establish a trusted channel between SEV
+      firmware and guest owner.
+      </dd>
+      <dt><code>session</code></dt>
+      <dd>The optional <code>session</code> element provides the guest own=
ers
+      base64 encoded session blob defined in the SEV API spec.
+
+      See SEV spec LAUNCH_START section for the session blob format.
+      </dd>
+    </dl>
+
     <h2><a id=3D"examples">Example configs</a></h2>
=20
     <p>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index f16e157397d4..69b6c84b9540 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -77,6 +77,9 @@
         <optional>
           <ref name=3D'keywrap'/>
         </optional>
+        <optional>
+          <ref name=3D'launch-security'/>
+        </optional>
       </interleave>
     </element>
   </define>
@@ -436,6 +439,42 @@
     </element>
   </define>
=20
+  <define name=3D"launch-security">
+    <element name=3D"launch-security">
+      <attribute name=3D"type">
+        <value>sev</value>
+      </attribute>
+      <interleave>
+        <element name=3D"cbitpos">
+          <data type=3D'unsignedInt'/>
+        </element>
+        <element name=3D"reduced-phys-bits">
+          <data type=3D'unsignedInt'/>
+        </element>
+        <optional>
+          <element name=3D"policy">
+            <ref name=3D'hexuint'/>
+          </element>
+        </optional>
+        <optional>
+          <element name=3D"handle">
+            <ref name=3D'unsignedInt'/>
+          </element>
+        </optional>
+        <optional>
+          <element name=3D"dh-cert">
+            <data type=3D"string"/>
+          </element>
+        </optional>
+        <optional>
+          <element name=3D"session">
+            <data type=3D"string"/>
+          </element>
+        </optional>
+      </interleave>
+    </element>
+  </define>
+
   <!--
       Enable or disable perf events for the domain. For each
       of the events the following rules apply:
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 225309809029..8fde7f8d0359 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -933,6 +933,10 @@ VIR_ENUM_IMPL(virDomainShmemModel, VIR_DOMAIN_SHMEM_MO=
DEL_LAST,
               "ivshmem-plain",
               "ivshmem-doorbell")
=20
+VIR_ENUM_IMPL(virDomainLaunchSecurity, VIR_DOMAIN_LAUNCH_SECURITY_LAST,
+              "",
+              "sev")
+
 static virClassPtr virDomainObjClass;
 static virClassPtr virDomainXMLOptionClass;
 static void virDomainObjDispose(void *obj);
@@ -2904,6 +2908,19 @@ virDomainCachetuneDefFree(virDomainCachetuneDefPtr c=
achetune)
 }
=20
=20
+static void
+virDomainSevDefFree(virDomainSevDefPtr def)
+{
+    if (!def)
+        return;
+
+    VIR_FREE(def->dh_cert);
+    VIR_FREE(def->session);
+
+    VIR_FREE(def);
+}
+
+
 void virDomainDefFree(virDomainDefPtr def)
 {
     size_t i;
@@ -3085,6 +3102,8 @@ void virDomainDefFree(virDomainDefPtr def)
     if (def->namespaceData && def->ns.free)
         (def->ns.free)(def->namespaceData);
=20
+    virDomainSevDefFree(def->sev);
+
     xmlFreeNode(def->metadata);
=20
     VIR_FREE(def);
@@ -15688,6 +15707,85 @@ virDomainMemoryTargetDefParseXML(xmlNodePtr node,
 }
=20
=20
+static virDomainSevDefPtr
+virDomainSevDefParseXML(xmlNodePtr sevNode,
+                        xmlXPathContextPtr ctxt)
+{
+    char *tmp =3D NULL;
+    char *type =3D NULL;
+    xmlNodePtr save =3D ctxt->node;
+    virDomainSevDefPtr def;
+    unsigned long policy;
+
+    ctxt->node =3D sevNode;
+
+    if (VIR_ALLOC(def) < 0)
+        return NULL;
+
+    if (!(type =3D virXMLPropString(sevNode, "type"))) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("missing launch-security type"));
+        goto error;
+    }
+
+    def->sectype =3D virDomainLaunchSecurityTypeFromString(type);
+    switch ((virDomainLaunchSecurity) def->sectype) {
+        case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
+            break;
+        case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
+        case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
+        default:
+            virReportError(VIR_ERR_XML_ERROR,
+                            _("unsupported launch-security type '%s'"),
+                            type);
+            goto error;
+    }
+
+    if (virXPathUInt("string(./cbitpos)", ctxt, &def->cbitpos) < 0) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                        _("failed to get launch-security cbitpos"));
+        goto error;
+    }
+
+    if (virXPathUInt("string(./reduced-phys-bits)", ctxt,
+                    &def->reduced_phys_bits) < 0) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                       _("failed to get launch-security reduced-phys-bits"=
));
+        goto error;
+    }
+
+    if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) {
+        virReportError(VIR_ERR_XML_ERROR, "%s",
+                        _("failed to get launch-security policy"));
+        goto error;
+    }
+
+    def->policy =3D policy;
+
+    if ((tmp =3D virXPathString("string(./dh-cert)", ctxt))) {
+        if (VIR_STRDUP(def->dh_cert, tmp) < 0)
+            goto error;
+
+        VIR_FREE(tmp);
+    }
+
+    if ((tmp =3D virXPathString("string(./session)", ctxt))) {
+        if (VIR_STRDUP(def->session, tmp) < 0)
+            goto error;
+
+        VIR_FREE(tmp);
+    }
+
+    ctxt->node =3D save;
+    return def;
+
+ error:
+    VIR_FREE(tmp);
+    virDomainSevDefFree(def);
+    ctxt->node =3D save;
+    return NULL;
+}
+
 static virDomainMemoryDefPtr
 virDomainMemoryDefParseXML(virDomainXMLOptionPtr xmlopt,
                            xmlNodePtr memdevNode,
@@ -20370,6 +20468,13 @@ virDomainDefParseXML(xmlDocPtr xml,
     ctxt->node =3D node;
     VIR_FREE(nodes);
=20
+    /* Check for SEV feature */
+    if ((node =3D virXPathNode("./launch-security", ctxt)) !=3D NULL) {
+        def->sev =3D virDomainSevDefParseXML(node, ctxt);
+        if (!def->sev)
+            goto error;
+    }
+
     /* analysis of memory devices */
     if ((n =3D virXPathNodeSet("./devices/memory", ctxt, &nodes)) < 0)
         goto error;
@@ -26263,6 +26368,32 @@ virDomainKeyWrapDefFormat(virBufferPtr buf, virDom=
ainKeyWrapDefPtr keywrap)
     virBufferAddLit(buf, "</keywrap>\n");
 }
=20
+
+static void
+virDomainSevDefFormat(virBufferPtr buf, virDomainSevDefPtr sev)
+{
+    if (!sev)
+        return;
+
+    virBufferAsprintf(buf, "<launch-security type=3D'%s'>\n",
+                      virDomainLaunchSecurityTypeToString(sev->sectype));
+    virBufferAdjustIndent(buf, 2);
+
+    virBufferAsprintf(buf, "<cbitpos>%d</cbitpos>\n", sev->cbitpos);
+    virBufferAsprintf(buf, "<reduced-phys-bits>%d</reduced-phys-bits>\n",
+                      sev->reduced_phys_bits);
+    virBufferAsprintf(buf, "<policy>0x%04x</policy>\n", sev->policy);
+    if (sev->dh_cert)
+        virBufferEscapeString(buf, "<dh-cert>%s</dh-cert>\n", sev->dh_cert=
);
+
+    if (sev->session)
+        virBufferEscapeString(buf, "<session>%s</session>\n", sev->session=
);
+
+    virBufferAdjustIndent(buf, -2);
+    virBufferAddLit(buf, "</launch-security>\n");
+}
+
+
 static void
 virDomainPerfDefFormat(virBufferPtr buf, virDomainPerfDefPtr perf)
 {
@@ -27451,6 +27582,8 @@ virDomainDefFormatInternal(virDomainDefPtr def,
     if (def->keywrap)
         virDomainKeyWrapDefFormat(buf, def->keywrap);
=20
+    virDomainSevDefFormat(buf, def->sev);
+
     virBufferAdjustIndent(buf, -2);
     virBufferAddLit(buf, "</domain>\n");
=20
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 37356df42d71..d1c101cc4673 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -142,6 +142,9 @@ typedef virDomainPanicDef *virDomainPanicDefPtr;
 typedef struct _virDomainMemoryDef virDomainMemoryDef;
 typedef virDomainMemoryDef *virDomainMemoryDefPtr;
=20
+typedef struct _virDomainSevDef virDomainSevDef;
+typedef virDomainSevDef *virDomainSevDefPtr;
+
 /* forward declarations virDomainChrSourceDef, required by
  * virDomainNetDef
  */
@@ -2297,6 +2300,26 @@ struct _virDomainKeyWrapDef {
     int dea; /* enum virTristateSwitch */
 };
=20
+typedef enum {
+    VIR_DOMAIN_LAUNCH_SECURITY_NONE,
+    VIR_DOMAIN_LAUNCH_SECURITY_SEV,
+
+    VIR_DOMAIN_LAUNCH_SECURITY_LAST,
+} virDomainLaunchSecurity;
+
+typedef struct _virDomainSevDef virDomainSevDef;
+typedef virDomainSevDef *virDomainSevDefPtr;
+
+struct _virDomainSevDef {
+    int sectype; /* enum virDomainLaunchSecurity */
+    char *dh_cert;
+    char *session;
+    unsigned int policy;
+    unsigned int cbitpos;
+    unsigned int reduced_phys_bits;
+};
+
+
 typedef enum {
     VIR_DOMAIN_IOMMU_MODEL_INTEL,
=20
@@ -2462,6 +2485,9 @@ struct _virDomainDef {
=20
     virDomainKeyWrapDefPtr keywrap;
=20
+    /* SEV-specific domain */
+    virDomainSevDefPtr sev;
+
     /* Application-specific custom metadata */
     xmlNodePtr metadata;
=20
@@ -3358,6 +3384,7 @@ VIR_ENUM_DECL(virDomainMemorySource)
 VIR_ENUM_DECL(virDomainMemoryAllocation)
 VIR_ENUM_DECL(virDomainIOMMUModel)
 VIR_ENUM_DECL(virDomainShmemModel)
+VIR_ENUM_DECL(virDomainLaunchSecurity)
 /* from libvirt.h */
 VIR_ENUM_DECL(virDomainState)
 VIR_ENUM_DECL(virDomainNostateReason)
diff --git a/tests/genericxml2xmlindata/launch-security-sev.xml b/tests/gen=
ericxml2xmlindata/launch-security-sev.xml
new file mode 100644
index 000000000000..fb64e1e4bec3
--- /dev/null
+++ b/tests/genericxml2xmlindata/launch-security-sev.xml
@@ -0,0 +1,24 @@
+<domain type=3D'kvm'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit=3D'KiB'>219100</memory>
+  <currentMemory unit=3D'KiB'>219100</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-1.0'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+  </devices>
+  <launch-security type=3D'sev'>
+    <cbitpos>47</cbitpos>
+    <reduced-phys-bits>1</reduced-phys-bits>
+    <policy>0x0001</policy>
+    <dh-cert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dh-c=
ert>
+    <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
+  </launch-security>
+</domain>
diff --git a/tests/genericxml2xmltest.c b/tests/genericxml2xmltest.c
index d8270a6cae82..366ac6f9c3ab 100644
--- a/tests/genericxml2xmltest.c
+++ b/tests/genericxml2xmltest.c
@@ -141,6 +141,8 @@ mymain(void)
     DO_TEST_FULL("cachetune-colliding-types", false, true,
                  TEST_COMPARE_DOM_XML2XML_RESULT_FAIL_PARSE);
=20
+    DO_TEST("launch-security-sev");
+
     virObjectUnref(caps);
     virObjectUnref(xmlopt);
=20
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Thu May  2 22:35:13 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527110472512888.7324587824398;
 Wed, 23 May 2018 14:21:12 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id B47AB67E0F;
	Wed, 23 May 2018 21:21:09 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id C8984106223E;
	Wed, 23 May 2018 21:21:08 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1348D4CA84;
	Wed, 23 May 2018 21:21:08 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4NLJJsG028802 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 23 May 2018 17:19:19 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 333685D761; Wed, 23 May 2018 21:19:19 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx10.extmail.prod.ext.phx2.redhat.com
	[10.5.110.39])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5E8BB5D6B4;
	Wed, 23 May 2018 21:19:16 +0000 (UTC)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com
	(mail-sn1nam01on0058.outbound.protection.outlook.com [104.47.32.58])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 7E11813B224;
	Wed, 23 May 2018 21:19:08 +0000 (UTC)
Received: from wsp141597wss.amd.com (165.204.78.1) by
	BL0PR12MB2449.namprd12.prod.outlook.com (2603:10b6:207:4d::31) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.797.11; Wed, 23 May 2018 21:18:59 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=j9+desLtoUGHWFj572EhBoRlj/fJkW0WY6x6fBDYct0=;
	b=AdJr0Koklp67JHzTIpIoP+qFQ1QssF5yfTz8udZRqdZO62TJf9eGP4HlNG3SfFhK3bdOl8IGVgywQyiGixmUVr00PqX7AUswVXu03xxm03o78uIDYH/sV+AZnNhtVLhFY6wIM0D2i5adNPeb7yK0gsNnKdlAhG1qCKJ9h3sZwBE=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: libvir-list@redhat.com
Date: Wed, 23 May 2018 16:18:29 -0500
Message-Id: <20180523211834.15817-5-brijesh.singh@amd.com>
In-Reply-To: <20180523211834.15817-1-brijesh.singh@amd.com>
References: <20180523211834.15817-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: SN2PR01CA0050.prod.exchangelabs.com (2603:10b6:800::18) To
	BL0PR12MB2449.namprd12.prod.outlook.com
	(2603:10b6:207:4d::31)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);
	SRVR:BL0PR12MB2449;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	3:MIuRmxkondmYgygDp2boRpFnCHpq/ODsymwnTmclA8edfsRS2HliDyFUbc00QQJGSEgtNg/FevCkcXlOYRTBVrHCFQFFZDEUUWqV4iWBCfX6mnmodKm+EJT0rXpoJFvPh9wm/xgozElVlQvWtSy3hyuQ69LqU64+mx03X7wz30FkaX9IrY+NS6iM9N3fqOjwA4OkDkVokseHKMOeS5DGMx5h9LFyxlA0JovGAjoijUzual+c9H4ynlvqa9dbR2ct;
	25:KK1oU+BTu0rCLlVdcdchhZiHzg3ujsWgjB+PJbVtlc8hphlGJTwYOBRH21vxauYVA22AUWvCQRvtSqyrHeXky2daRJUcg1L4T/Ka8VSnZKKjDdCuDjKM7YRI5DXk98350+ufHJ+1GMKFvAQWnDgc2dXmQMD8GVlRQ4mU6+95jVTzvZMjm/dv50ReHGleJ9wyE37UqdBi9myDSVw21Kg54khJgHHC4e1fAvAUxLtbc3cywiXZdp31qaTPybMIwpHhKXgyztGLU6Tc9C5teZI51g8KU+m7npVkfWCyIrWsv34xGRLGVNGFua2D0Fvzd4bzFt7mbv+t9aTft8R0WtASCw==;
	31:/F+UzFxQWo0CNfs3d2Asnjc+bf51ja2ITC4ZWfuiu2ry24jhAP5A9+dBU21y4ylnHORfnXJ3tlBx3vrUj4kYQRHWcIBA0oc2NzpHEvSjSzwmiFRbjWZQyhvcG9xKM2YWhZnaEWzPRWMWTQiCqHiybP4bmruXLdQIASemHiJ6R6raRtlvvyOZEU0DB3DxjvgpvESmROgMfrV5RDK8nvFAO1kKnFEcG8dntpRwwsi2zBc=
X-MS-TrafficTypeDiagnostic: BL0PR12MB2449:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	20:XkBFpPUIbqkkaMAAz4oJUM0LAfAEjqhtP5rNaH4BvGYvAvq8vJPSZH1qMRB7UbD3pGEEDH/yj9P8z8XOH8Ib0ClzDXVZ2xrCiUZS64AByreoCswjhhgct/eUxel3sJ1LqyGnnmnqzx8ojFUcO7oo1jEmGiDDujn9b/Ogi58eLTmayd5Tt8v6VawJIlYGQZHPaBbrk5usq8/xX8zdVylRDt2RyAeG7UI4mxFCfviOB70d9Zjg/Fx8g2efspFBbUzSiJTSeRxPvSWS6h0rFbT+rjxl2ZwADshX7ITT5+ALLlNmgEzZP3dp1pYIuNhG2/BurmdFB54tlpjGvbbMD7W/4P9nCYl2Jd1XLtOOowv3rAf6IitMO9IK1tXM5syuGztj0j0Wu0cj2+5aWV3l/4Gmzrb+ee630RZn2UuvErrnlJyJ8VWJctHD9tZewngV6TWBvfZCbPLZ7QXw0Gmv3fZDql3XTEwhB0JfkarxxLLfFZVDlOqRbFaS83gLyGXD9K1u;
	4:ffApztNxBOQROHC6pE670r/mYKdxEfOkFGASbrLclUJIIzGTq10fOAZHg4kDtxbil2A7OtjRhUXNVzmF46vQzuxOm4rVSSoY9A7p8uS8rMHA5/tTrcE/jZxiuB+nAxuaXj3jWcNPihlsFuEg+XoRTUmCF5mAs4h6JvysArVY9RQaRnOaOu1S5bajU9W6UBrcjAz1vaTD5E/cqmKC3CLvtzJRSrWkVvT6jriKoxjrY9/qhJqAXMKQxiIyvLt9xNCZ7grEOFD/7y6CPj8HkfpM91oogcTtKsHYdbMpwZai6UQA+D7uwB5LyOnNWcMyCvw2
X-Microsoft-Antispam-PRVS: 
 <BL0PR12MB2449F4FC6BD7FDF5C8523B70E56B0@BL0PR12MB2449.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(767451399110);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011)(7699016);
	SRVR:BL0PR12MB2449; BCL:0; PCL:0; RULEID:; SRVR:BL0PR12MB2449;
X-Forefront-PRVS: 06818431B9
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(346002)(376002)(396003)(366004)(39380400002)(39860400002)(199004)(189003)(956004)(6116002)(53936002)(1076002)(3846002)(4326008)(2616005)(36756003)(446003)(97736004)(11346002)(5660300001)(66066001)(16526019)(47776003)(186003)(6916009)(6666003)(44832011)(6486002)(86362001)(16586007)(2351001)(26005)(478600001)(2906002)(76176011)(2361001)(51416003)(68736007)(50466002)(25786009)(476003)(52116002)(7696005)(54906003)(48376002)(7736002)(305945005)(106356001)(386003)(316002)(53416004)(486006)(81166006)(81156014)(8676002)(105586002)(50226002)(8936002);
	DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR12MB2449;
	H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en;
	PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BL0PR12MB2449;
	23:VUAjgz1IEYfwoUnbev3gSQehQ5fnY8UVuV+0WzYnP?=
	=?us-ascii?Q?+MjXk5Id0Dy/iz7issZzx7I9QzpQopp91npkGRejCyLT6NeI5omLZ4FtlNx+?=
	=?us-ascii?Q?Wib8ZlhOYTY7pJWONLAusENBjdS77ip98V5/acjHHGqgK82nYcqEmTMXLpRI?=
	=?us-ascii?Q?oDP5xr5sr2ynDZV6/i2hnibzWqSCFN+cLEz7jhBsB0jbsINC05L9oH2iTXNj?=
	=?us-ascii?Q?tN2yrTUZe5pNylurw26wkGUjVnIC3bnE/83a1h53As92i+HfUw2NgTH9WkdV?=
	=?us-ascii?Q?DML3Rv8IxxEF43bZoJ/hWY2GeAaWijYKvyXttQCH0n1TNZzpeaDkYA20uITc?=
	=?us-ascii?Q?sE5ODWmOGkmUeGlvzulyGi/4UWSYkmcfru7x7oeQuhijpGgvilnHBwVT3/i4?=
	=?us-ascii?Q?4oTIyJrlOV9aCjTdRt3s/ylK7tQygujVllKeItvxQfY3DOAaRmAUMDbX8qRp?=
	=?us-ascii?Q?NOmntbIMoFB44LtbIcymIn0jb5Iyu/y4Ml0608lyXNDh/wsTIrPWjyafZUAH?=
	=?us-ascii?Q?5T8vC6YsfXPbOpJtgAWuAIYJWj1QRh5vO6///gTpt35jfubl68Ms4WrZ4AC5?=
	=?us-ascii?Q?aTbOzMdNpJKWTAiMSLv5WPJBT+WQeussFO38aW6jZBaTcRgqGgegRStF9nAE?=
	=?us-ascii?Q?XXdiqMRzP7oVtVFnZIRJjRPM3dQ+q7OJhD4Jt4PtHGq207goPj0kmFr2/UHF?=
	=?us-ascii?Q?zL8jKJ+IQ3klsaZVO/qah89YW5MLpNn4FuyK7H9Et50V47TUNtS8pPDyZ8lJ?=
	=?us-ascii?Q?5GV2/AlYUXluNcIAdu2Tp/fB5jjPwHcoUEEaeWXozsydP1C9BPUGsUjAgDG0?=
	=?us-ascii?Q?MimtFbzdwrO1iuUj6G53uapVvGK6tfNECHSc5qoNvBlQEslsKnS5QONUUpHm?=
	=?us-ascii?Q?3dtvf//hCGNIIAX+Jaf3UQyXP5U1QQtSS4naFexmaNARNXILtc8o3jgLhbkN?=
	=?us-ascii?Q?1zq8S/q7+T/De8JYtseOeOOuzjEkaGTNu25ajzLafBj86B+643Y9ESc8SI5v?=
	=?us-ascii?Q?0pfuyu298kwHk7Xct8atuBkiJEuWJKKEDK/A6iuSVyNrS+ir49VtNj6QKTke?=
	=?us-ascii?Q?+3ZQJHlLRG/d69iO3jvUKIlOCeSEwFpHQ/1ZHKDlfSJdxy7SWhiC79gBZY6w?=
	=?us-ascii?Q?/w0W7z5IL35LnN307UBSn8lXpJBeBE4ISltT7RtLYt4DJGmAR3v3HvVmaWww?=
	=?us-ascii?Q?RbSeAAbdMXwkRyt/ffrsic/ioctqaO+4Jhwv4f0IusE5PVFYlj4KwifUv+2R?=
	=?us-ascii?Q?XO/Xz9MO86iDS8CabVgXJjXvGlEP/Hxmmx7gzoi?=
X-Microsoft-Antispam-Message-Info: 
 taFUcUZWQw2oWL5nA3WGoMNpV9VLy9lZBJCEMW8+9uJlkLpsP6nQuWBnx3m9C8kgneyD1ZJIUogk4SG8EbryaWaEIb6L1f4FsmdAqdPup7qRLHgLrLq/4BqRa6aR/TR5pULtCNhh3yMA2DxSPipsCQ8xAaYvSIQqXXGAGPjACTunY0fOw12BdtjayrJ7eJBv
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	6:FVldEG8kUcyMyRTDyzqFMgH2WuG1pe1La9ZkxFjk2PAj4bi/FvKbOu9VVPRykgLEWVVK674ftZhs2bxkRseCAYX/9l9WU/THvrpsnldP/5E3ToUgsz3I944jy9hAFm+P4l+mgrje17LC2eH0u0EoXkApju3RN1D9Trxq5dD1xAQQZn2qMKptYgXCbNSNc9DW4w6nVyoLjk9pEb+A59qhAeEZvY+4TIghl1CjV8elKQOSL1is9yWnxHVjLOi2R/WdB9F+I65Cvfx5KhWP1trA0wfPq+1QD86jy3H7dnf1rAr/58aXfJ7GUUxH+NOztKn+lQgDEmFGzEME70II8MKg3shVgTwZAksBQR8ma7NqM/KWN1MQ8iVInxpFGTW9TQTnffgnVvyAjVA5ilDY1vKuG0UB73kQJUn0MDqGr8oQtTapGMUmfIQj7slcAoWxqDVGl8rK7rCGw0eUkvfsMotRsA==;
	5:5MG/RE+Scd9zf3K+Om22dOziSH3IeS7UOGgC+ZDkWBuZFSVl8HSO5QT19KD8K3W6JQjf1o7qBNkX31t1AODHwvJwr9B2fuHKEaLiEIKClBxqHQgkEB2Hi5BKO4SwpYLELipOPombCHNY2OwdzWCqnVtzY9gC/Dp3pEVh3Cvv4Us=;
	24:FqLc+KxHXmfd58mWZJnGRjclSZUp1dgzVmG2l4v2tLF9isCZG4KVD6k1IKfiBfZgWp9P7mtckHV/paMU6b8JEOpdK4oTZENYpH9EmkcYJ0o=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	7:RrR4NFfxg2Blou5BCgQA7BMvU3lBCY3C24+G3nHckOykQhl2+w7eNe3TSsKb7PNX8jQdFL/V+EHzcj0iF2lDnjyrn/sLXaDryLGZ334egGZXgz9O1ExsXR0c+22xUA0nBQFjIny8yZHVyKR1ZrJ2BVpPQ6zz3BRh0ufk7xVSFwNTWaB+yxvRjcqjTGUOHZ6rpIK6yyvFIvcZuo6slDpvuF+fVBPTGZxj7LGE6oPvPaQlN8ZpjdAPI7ZyxwXhfexu;
	20:zKs5LGGIQFc0ZK2OdC+FK1+iuCguyVJJHtFsBhnXzrGDXqUzVA7T2tUhKibraKKiDDspYhT3DNNuAntROZZVpVuKAAeIQ6JM1B+sENOchnWRZKhnZf9V0QVUBt1CtdfspnaRpEHiSib/HWegbi/wr18Wfvx1yMJSYhDSLgfcy1un7Va4E4tUcp598VF1RVa2liYYnTzGYu1oNSjbH8l12FVv2RoBq5dvWZnV35VXY3p3QiX9cBbGx/hbFEjDYqZw
X-MS-Office365-Filtering-Correlation-Id: 38e43a35-e8d6-458b-e7e8-08d5c0f2cd13
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2018 21:18:59.0950 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 38e43a35-e8d6-458b-e7e8-08d5c0f2cd13
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2449
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.39]); Wed, 23 May 2018 21:19:08 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.39]);
	Wed, 23 May 2018 21:19:08 +0000 (UTC) for IP:'104.47.32.58'
	DOMAIN:'mail-sn1nam01on0058.outbound.protection.outlook.com'
	HELO:'NAM01-SN1-obe.outbound.protection.outlook.com'
	FROM:'brijesh.singh@amd.com' RCPT:''
X-RedHat-Spam-Score: -0.021  (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE,
	SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.32.58
	mail-sn1nam01on0058.outbound.protection.outlook.com
	104.47.32.58
	mail-sn1nam01on0058.outbound.protection.outlook.com
	<brijesh.singh@amd.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.39
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Cc: Tom Lendacky <thomas.lendacky@amd.com>, Peter Krempa <pkrempa@redhat.com>,
	Erik Skultety <eskultet@redhat.com>, Jon Grimm <Jon.Grimm@amd.com>,
	Andrea Bolognani <abologna@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>, Borislav Petkov <bp@suse.de>
Subject: [libvirt] [PATCH v6 4/9] qemu/cgroup: add /dev/sev in shared
	devices list
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]);
 Wed, 23 May 2018 21:21:11 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

QEMU uses /dev/sev device while creating the SEV guest, lets add /dev/sev
in the list of devices allowed to be accessed by the QEMU.

Signed-off-by: Brijesh Singh <<brijesh.singh@amd.com>>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
 docs/drvqemu.html.in               | 1 +
 src/qemu/qemu.conf                 | 2 +-
 src/qemu/qemu_cgroup.c             | 2 +-
 src/qemu/test_libvirtd_qemu.aug.in | 1 +
 4 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/drvqemu.html.in b/docs/drvqemu.html.in
index cbd159da3e10..7c33a1830c7b 100644
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -397,6 +397,7 @@ chmod o+x /path/to/directory
 /dev/random, /dev/urandom,
 /dev/ptmx, /dev/kvm, /dev/kqemu,
 /dev/rtc, /dev/hpet, /dev/net/tun
+/dev/sev
 </pre>
=20
     <p>
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 31738ff19cfc..c6aeeb610310 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -451,7 +451,7 @@
 #    "/dev/null", "/dev/full", "/dev/zero",
 #    "/dev/random", "/dev/urandom",
 #    "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
-#    "/dev/rtc","/dev/hpet"
+#    "/dev/rtc","/dev/hpet", "/dev/sev"
 #]
 #
 # RDMA migration requires the following extra files to be added to the lis=
t:
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 546a4c8e6330..21dcb3cefe37 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -47,7 +47,7 @@ const char *const defaultDeviceACL[] =3D {
     "/dev/null", "/dev/full", "/dev/zero",
     "/dev/random", "/dev/urandom",
     "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
-    "/dev/rtc", "/dev/hpet",
+    "/dev/rtc", "/dev/hpet", "/dev/sev",
     NULL,
 };
 #define DEVICE_PTY_MAJOR 136
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe=
mu.aug.in
index 95885e9f06ae..847d77ae0622 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -60,6 +60,7 @@ module Test_libvirtd_qemu =3D
     { "8" =3D "/dev/kqemu" }
     { "9" =3D "/dev/rtc" }
     { "10" =3D "/dev/hpet" }
+    { "11" =3D "/dev/sev" }
 }
 { "save_image_format" =3D "raw" }
 { "dump_image_format" =3D "raw" }
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Thu May  2 22:35:13 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527110376114403.2604452108254;
 Wed, 23 May 2018 14:19:36 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com
 [10.5.11.27])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id B096E3082A32;
	Wed, 23 May 2018 21:19:28 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7A3ED91EBC;
	Wed, 23 May 2018 21:19:27 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2FF944BB78;
	Wed, 23 May 2018 21:19:27 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com
	[10.5.11.25])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4NLJEij028773 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 23 May 2018 17:19:14 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 68AD52010CD3; Wed, 23 May 2018 21:19:14 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com
	[10.5.110.45])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 2CF2E2010CA0;
	Wed, 23 May 2018 21:19:12 +0000 (UTC)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com
	(mail-sn1nam02on0040.outbound.protection.outlook.com [104.47.36.40])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id F2C3030A6B85;
	Wed, 23 May 2018 21:19:09 +0000 (UTC)
Received: from wsp141597wss.amd.com (165.204.78.1) by
	BL0PR12MB2449.namprd12.prod.outlook.com (2603:10b6:207:4d::31) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.797.11; Wed, 23 May 2018 21:19:00 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=5kxst67FWla2R63aEQwoDaV2sEUOas1fSbO8OKs4gUg=;
	b=IxlJhiNmpSP3Fytdlkv5YJdvbfWJH8S+xr4gflgsfrCbcVIHh8OSSeH7VHdKgWIyK0cn5aoXV4WtSSY+A2osOLeHeSEMncg/HDYLGFZK4Faeap1VA6pLwh85MBUNdnRJKQgMNEYywNeYGaSqvR0FkEqMFq5GesFo0pjAucYridU=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: libvir-list@redhat.com
Date: Wed, 23 May 2018 16:18:30 -0500
Message-Id: <20180523211834.15817-6-brijesh.singh@amd.com>
In-Reply-To: <20180523211834.15817-1-brijesh.singh@amd.com>
References: <20180523211834.15817-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: SN2PR01CA0050.prod.exchangelabs.com (2603:10b6:800::18) To
	BL0PR12MB2449.namprd12.prod.outlook.com
	(2603:10b6:207:4d::31)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);
	SRVR:BL0PR12MB2449;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	3:rHc4CH/XV6dL+TwNYVZK/zTujOvd6nK09o5dgj0BK1oaxkd2bihvQYK7xGulNXAFrfQHTIAVqf40X0KO7zQouTP0oL2Usk8rQLUx5itjj6Gx4h/WXcWBRA2rfKUwteraYV7fWUEQC+LQFrGbjtH8F6MJADfsu0sgDz+G7xZgEfivb6gnnjLSCeS1XKuaGpHfiJwXnjwp5JOdr6wku3qQFY3fvANghJPrvsPPwj6OysBioYERphoAcLonaIUFmYZE;
	25:m/AGN/mG+a1gFeklO9qJZ9dXvAUNX/SzcatjPLLHBjBrUWfAv4qBeoYlEDxsHckU8u7bPpFDc63UTy6ZeNzOwk8cyv5DUT0FvEnTlTAzod8VXCJ/DQ7hijabazGytbDrfjJ859nmBNDWtR2SLgqIWx9Oy9stF5NYbCWXf/KW8K97fxtlL/+FQBvHgQrokEMIn6WB6i8HPXpQr7CgJM3ycO2OHYeffx4N2NSSjsFa84adLuj2jqKq2IFFR67vqWKM8j8aP/Ebm5HTWBb6aQbaeADQYcw/WbPcpKw8A9UloMS4F30y0YisQo38X0A5n6MFX5C1e2RnArNr6XVvbzpFVw==;
	31:Jnoo4tHyiPJvzD0gYkb2+tvJ5s1nuLmtsNayNq0Ij40utbFTzVcoX+u9KNS7I7lL4F8MGAiuPz2tHfpsTsacYFJ0LmhfnEFXMeQ1sHKQ2RXB5Yw1pEkRiuGX9HDXgtKFjihL5GkeHZx1w3lAu582/Z/goHLG+KfSd4eVsfU5PRgq3nS7v+u5q7kHPRFXEeyi/navIa/9AeCr+J6Rz4qs5rokj3SdRI1tciWk80H7piM=
X-MS-TrafficTypeDiagnostic: BL0PR12MB2449:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	20:PPzFneqWzaWs1NUz9AqWH5wPX9aGAvCmM0VXeqI0ew/S40LTtEIuCkq6G/k8TFmXVdfcLKIqsgZBpBBscTMcf/hlgraKKxY3Re4kDIo/i317YPQVCJB5okmMBL4sUFy/3g4VQ2vFi7C+0plBApLDZg8L6edOfAekaCCNeULskmf89cJjqYkYPXZvor75o40fgQocfLCEsqtwtml2x6fA7JzET5NtHv04G1ctx89rz9rS1JnlAyblBH+kOFL0TWhBjkQax19JqtApFq6/wq45n8N91K+sYMHqUZwQXAivUCVoUTKj7sJ42gEKMSLaKDkeDiD83DUCp1fbf0W9mw89gaYCdNCgBdiIrLPwemUAPibiEvvbZwwvkjUEKjGThtdx2sN3FDyUtIjRQN/7rkZzZw4V/3chmgmM9mGW19nHMj72I/dOq+LDew9r1eibmW1/oScd2auQr6Plg1CgHUMhBipeB6Qd8aKVnA/xHYXyvalK2fZxvX506zZ2gNp6zH2G;
	4:xFanpfod3yKXBb6d0TLgjJFBE6yGEpOkoY0NlUjjCSHKBxWqIZWJh9bmH9esnFLtPHLiiTHjOSjDV758KTXbrJ7VMFtyQbcbNJr7U1TlgxRsVIE8HDtQ3WGM36lieQpI4YR7zZg3kvxMEAielgeQYxM+p2NumwsSxNaZmsTh22vgqxLAn/j7gCgkMf6zXHVVWX76BodiMrHIpobhnCx2k344rI/gLnmkkvT8Z6YuSr4qFhW7rhBuX3Pfuw9YWBjCKb5Wm7UfLKReVqVEiZ9y4gU2OTRxKqsyrRacBjBE6uPzoj2+80NO4E3AeCOnS11z
X-Microsoft-Antispam-PRVS: 
 <BL0PR12MB24495955E53D5045305C54E7E56B0@BL0PR12MB2449.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(767451399110);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011)(7699016);
	SRVR:BL0PR12MB2449; BCL:0; PCL:0; RULEID:; SRVR:BL0PR12MB2449;
X-Forefront-PRVS: 06818431B9
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(346002)(376002)(396003)(366004)(39380400002)(39860400002)(199004)(189003)(956004)(6116002)(53936002)(1076002)(3846002)(4326008)(2616005)(36756003)(446003)(97736004)(11346002)(5660300001)(66066001)(16526019)(47776003)(186003)(6916009)(6666003)(44832011)(6486002)(86362001)(575784001)(16586007)(2351001)(26005)(478600001)(59450400001)(2906002)(76176011)(2361001)(51416003)(68736007)(50466002)(25786009)(476003)(52116002)(7696005)(54906003)(48376002)(7736002)(305945005)(106356001)(386003)(316002)(53416004)(486006)(81166006)(81156014)(8676002)(105586002)(50226002)(8936002)(44824005);
	DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR12MB2449;
	H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en;
	PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BL0PR12MB2449;
	23:d4hZsN6cyILr4PGXNniqBhjr8NFcn5Cd+sKI1uFdP?=
	=?us-ascii?Q?ZH/pW1uofwIy0jwReCKXbi25Vn82t6/1arzYRotKLqFgac+mtc7v6ofeqj6m?=
	=?us-ascii?Q?OQfYEv76spBf/SDMYPOiCOxK1D/RDyKb5lVlQs3A5zNKsRqr7KnV6cpyodtj?=
	=?us-ascii?Q?ftliQNxCgrvEXlbYEWMLt5dBQEz704Sdc6421xD6exxFFTBckJgIjhnkEhSM?=
	=?us-ascii?Q?An55GQ34i+XPtUIneVSMkFKzNFjwoySYxwRVZyU8RL5AmePYT0EpRYGE4cy9?=
	=?us-ascii?Q?VcHwdzGV1Wf1alFVeIUidIevqkTbst48+u3amTw3YGqBTk/EevjGF7mJOLEs?=
	=?us-ascii?Q?BQw5N9I0rRFKxMc8YMlZNS+9iZCjF2WPflj2S/MYI8gL/s6NdsDgmLLuiuxB?=
	=?us-ascii?Q?NCpsxEjhiVHDDtRHdWr583htbMgzPfipeONkOigqd7mKcgR9CTGISYKPQjgR?=
	=?us-ascii?Q?QsMSAs6B7APrCQk375MlCqnxrwtQwoW1eiYQjGU0c1hlmap5SXBZ1o2kQoam?=
	=?us-ascii?Q?My22C/8lTtCq8DrUndAh7yb75lioT2H0ski87BioTGo+//F9aKNeJ/8iCKPI?=
	=?us-ascii?Q?rQX6H/lOutFkCr4FEpSslpFRSFSIaahhwpn+Pb7uIeN8pyUz7aog3bNPrq2l?=
	=?us-ascii?Q?uzUxGJxVB85fbPJ9rDgIPH4kQxJQFqcd60HVFDcwfIWB76HeBM1hOdybqFSu?=
	=?us-ascii?Q?NTiAk6xYjANrRo8LzqSkp1P/YnDuN9/fKCCqOaaQuXyIJ6wmQTLU3PAS8rU0?=
	=?us-ascii?Q?ZNgSa8e22ILyieDrA9UOW7OKhkJNfEKg2kpc3mcXAYg5CTSHBHgJAPVD8VTP?=
	=?us-ascii?Q?NyVxxoEsslPeU3SaBJ2dP5taSPUzH6dEZwn4QFsw5SQ1aCQoVRWUzWpy9b+w?=
	=?us-ascii?Q?Dgr9nWtl7WwSkhO0VeuUVQkzOpYWgm63FfKes+dYAnHgoQzfazQUPv6C1vlZ?=
	=?us-ascii?Q?vmUOzXac2HLU+XfmnBEaF8g5hz6JTmxIcppRAieSlXECz22pkDXYdpjjlsa3?=
	=?us-ascii?Q?P71XPvv2A62pqys+ViCo5bxrFnnK01hAdIr3/3vgxj1ZdwdqDpmVk410xJmJ?=
	=?us-ascii?Q?ZuNIAG0tZF5BZQJm2G+43ucC9pL0XCYtDFiCe0vG0Uz2eAJvdgdktsKlHYIv?=
	=?us-ascii?Q?kHp9IgVTbCfmSV9/ZMtfN1hvqY1EG3eZ+U/75VjcKtw+xAk/lJ6XqHTkiATy?=
	=?us-ascii?Q?QYSy0Cc6RTiH4WI0IZsagMpbWnJo1BhS6JdN9vVFMwp6zYzafqeuFkEKxPZi?=
	=?us-ascii?Q?qcmFp59AIZ5FP/8kL1K+1PKU4rDpnxJm63OrX0wKSZx0twmU4qJ/2VoWr5lF?=
	=?us-ascii?Q?LvfpPvXSC7PjAeh6T43N1aNCqS1PJOzLqgkoJVbFRFJoXRO74qfWE0aY5Ier?=
	=?us-ascii?Q?sPfJw=3D=3D?=
X-Microsoft-Antispam-Message-Info: 
 wcLnBt4qFDVexX8QXEqgfm39pqelcFmIcKT8eFwHAZfXxfZ64FXc0khvbMpkv91FN5JB3LjKIt5CZbe7HThwyTLyUBdQrm6IYKe7/i7XTQHXK2cO5wt1wO1YkbEhdNDy8oIb+UGLNVMz4tR9wuJxjBjjE7MJCLSoyxdFFITPDnpa4KkVZ0S2oeCHOHsfERF4
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	6:+lYWrvebXFyWPfJ7zyR0GsMilNux3ClbUdIKpSQY1WnsYwCgrDdMIGiFT3eMoKbtXRAus1zbDh9L912iX6yxJV5uL6WJZbQHyBZGcD9O048upQGZu0EieSH5XId4+9KTsZvyQaAXSuwIfj16/gtC8QCAnhXfwvCiTGpLd77/WkOJwfL1izAJ0FBMlgAQY45tO5zPIHfhkIxkLqAzI6Z21zR38PdBozyYI3BN5giwseY38JLckxgaLdNyncRZX68iszThJiLj6e+YQxw9N+IzRyjsvXBXBFDGgk7230OgfysMPRD0R+HqXymOhsKjEkxPZfxxv7hphE+xGIaZid0dWbb3ODii0SBLsynHdK6v4RG5HAhU5grIDW+0x1GGuRU6o6m2rkoU+PC5Bjyfs5LQ+Di3+DoW3MUEAuTIxykgP5rKdqgMH4YmoYYtbXGepbpmrq99TB5xdbXGGUIrprXZCA==;
	5:FQiUlCCQwtVzt1fB93jdnow3sZ8yymm9IQuMkOqawtjsB45Wczz1lpAWDpyi5qWRoOFASriKVjzRE/Oa3OZQ+vWrjV3yPXJfDz3TslKEQ2UihaM0MhslJEMcEhfPTjkeDhHKfgGGxj765F3f9ffqVJPivfaj6lr2O7K0Stwinjg=;
	24:gci0WSzeT2j5q64r1OVjqnSKh5qWtpZPyCnyitlBtJZKJOgxgFSmGEJgfM5J8mGZK9fEvz6Yr7pWUh/xqboQO2z01/guf3a3y2GIV4SSdw0=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	7:lUc7+GYlTCVuoXFgsjDjgAhLWF6MGePTiRM3C/dHUbBSfyF55FZLIZeZtrYx0HN3o8MLZl3hljNl7eYxYYL4222+LPpqY6dvXrRpNlOLJJ+DE5k5zUGKcIvar+i/bP/xANqPc9y61Umo68FoTktbNMRyxMM4SozehpHtG/T+zwuS4Yw5WLbFnU0XnX1aFXRtRKwXUoUF582jhvu9xC+Gv7tguIzMUjh13xz4PnrUlOZxj8DTvGGhCTMOdz9bV+5g;
	20:opsqhE0SjbTbgyF0UlOvyYa57hGpMyWznumZypwCctlRTzoXe8KuV38Bwgf0ZkC3eVXdlD9b6+HY7cka5+KtekckDu3tPrUH6Jjd6a2vqT56nJg51dx6/94X3DGsR878ErxPC88JYUjDVNkf447rpZZfDWh80SaxhXLERnvTiZLW1WZxfmGr6BkY5Ao+e7mvYEuujmii1Vq1xpsWm+OQi6ucMY6vqY7hr/KObWb/oItow2YWsY+Fix0gRgdzr0P8
X-MS-Office365-Filtering-Correlation-Id: 09a6e690-52b2-4166-e693-08d5c0f2cdb7
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2018 21:19:00.1978 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 09a6e690-52b2-4166-e693-08d5c0f2cdb7
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2449
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.45]); Wed, 23 May 2018 21:19:10 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.45]);
	Wed, 23 May 2018 21:19:10 +0000 (UTC) for IP:'104.47.36.40'
	DOMAIN:'mail-sn1nam02on0040.outbound.protection.outlook.com'
	HELO:'NAM02-SN1-obe.outbound.protection.outlook.com'
	FROM:'brijesh.singh@amd.com' RCPT:''
X-RedHat-Spam-Score: -1.031  (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,
	T_DKIMWL_WL_MED) 104.47.36.40
	mail-sn1nam02on0040.outbound.protection.outlook.com
	104.47.36.40
	mail-sn1nam02on0040.outbound.protection.outlook.com
	<brijesh.singh@amd.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.45
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25
X-loop: libvir-list@redhat.com
Cc: Tom Lendacky <thomas.lendacky@amd.com>, Peter Krempa <pkrempa@redhat.com>,
	Erik Skultety <eskultet@redhat.com>, Jon Grimm <Jon.Grimm@amd.com>,
	Andrea Bolognani <abologna@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>, Borislav Petkov <bp@suse.de>
Subject: [libvirt] [PATCH v6 5/9] qemu: add support to launch SEV guest
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]);
 Wed, 23 May 2018 21:19:34 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

QEMU >=3D 2.12 provides 'sev-guest' object which is used to launch encrypted

VMs on AMD platform using SEV feature. The various inputs required to
launch SEV guest is provided through the <launch-security> tag. A typical
SEV guest launch command line looks like this:

# $QEMU ...\
  -object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D5 ...\
  -machine memory-encryption=3Dsev0 \

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
 src/qemu/qemu_command.c                         | 41 ++++++++++++++++
 src/qemu/qemu_process.c                         | 62 +++++++++++++++++++++=
++++
 tests/qemuxml2argvdata/launch-security-sev.args | 29 ++++++++++++
 tests/qemuxml2argvdata/launch-security-sev.xml  | 37 +++++++++++++++
 tests/qemuxml2argvtest.c                        |  4 ++
 5 files changed, 173 insertions(+)
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev.xml

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index cb397c75586a..63941e10ad83 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7203,6 +7203,9 @@ qemuBuildMachineCommandLine(virCommandPtr cmd,
         virQEMUCapsGet(qemuCaps, QEMU_CAPS_LOADPARM))
         qemuAppendLoadparmMachineParm(&buf, def);
=20
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST) && def->sev)
+        virBufferAddLit(&buf, ",memory-encryption=3Dsev0");
+
     virCommandAddArgBuffer(cmd, &buf);
=20
     ret =3D 0;
@@ -9566,6 +9569,41 @@ qemuBuildTPMCommandLine(virCommandPtr cmd,
     return 0;
 }
=20
+static int
+qemuBuildSevCommandLine(virDomainObjPtr vm, virCommandPtr cmd,
+                        virDomainSevDefPtr sev)
+{
+    virBuffer obj =3D VIR_BUFFER_INITIALIZER;
+    qemuDomainObjPrivatePtr priv =3D vm->privateData;
+    char *path =3D NULL;
+
+    if (!sev)
+        return 0;
+
+    VIR_DEBUG("policy=3D0x%x cbitpos=3D%d reduced_phys_bits=3D%d",
+              sev->policy, sev->cbitpos, sev->reduced_phys_bits);
+
+    virBufferAsprintf(&obj, "sev-guest,id=3Dsev0,cbitpos=3D%d", sev->cbitp=
os);
+    virBufferAsprintf(&obj, ",reduced-phys-bits=3D%d", sev->reduced_phys_b=
its);
+    virBufferAsprintf(&obj, ",policy=3D0x%x", sev->policy);
+
+    if (sev->dh_cert) {
+        if (virAsprintf(&path, "%s/dh_cert.base64", priv->libDir) < 0)
+            return -1;
+        virBufferAsprintf(&obj, ",dh-cert-file=3D%s", path);
+        VIR_FREE(path);
+    }
+
+    if (sev->session) {
+        if (virAsprintf(&path, "%s/session.base64", priv->libDir) < 0)
+            return -1;
+        virBufferAsprintf(&obj, ",session-file=3D%s", path);
+        VIR_FREE(path);
+    }
+
+    virCommandAddArgList(cmd, "-object", virBufferContentAndReset(&obj), N=
ULL);
+    return 0;
+}
=20
 static int
 qemuBuildVMCoreInfoCommandLine(virCommandPtr cmd,
@@ -10097,6 +10135,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver,
     if (qemuBuildVMCoreInfoCommandLine(cmd, def, qemuCaps) < 0)
         goto error;
=20
+    if (qemuBuildSevCommandLine(vm, cmd, def->sev) < 0)
+        goto error;
+
     if (snapshot)
         virCommandAddArgList(cmd, "-loadvm", snapshot->def->name, NULL);
=20
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index ac2049b95df5..3cf818aee034 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -5919,6 +5919,65 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver,
 }
=20
=20
+static int
+qemuBuildSevCreateFile(const char *configDir,
+                       const char *name,
+                       const char *data)
+{
+    char *configFile;
+
+    if (!(configFile =3D virFileBuildPath(configDir, name, ".base64")))
+        return -1;
+
+    if (virFileRewriteStr(configFile, S_IRUSR | S_IWUSR, data) < 0) {
+        virReportSystemError(errno, _("failed to write data to config '%s'=
"),
+                             configFile);
+        goto error;
+    }
+
+    VIR_FREE(configFile);
+    return 0;
+
+ error:
+    VIR_FREE(configFile);
+    return -1;
+}
+
+
+static int
+qemuProcessPrepareSevGuestInput(virDomainObjPtr vm)
+{
+    qemuDomainObjPrivatePtr priv =3D vm->privateData;
+    virDomainDefPtr def =3D vm->def;
+    virQEMUCapsPtr qemuCaps =3D priv->qemuCaps;
+    virDomainSevDefPtr sev =3D def->sev;
+
+    if (!sev)
+        return 0;
+
+    VIR_DEBUG("Prepare SEV guest");
+
+    if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                        _("Domain %s asked for 'sev' launch but this "
+                          "QEMU does not support SEV feature"), vm->def->n=
ame);
+        return -1;
+    }
+
+    if (sev->dh_cert) {
+        if (qemuBuildSevCreateFile(priv->libDir, "dh_cert", sev->dh_cert) =
< 0)
+            return -1;
+    }
+
+    if (sev->session) {
+        if (qemuBuildSevCreateFile(priv->libDir, "session", sev->session) =
< 0)
+            return -1;
+    }
+
+    return 0;
+}
+
+
 static int
 qemuProcessPrepareHostStorage(virQEMUDriverPtr driver,
                               virDomainObjPtr vm,
@@ -6043,6 +6102,9 @@ qemuProcessPrepareHost(virQEMUDriverPtr driver,
     if (qemuProcessPrepareHostStorage(driver, vm, flags) < 0)
         goto cleanup;
=20
+    if (qemuProcessPrepareSevGuestInput(vm) < 0)
+        goto cleanup;
+
     ret =3D 0;
  cleanup:
     virObjectUnref(cfg);
diff --git a/tests/qemuxml2argvdata/launch-security-sev.args b/tests/qemuxm=
l2argvdata/launch-security-sev.args
new file mode 100644
index 000000000000..db0be1a27d14
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev.args
@@ -0,0 +1,29 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/home/test \
+USER=3Dtest \
+LOGNAME=3Dtest \
+QEMU_AUDIO_DRV=3Dnone \
+/usr/bin/qemu-system-x86_64 \
+-name QEMUGuest1 \
+-S \
+-machine pc-1.0,accel=3Dkvm,usb=3Doff,dump-guest-core=3Doff,memory-encrypt=
ion=3Dsev0 \
+-m 214 \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest1/moni=
tor.sock,\
+server,nowait \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-no-acpi \
+-boot c \
+-usb \
+-drive file=3D/dev/HostVG/QEMUGuest1,format=3Draw,if=3Dnone,id=3Ddrive-ide=
0-0-0 \
+-device ide-drive,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-=
0 \
+-object sev-guest,id=3Dsev0,cbitpos=3D47,reduced-phys-bits=3D1,policy=3D0x=
1,\
+dh-cert-file=3D/tmp/lib/domain--1-QEMUGuest1/dh_cert.base64,\
+session-file=3D/tmp/lib/domain--1-QEMUGuest1/session.base64
diff --git a/tests/qemuxml2argvdata/launch-security-sev.xml b/tests/qemuxml=
2argvdata/launch-security-sev.xml
new file mode 100644
index 000000000000..5ae83f61c122
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev.xml
@@ -0,0 +1,37 @@
+<domain type=3D'kvm'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit=3D'KiB'>219100</memory>
+  <currentMemory unit=3D'KiB'>219100</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-1.0'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'block' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source dev=3D'/dev/HostVG/QEMUGuest1'/>
+      <target dev=3D'hda' bus=3D'ide'/>
+      <address type=3D'drive' controller=3D'0' bus=3D'0' target=3D'0' unit=
=3D'0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'/>
+    <controller type=3D'ide' index=3D'0'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <memballoon model=3D'none'/>
+  </devices>
+  <launch-security type=3D'sev'>
+    <cbitpos>47</cbitpos>
+    <reduced-phys-bits>1</reduced-phys-bits>
+    <policy>0x0001</policy>
+    <dh-cert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dh-c=
ert>
+    <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
+  </launch-security>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 1d023129aca5..f4eb9465ab76 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -2852,6 +2852,10 @@ mymain(void)
             QEMU_CAPS_DEVICE_VIRTIO_MOUSE_CCW,
             QEMU_CAPS_DEVICE_VIRTIO_TABLET_CCW);
=20
+    DO_TEST("launch-security-sev",
+            QEMU_CAPS_KVM,
+            QEMU_CAPS_SEV_GUEST);
+
     if (getenv("LIBVIRT_SKIP_CLEANUP") =3D=3D NULL)
         virFileDeleteTree(fakerootdir);
=20
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Thu May  2 22:35:13 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527110368701692.3428975122226;
 Wed, 23 May 2018 14:19:28 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 0151330BADAD;
	Wed, 23 May 2018 21:19:22 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B49195C3FA;
	Wed, 23 May 2018 21:19:20 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4E8F74CA80;
	Wed, 23 May 2018 21:19:20 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4NLJDvB028761 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 23 May 2018 17:19:13 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 9070310694C0; Wed, 23 May 2018 21:19:13 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com
	[10.5.110.45])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7D9571062246;
	Wed, 23 May 2018 21:19:13 +0000 (UTC)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com
	(mail-sn1nam02on0040.outbound.protection.outlook.com [104.47.36.40])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 38D0C30C1341;
	Wed, 23 May 2018 21:19:12 +0000 (UTC)
Received: from wsp141597wss.amd.com (165.204.78.1) by
	BL0PR12MB2449.namprd12.prod.outlook.com (2603:10b6:207:4d::31) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.797.11; Wed, 23 May 2018 21:19:01 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=A8Ecl75nUkidgcdM5ytFNRbphEIbDTudC+23Hx10g+8=;
	b=UseD/vwQcEW31l2uq5lDvebZkY5st+/BvVJNxjlaVGRLlOU0xiM9zdRpGljjJbMOIdiYaVQC0OdXDif+RiEU0zldt5Rk4c62xOabECrUwmavh/sxWQesrXfkD7s6CZ0MzDoF81GO67NbguBJuu5HSfKPEX0XMUN6Dy1Ickw/n/k=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: libvir-list@redhat.com
Date: Wed, 23 May 2018 16:18:31 -0500
Message-Id: <20180523211834.15817-7-brijesh.singh@amd.com>
In-Reply-To: <20180523211834.15817-1-brijesh.singh@amd.com>
References: <20180523211834.15817-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: SN2PR01CA0050.prod.exchangelabs.com (2603:10b6:800::18) To
	BL0PR12MB2449.namprd12.prod.outlook.com
	(2603:10b6:207:4d::31)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);
	SRVR:BL0PR12MB2449;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	3:3gwf5aNKYZL3CxhrcnYFQGlZkofXxs1WoY2i3H9wO1f2MFbuSJyHDD2a4rC6aqd0oGM0rMTtVtrbD9HczxrTcCHMFEzAjnvWFgH6ZnCN267wr0cwppVNv4/dGYo50tW6TGQIEYPSHSiv8fCNwh5vTcGn3079yiKStMr1dYmD09N4jw1UhPvVCMcHBQwaHni9m0eHSnJ0OpvJD1M/qWBmDWEr5xNfaSZkSedXC/SXZHjNzZ4dUSvsiluC3eY9RPt1;
	25:n4qniwF6wH4AFIrAPcbX+sQOUqmykhUfYUfeizrpkv65V+z3bohg/XJr2s5Y6cU2ghLia82p++bN+F2G4HoJA8SHvxNIOgQPJLdtynHkLMoyYUAoUzXUT0B2ETu4A1EqkPaCUybeaBIBRy54Cw1NWND6phkM0LLrCHv/dvi/gKYBbrI7ty+uIag8c5Qzeetm2gJWtabvqlrisCv5o+G2/vCfzxGByv1gbncaOBCG4v8kKl0ZOVsmE0CZ48mH9e8X/q3FN7jw9OIq9ETHMVRgBygmYnlaP/aHDu2v5RFvWJh05QW2GQo/mRMTbeVD/LBRsBsRybgZF8L2zwl7vuveWA==;
	31:ztcIyYaTbAq0uxgPUFiauXeuDh9Kb2bIuFGbRUzHQPOwRepJ5FXunuFXRy6qjpLYAUvlz1e6t+lhSRWZSsFygX40FBNkK7bf7kBEcM48d9lVf7qQZTr/pZegSy6/x1h4jd4codRGL9eiz3uHhr4xBTSrPFNrqvXwaOkWoA/dOE+88ypPlJrzg8PpGna7ZGEmykyr1q0zy9z61RizgWrb6VDGaOHHlClQaSyiOMmB0lM=
X-MS-TrafficTypeDiagnostic: BL0PR12MB2449:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	20:5DyXci2qy8LqmqESDyc12pVD2nZVTWu9vyR92aPbHbfu829Mgd59IkE5yTfK0zL4L8niQObSNg9kHopPxKjxzsQDtXQd7WVrhMBdIVIbWfX98TTD7OjMeBPR8T71wfd38Zb8pzJikSW4Fsa8PxsTOzOeulPyao4Xc6foXSi0EX1hfDnSI83W7lWqQzuqtSG7C3Ao4EYI2XO4/5XitdF9OSXqwLhXRTfAaFM23uJQvrAbTyGx6pF9Y+HVmihA2hOdqHHEKxWCHSbhrZ5mo5paYfPXPksKnThoNHIpXbULmsbncldC7LJbSbjdq5pxxL07QfmWGc/WOILJqsLVnQkO4iW3l01Mup9vmE//OmCYaIaAf10mZc/bvqibMvDflc6qFhx6Hw766QZSq3bMyDITKdH5/0hyE7fD6askPPcHRaGyZvCTQPjtSm5J/5jnB1kEdBhic7yRVFIqwqdYQnt8mVWJjPFtVaX32vMfHeEA0MW1uaz/SaGqFOUm8h6vN/uv;
	4:4/sKuAd4o/mY3S2/AZJnd21+8F42/R6fkmQ7WaxPOafv9Gfx99OW8aAMrvm1HC/mmKQRNK1mCMFKNjDpPiHJoBeDuJzbuIVf6Nc1c7iJC821gGnHwc3aXit8eDAnkQnL/eyBn7mlT6AR13IUheDSkR8pwcB12WX6eElqbCeR6V/bdPxIjLj6NsyXN6gapptvkuPL54LgNDmq0u6BYxL/BLbp2s1V5bjXNWJGSvGDolTYMUd4G6/+FGkEX/8N4QiVFPqWzH2WWW6uDjDJ3sFzXk956vCW5XjbtlmnyVe4oVl7JIC3GWXJD9lP63q51JNSRAvEH6wtQJ4nlPVNdvnbKw==
X-Microsoft-Antispam-PRVS: 
 <BL0PR12MB2449C5710621D6A1FA238888E56B0@BL0PR12MB2449.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(767451399110);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011)(7699016);
	SRVR:BL0PR12MB2449; BCL:0; PCL:0; RULEID:; SRVR:BL0PR12MB2449;
X-Forefront-PRVS: 06818431B9
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(979002)(346002)(376002)(396003)(366004)(39380400002)(39860400002)(199004)(189003)(956004)(6116002)(53936002)(1076002)(3846002)(4326008)(2616005)(36756003)(446003)(97736004)(11346002)(5660300001)(66066001)(16526019)(15650500001)(47776003)(186003)(6916009)(6666003)(44832011)(6486002)(86362001)(575784001)(16586007)(2351001)(26005)(478600001)(59450400001)(2906002)(76176011)(2361001)(51416003)(68736007)(50466002)(25786009)(476003)(52116002)(7696005)(54906003)(48376002)(7736002)(305945005)(106356001)(386003)(316002)(53416004)(486006)(81166006)(81156014)(8676002)(105586002)(50226002)(8936002)(969003)(989001)(999001)(1009001)(1019001);
	DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR12MB2449;
	H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en;
	PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BL0PR12MB2449;
	23:K0xMhiOjzct5YyNwaKm0WdbIVJ36UBFuLTiSV0YeC?=
	=?us-ascii?Q?wXfZg6TCsRn7LePxnxnekwa+WaKs9w4xLZwYMHntzeKVk/AsSQWxmY4j63FU?=
	=?us-ascii?Q?3D2g6HDbCEIj1gvRDmvLg0Vg5CSiXjRshf20MXjhb+7sLxgE/cL1syAx87/m?=
	=?us-ascii?Q?RwGvTjrJKWoP5TqzER4cFrY4AKif4xuvzosYPo+aarHUgqDKPuolG7kt0Gv+?=
	=?us-ascii?Q?ruU/kMal0z0XGFioqRUtZnMJLzSi5pw0iQiqa2x89SpmY++SU6saYejd1vi4?=
	=?us-ascii?Q?zSG7XuaeW4M1pONw0vv8Fw0wisi1YTqLJeduF9UrbR4EXGIV+oriTuscPRj/?=
	=?us-ascii?Q?xaYzupVQaJNMR4yEfOyTxA5WYAARFPXcZtQYSkB0D91TkYWtpNLN8pgnu6iY?=
	=?us-ascii?Q?OCRL5LMdgbyaALmdG7U+WJbt3kKn2CtcTs8Mo+ZrBCioQiSJRhswShMO4tDd?=
	=?us-ascii?Q?DxUnoB7bt9JKKKODsbggoxsYkjwm6+KhsSt842bQNM6g54ZTB/X9ZN2iz5lm?=
	=?us-ascii?Q?vprw+n2bbFwdgoF/TZwftlRBiD+18wgWbeTLEzGMgx7FsIECngo+uxtfc+Dj?=
	=?us-ascii?Q?fFbF7gbBj6HhPgzeXYrY7/Etsytv+PBlRj9/VHaYuczShUrsDzTIh1N+9ti9?=
	=?us-ascii?Q?jlDhxk/HaVM30mU+0A9EFFJ0wIyr4G26uL66y0xTT4QJz+ZGOLcbLurSaMCL?=
	=?us-ascii?Q?0IPgZEuX3kr2/hKvajIOKRMnVe5l1Gxj4cO1lw//IOMzZk1KrK9OJkTp4Mbq?=
	=?us-ascii?Q?aHPZl/REB9a3Tu7S3sHpfdIuwbA6jZOkxKNkYxAyYwUltda11UYeM/2hab5U?=
	=?us-ascii?Q?+9/yjnIAnzhll5szux580lz0RkRoeTXQYbDFQAkmbOzbwG91zAe3ydFo+zMK?=
	=?us-ascii?Q?ThXfTxuOV8vegb/SdiVYmG5R0zJKW6k6JxmzUTXqIjwSCEnz8+GwyVxFScpR?=
	=?us-ascii?Q?Dk2YMIcYmtTnS6b1JmY81Kk4BIdCbr8Hd8WdQs+aIlE1qbZAqprRxMerb2/L?=
	=?us-ascii?Q?9n2nzKpwpZDASCY/5EDhRX0aRgLKoc3Bg+Hq/rqIUtv1kdD1c9AJ1OvtlZU/?=
	=?us-ascii?Q?dJgFpK91z8LYmuPstSysw758TKet7rT4cPEHiquIck+EtpMPBm8MsynksgGb?=
	=?us-ascii?Q?tzrt0LMQVAI5EfD6u6rx2MxdKsvgcW8ou6CX1iLBWcNM6YUcFaoRZR/F5xsT?=
	=?us-ascii?Q?2fpMbeItx3YUu8KS1NPXLU3TwgPpkjOoIA34B/0c+9KM1bTBRjiuxpzXPdik?=
	=?us-ascii?Q?DGsxVrJZ0z+kCrGlmaF5mxgJ83OwoQjDbam4bgFgKzE691GlTHBMNMd8DRWm?=
	=?us-ascii?Q?EwgpByKYxlPYPs4O1cezoPLQBtED1PseBEmpIZ1agXwyotCNGSa4A8gPxZ1O?=
	=?us-ascii?Q?6SbIZ1Rw6dtoGyg8IRgCEFwpCCfzJ0eHt+ny0nMJ9sN0SPw/FTbic/LCt3/q?=
	=?us-ascii?Q?f9A6wNLxolgoCgCi+Gi5cO6WQG4Yvz0tE1vUHNcGRRCtSLEd+tl?=
X-Microsoft-Antispam-Message-Info: 
 vB98aGdHLI+w2acoGlFBY5EqEbrKpQFCiA7L1t4juCUIzsq891QTNzWH20WhcuuhkGv8rXSt1n6IFTLE+crz8HoRxOMH4EKDcxB/GGgVFNNjLjvv0z62U+nK8Ob/WgfjEX8OXH6QLxEo4tCz1kB5/ana5IeyGmj9ARMlp0iBNy8S8TXBus4oOSO5EQVlpJRw
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	6:j/u5GCNSD4KLERKvdjThG7O0rewCkQVe2z/RUAWWofj/cGBtk1YClMgbdcwts13j9YHLko8YIhb/Q3xFYeQIWrVzURQ51MpYdKKGe5VeMCE890cWYWjqqhcH6NOFYxK58LLDzH0XrwM+vdPyfbHc25kyCtM1MVfvJvXxZ/8VJD7VwfVD8P6NbPkb6RAE8lAG6pFJMfigKC/ofzoTsgLzdfdgE3O1n+cDWf4tfF6AED/9jKLQMe0D5dZg5erxmzql5mY4vD6vfYE8RIy8QiS6yqLxwvMf+9ovkaAFHrC1QaXggaMkmBxgYtP0YWPmza+MXPUECkW19Ykrre5FoQ3qnxu60HaaMoIITwX+i4zvEsbkS1ytTkmzvWVkeOwckq0THtpTFb+XE07JXiYJzAJIfPKZFFm8pd13OexNDdt9rn/krQjfjXwVPEDVQh0AW3OrWutWPVKjwfpSEE2VFb7oCA==;
	5:zkgOiorluJRRzjroFXEbugc+QBfD0BiBerpzxzu19stuD96wqxkiYBmfcGwTq5NXNmTS3FZTB9cTTp/cfCrO6K7Cp5cwBgCKhq6K8Qsmcbk5K/5a/YCYL4m37tNwNveSbJOXqCOOCOTAOYsOB6OZjduugToEeDoBNDCyYwO3w+E=;
	24:nJxZbET74H95UPZekKJ8UaNZPn7TIGQ8Oogcd9uUJUf2lkF16yp5doFnHBXzRLYy/YBOnN3A90mZfMm4I6x0/uu2drB0V/QjYhX/gDahPTw=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	7:cLwZObIiK6NNTjStE6kgrpywWFcWDckj9ewgbZHsCjbnHPDgYskiZcPjHNcQVoAdLRrZwAxxWQvzYjLPdhE0dmdmAbTOGwgbloScG7HAIMiTPP4ioXx8EaV5j6QT3MJQUnKiZ1s/W1VogpS9eUsdHt24qSYckAxsbgwc1/drrK357n7dRsoSzhBXOZbHEcFxHfoGN99mxJwDBvRqW4hICKbmafU8+L7EjiU6lk7Kv2miHEss5wEo0/5d6hKaYFyj;
	20:+BOmdW1i5BnZfj7IDmoeFvwmcBxYdlva3jqw6rqpAtd0ySURrE4cyvgNwaLZPUR68FjmddQ8OqZNfqehDAYrIHCE/zZA9UI/bINrQSkQKZ5K2U8HZCeh1265gBHKSJvaI6NrllcuGQZ2N6YWxyvN6xAfNNSyL/jbTHsjkNkvNv9VfOsGQb9kdiY6emC4nGrWfnKBUOQMXlM/eeeJt5LnJCTEgQGWCVDhIoztPNjJ4v6qOKiQhLMaaHSIWNe4eo+g
X-MS-Office365-Filtering-Correlation-Id: bbe5fdba-103e-4086-9a1e-08d5c0f2ce45
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2018 21:19:01.1284 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 bbe5fdba-103e-4086-9a1e-08d5c0f2ce45
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2449
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.45]); Wed, 23 May 2018 21:19:12 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.45]);
	Wed, 23 May 2018 21:19:12 +0000 (UTC) for IP:'104.47.36.40'
	DOMAIN:'mail-sn1nam02on0040.outbound.protection.outlook.com'
	HELO:'NAM02-SN1-obe.outbound.protection.outlook.com'
	FROM:'brijesh.singh@amd.com' RCPT:''
X-RedHat-Spam-Score: -1.031  (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,
	T_DKIMWL_WL_MED) 104.47.36.40
	mail-sn1nam02on0040.outbound.protection.outlook.com
	104.47.36.40
	mail-sn1nam02on0040.outbound.protection.outlook.com
	<brijesh.singh@amd.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.45
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Tom Lendacky <thomas.lendacky@amd.com>, Peter Krempa <pkrempa@redhat.com>,
	Erik Skultety <eskultet@redhat.com>, Jon Grimm <Jon.Grimm@amd.com>,
	Andrea Bolognani <abologna@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>, Borislav Petkov <bp@suse.de>
Subject: [libvirt] [PATCH v6 6/9] libvirt: add new public API to get launch
	security info
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]);
 Wed, 23 May 2018 21:19:27 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

The API can be used outside the libvirt to get the launch security
information. When SEV is enabled, the API can be used to get the
measurement of the launch process.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 include/libvirt/libvirt-domain.h | 17 ++++++++++++++
 src/driver-hypervisor.h          |  7 ++++++
 src/libvirt-domain.c             | 48 ++++++++++++++++++++++++++++++++++++=
++++
 src/libvirt_public.syms          |  5 +++++
 4 files changed, 77 insertions(+)

diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-dom=
ain.h
index d7cbd187969d..f252d18da72f 100644
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
@@ -4764,4 +4764,21 @@ int virDomainSetLifecycleAction(virDomainPtr domain,
                                 unsigned int action,
                                 unsigned int flags);
=20
+/**
+ * Launch Security API
+ */
+
+/**
+ * VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT:
+ *
+ * Macro represents the launch measurement of the SEV guest,
+ * as VIR_TYPED_PARAM_STRING.
+ */
+#define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement"
+
+int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
+                                   virTypedParameterPtr *params,
+                                   int *nparams,
+                                   unsigned int flags);
+
 #endif /* __VIR_LIBVIRT_DOMAIN_H__ */
diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
index e71a72a44132..bdf13536d337 100644
--- a/src/driver-hypervisor.h
+++ b/src/driver-hypervisor.h
@@ -1286,6 +1286,12 @@ typedef int
                                   unsigned int action,
                                   unsigned int flags);
=20
+typedef int
+(*virDrvDomainGetLaunchSecurityInfo)(virDomainPtr domain,
+                                     virTypedParameterPtr *params,
+                                     int *nparams,
+                                     unsigned int flags);
+
=20
 typedef struct _virHypervisorDriver virHypervisorDriver;
 typedef virHypervisorDriver *virHypervisorDriverPtr;
@@ -1532,6 +1538,7 @@ struct _virHypervisorDriver {
     virDrvDomainSetVcpu domainSetVcpu;
     virDrvDomainSetBlockThreshold domainSetBlockThreshold;
     virDrvDomainSetLifecycleAction domainSetLifecycleAction;
+    virDrvDomainGetLaunchSecurityInfo domainGetLaunchSecurityInfo;
 };
=20
=20
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index 2d86e48979d3..dd5a8712484d 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -12101,3 +12101,51 @@ int virDomainSetLifecycleAction(virDomainPtr domai=
n,
     virDispatchError(domain->conn);
     return -1;
 }
+
+/**
+ * virDomainGetLaunchSecurityInfo:
+ * @domain: a domain object
+ * @params: where to store security info
+ * @nparams: number of items in @params
+ * @flags: currently used, set to 0.
+ *
+ * Get the launch security info. In case of the SEV guest, this will
+ * return the launch measurement.
+ *
+ * Returns -1 in case of failure, 0 in case of success.
+ */
+int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
+                                   virTypedParameterPtr *params,
+                                   int *nparams,
+                                   unsigned int flags)
+{
+    virConnectPtr conn =3D domain->conn;
+
+    VIR_DOMAIN_DEBUG(domain, "params=3D%p, nparams=3D%p flags=3D0x%x",
+                     params, nparams, flags);
+
+    virResetLastError();
+
+    virCheckDomainReturn(domain, -1);
+    virCheckNonNullArgGoto(params, error);
+    virCheckNonNullArgGoto(nparams, error);
+    virCheckReadOnlyGoto(conn->flags, error);
+
+    if (VIR_DRV_SUPPORTS_FEATURE(domain->conn->driver, domain->conn,
+                                 VIR_DRV_FEATURE_TYPED_PARAM_STRING))
+        flags |=3D VIR_TYPED_PARAM_STRING_OKAY;
+
+    if (conn->driver->domainGetLaunchSecurityInfo) {
+        int ret;
+        ret =3D conn->driver->domainGetLaunchSecurityInfo(domain, params,
+                                                        nparams, flags);
+        if (ret < 0)
+            goto error;
+        return ret;
+    }
+    virReportUnsupportedError();
+
+ error:
+    virDispatchError(domain->conn);
+    return -1;
+}
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index 95df3a0dbc7b..5ccae5da8883 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -785,4 +785,9 @@ LIBVIRT_4.1.0 {
         virStoragePoolLookupByTargetPath;
 } LIBVIRT_3.9.0;
=20
+LIBVIRT_4.4.0 {
+    global:
+        virDomainGetLaunchSecurityInfo;
+} LIBVIRT_4.1.0;
+
 # .... define new API here using predicted next version number ....
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Thu May  2 22:35:13 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527110458138797.0333854260334;
 Wed, 23 May 2018 14:20:58 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com
 [10.5.11.25])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 7A18830BB465;
	Wed, 23 May 2018 21:20:56 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 98BA32010CA0;
	Wed, 23 May 2018 21:20:55 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 773A14CA80;
	Wed, 23 May 2018 21:20:54 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
	[10.5.11.23])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4NLJExY028778 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 23 May 2018 17:19:14 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id E4A2028D18; Wed, 23 May 2018 21:19:14 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com
	[10.5.110.45])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D082F59143;
	Wed, 23 May 2018 21:19:14 +0000 (UTC)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com
	(mail-sn1nam02on0040.outbound.protection.outlook.com [104.47.36.40])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 8AF3C30D62AD;
	Wed, 23 May 2018 21:19:13 +0000 (UTC)
Received: from wsp141597wss.amd.com (165.204.78.1) by
	BL0PR12MB2449.namprd12.prod.outlook.com (2603:10b6:207:4d::31) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.797.11; Wed, 23 May 2018 21:19:02 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=pMl+xHflJdAlNl12+DWOXvV/oN/cwSslPKZHleIxICM=;
	b=egxIfu671Y+dd4hyGjLuroh90lPiNx4NalExiqGyL/dzW1ttnIA+4zMvd6o/jOb7GfipLVRKQjD8oirTJWtYTW9Idkc08py+Alk/UYKT3s/Xh0gO3xN6mobQocbEg3Gq3Y+kTUrtvnGHYEII2fRp0pJrvmgSteiYTeaF3rvBT0c=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: libvir-list@redhat.com
Date: Wed, 23 May 2018 16:18:32 -0500
Message-Id: <20180523211834.15817-8-brijesh.singh@amd.com>
In-Reply-To: <20180523211834.15817-1-brijesh.singh@amd.com>
References: <20180523211834.15817-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: SN2PR01CA0050.prod.exchangelabs.com (2603:10b6:800::18) To
	BL0PR12MB2449.namprd12.prod.outlook.com
	(2603:10b6:207:4d::31)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);
	SRVR:BL0PR12MB2449;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	3:lN5rvfZ6YxQ2/37FIsmIqqbKH9rLRwB4gM2Y3aIpO2G4illEzPLMFh4SwbPkKu5F9wEvblXEhpHkQqCHol7OfuX7Qlu30tmX0sIVnWI6mRfnQ5DsMHV/DNlQ63nO2el2RadT7ysiL3cYF8B/puaZ7hky9M1HnfVZs9K63xIDHlY3hzed1HOBxyXEwpqCL+W1VlPDrWfBz/Wvnax76PfLm5KanoBw/6/PX1oOZkeZm/qPT8J4CMW5X1UG6Uqy+p8W;
	25:wk2qZf+Op1ozNU7oNNthOSykFOpJYWV7rPdMeHcyc4PKN4i1TmRLimRf6hgwC6qaCWgKqEbXUEU+bxbtnKbMOAxSOm4eiRex/UucGHwUPeKYrZxAJE/6rREKfYntZ7PMFDOnFtHpBDtf8PFL2e3XLsytnHczanz00btv67GatDVOhF5jsC2URnbvJw7H9Ya0tnDsWK7tYzlprCksNvJ8el/WCrJgXdbiByyPOZh6gfFRDtANpRU396t8eyz9s7p7ONrsC78glhvh8rukZjda97RWT2BWr4xO1HRIS1gqDgVFblRDGl7oO09lsNX9S/DitykEpcN2aA4nvuXl6M0I9A==;
	31:Lx4ARqGv3RaMPEI06yQblqdkoUx+E2BRowOB99eD4VbZzidy88bC4O5wu64CBJj6aj9b6Fqr0kSzZ0VdafmFU1j06y+rFhK9ZuLzm/PjdOR0pnmiVw1SiOMmtMLdISiJAMQSReVP+KVxMT9dydtJ4BmP1NWgpt0xQDnDml9QSgpDVehzfa/qCypL/S7tq9z+FBLbcxbqqJ8BJN/dwQl4Flx7jWuBieoINioyETocQZU=
X-MS-TrafficTypeDiagnostic: BL0PR12MB2449:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	20:LbwrDtltbcGu9c5lccC9cMq/m+5Hh/Pr9+3QITH2s0iJkYyK2Co3BuPyCHz6qHPF8tqhcb9Cokvg34BOwT4wCpNr0OknVYaW+LiLROokxU9BQI6tK+RxDavyby0+Hur09znS7Ktx9sB2ARlhqp5kCBbpdKKgGG5wZ/ASYS0iqTlVsFqMJwKNQZ0GxE3ZewvcnpkLnmn42S6xRgV0slT1eaAgqR94CwrbyxzZudopCPKap0f+iG8+yGzlm0Ds0YriUwOFhm8V+Rqh3yXs2Xl+L4ya0pstR+Fqn36g0V67HaKExIXUs2iPDhJdwX1XhIwuTEHJJ4zVHA42Z6JnmXSBmK03HTr30AJIRpOPZzn2b46NB/ng4IefI5T4r/AfKh6LLjLIbbLn03LncDnOEhMla3zX1vnWy0x5A+3gqdPILyx6aK7MNdxT8HKet46DYi0G3xQG20GJNE94zvRZHH5RAtU0Lk42776bKIT30qWMWw1PLC/XwMXRnIu3Ff2gWo2p;
	4:CEoBtGDZk/2J8fWyAjqf61ktf8kESwHiLCzkzKYPg0059bTuefGRXoMh6IFid7gW+CPV5kJT9zm9ilihxIE1vKA+IAKZ7wuuQUfBz8iqs5whq2QyWyCxmNNlxywrKvDBS4fqkUtqOth0t19OU3UjPka6ssXCMClfz2pMqgPp5CXSDnhXTW2SDGKiDjM0fnFlix+aPoB+BQhdiWHZaNFWFImg6mxDeJAcTQTVOqn+xsBv6Q9GX/CZni7iIt9jyVeN95e7vdNuWWzfpBWh+fFfJvw4/N4Nmlnlay+NMQ1ZD2rzPcrfQkxAVY+odR++gulo2SySXhjSV4OdH0CCw7ky9Atc4JdbDHeX0OmFsqqewD/lSA1cXuCE7KKwtu5j2JGG
X-Microsoft-Antispam-PRVS: 
 <BL0PR12MB2449D18CF2723B7E18089743E56B0@BL0PR12MB2449.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: 
 UriScan:(158342451672863)(192374486261705)(767451399110); 
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011)(7699016);
	SRVR:BL0PR12MB2449; BCL:0; PCL:0; RULEID:; SRVR:BL0PR12MB2449;
X-Forefront-PRVS: 06818431B9
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(346002)(376002)(396003)(366004)(39380400002)(39860400002)(199004)(189003)(956004)(6116002)(53936002)(1076002)(3846002)(4326008)(2616005)(36756003)(446003)(97736004)(11346002)(5660300001)(66066001)(16526019)(15650500001)(47776003)(186003)(6916009)(6666003)(44832011)(6486002)(86362001)(16586007)(2351001)(26005)(478600001)(59450400001)(2906002)(76176011)(2361001)(51416003)(68736007)(50466002)(25786009)(476003)(52116002)(7696005)(54906003)(48376002)(7736002)(305945005)(106356001)(386003)(316002)(53416004)(486006)(81166006)(81156014)(8676002)(105586002)(50226002)(8936002);
	DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR12MB2449;
	H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en;
	PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BL0PR12MB2449;
	23:b9E4ZWafGbh6CzgyHqwRZ+tfiFEpPyRVMrOerpT4t?=
	=?us-ascii?Q?Go+J0/vEXRFES30z3D4CULWUsv/6W9oyfZCXUemtTZ3HL26VmKCCZQFhKsX7?=
	=?us-ascii?Q?7w8MYrwnyIyCPjoN3T/Odxznb5ZtTSoMsWvS0CUfEOMNDJxdDyv5VnSHXjHU?=
	=?us-ascii?Q?O9jQYjju38IRUcCcqfObXwK7iwz9O8nm/LJ+ljmP9R2xYzIQt0hxupFEuPT3?=
	=?us-ascii?Q?MN4Z6ZjdxCsVREcYN6d83rzcJdXUUQlBCbAhQxOVTLHGoELdybzNb8GPMKHj?=
	=?us-ascii?Q?wOTNIKvngF82ePk16HxPFUsHD4fV0Xc5ueQGArfeHu4X/Nx88rDMhnGjvp0O?=
	=?us-ascii?Q?0Di9QtfBGOnU7gR2vrs2D2QepmjaqMyqae0CuCzPc0NiYy62WEP4IEKyii+u?=
	=?us-ascii?Q?SRE9YwjkQEC1YqipZ1mqz+ndQnyB5Zf6kfm1aED2EUU4TfgYEIKTGI3Gh9rN?=
	=?us-ascii?Q?0q7fDYDvvaiEFatnS+pDH05+r5/HRzo4IOwdpRGqnChOc2sMV5TBVefoBK1n?=
	=?us-ascii?Q?lE4Ht/hgjOahvxdpvj8cYLgwiNXAjwBsTPSI4B/UdA+pmu5X9tGYk1kVpWPW?=
	=?us-ascii?Q?MbmDSrvmNeVAyIQIChPkql5oJ+rG7UnjubtIiN3FIckJSCl4cEq2i7j2P4wP?=
	=?us-ascii?Q?xeSnds9dw0Oti4Aa4HjXW6A484C35Aocgq+Z/ho3Y6LOTA1q9W6Pab+WW5IA?=
	=?us-ascii?Q?bKq9tGvlC0tBBpGWq+cP0JCU697ZkiNJAXh+4D+tkWovD2osTUXQ/mc3C0FY?=
	=?us-ascii?Q?Lplz6NWsIIi61rTbRDdyMRWGr0n5jZGi9KOvQchKXQ8MZttD+p8dpUHGTOgy?=
	=?us-ascii?Q?h/OewnmRjWOsfdDyapGWys7RAJ5l9DDGWaGtkLdq0Fp9ZgRWrC8XOVVRl5FH?=
	=?us-ascii?Q?exSjXVajAWTrtIVdrUbHkILrdGasdokM373TRdM+GKAy5ENSeoJmx5/+JVrS?=
	=?us-ascii?Q?xN/JiqhSZaA0657o+2nq6DZvfQuVJ9vxWqB2ze6nkeRNVKf7FPVwK930VGg+?=
	=?us-ascii?Q?DmatF75OWEfkNRvV4EJv9SH4+lqPyFDAekc04C62dYAT3VMEF10UxPe8Sfyi?=
	=?us-ascii?Q?tfmHuU7MRmTuQCwmsbm8U8VP9q9+Wo5K2ckc/6LIceE8jx7Wa1JsWRqVe9oy?=
	=?us-ascii?Q?uecSzG/gLQeiBOsf+TY67EyRf/pm8hvIjR2atQvSMw5etvmVS2xf9h9WQTRT?=
	=?us-ascii?Q?V5samMkc1iPkvjtjPWvDPlWoqrFbdjv4Shdm4R8Ofb3Qd8hOcvdHrJtPz13R?=
	=?us-ascii?Q?eZqHq7tx2MTZL1bGJCEVnW0dUHZwtsDtJGU0TY6+ONvJlNxpxFPKUyHTBNGZ?=
	=?us-ascii?Q?oH6zB52uRr2hE10QEh5XZwLAGQiL/f21nRbBIF8x9pY?=
X-Microsoft-Antispam-Message-Info: 
 mksZeP4ptDEgndCRkdH3ATTWNmhehV3/tW3KU1Cm7E7/OPuUcbFKfdRJNgi2Kw1PZB7Hw99ktkMFxNYFKNUvwiYhWc44AQOmcb4EfbsiZ7POIgP4aSl1PVZXHkfXRgdec9uYva5UQvM4pokix25xzuj//zf1eBt9vfF4Rm0wbxv3MNIO4CTNoFjzIgHpTcxr
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	6:TodH8phpSwnHRjmWY7KjczmRYXZJ8QeynVqqpIvP5CIATLPihcWjhzdPWWMoMXfAnQstkVQMiW9cq1XAeymRLq9qqFWXuVQGpNCnjCgEeVW1XFCm+yK89IreWuj37o4k0EfulCyv3TXR4rEsYGhPedsHy74La+bkIDFcbxXH3pQmh8p5YIbxJPV0hoaWIekkJNTyWq8jZgZrQKKuU65WID7VGk+iZesguc9ZaAX1zHtMPyonlK5sXptKrZ7sNQCiVYoMlKb/6+JNLTk0sZkVX7fxl/H9wVQa4lY1KIm2oRgUCzsrDdCJdQTzHqMcZBkH4N8QjNCbQXNn6hhyS3iGHVlymIpcP3vTmlPYcCSIpOqC1Z//NLjsGw6Dg1Z5EwqUmnffSxmWDGApzlFCl+Hm/kQLfaQDtaEibUkhWd+4vlNH53wGwcSqJyc2qHZgXIq0oENuL+jp5uITpgEfZm26yQ==;
	5:knAQnNuB7ZHJn0o+c7AR8My3FEespa+6FBvqJUj3wXRcuaBFtwKwXgT1Kb8axkCFEuGRNk+YA1on+3SU67WkxBzhdclu+RdN7+oe54p+uFl88zdM16/4YK4BCOyl7zChgnjjSouJm3xIMYYU5t1BaG6AL5pTBP5Vll8hctzvtpM=;
	24:gpj/sKbnqvWrLb9ha9ji/kGumpeYz2+1wKz0fhOELTremJJl7LgSXnO7IM9eZ1FmGGFZi2BQr38Kj11td8zje4QgrDDHtvdetTFdQV9rxqo=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	7:QDRPPuVMWeVdPkf94OrPbL5MC44TZLoWbBEN1tiOCoPTgCm+7WClTcS9W5/YF7sEo9a2VZLQA6svIMkrNwiUxq3Y06KCcownKu/84gejM2Wz+J4jjVt0vLcgyzJ03XMOp+LtMcPm0GE1hQ5IJrMiRZ8eNkv1brcS0NilDW7ZkkjNoRNQzln6Ct75Qv4hJjLIhFmXpYMp4Bzw9g6M5r1aa5Uz7X1If067EyJEHxjQR03ZmI2ZpCSSCgC1M9oMP/Jh;
	20:1odTFX7cYXu9hN/QCzbOj6EXmKlTO9fQDBHQjJMii+jaG4bLvdqxwmqpT0LqjSYkKpySuuuT2QzcWsTV9M41In6fDQerqsF5rLWrgbiTc9JhbSfBEw6bRcCnlLSFSQKfZG9x31nqyzlKmqLEwLNDzk2REldHvLs4KKM6NxDysP4SXscvhxTtFfZXZkCMxDZ0sNLpGcz/HDK38U2jimLHIlUnpKQdVq8cM/MJVvvYLRaqVb25vgSKrBH6ADmks3C5
X-MS-Office365-Filtering-Correlation-Id: 6dfd8199-99db-4e55-352e-08d5c0f2ceea
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2018 21:19:02.2042 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 6dfd8199-99db-4e55-352e-08d5c0f2ceea
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2449
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.45]); Wed, 23 May 2018 21:19:13 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.45]);
	Wed, 23 May 2018 21:19:13 +0000 (UTC) for IP:'104.47.36.40'
	DOMAIN:'mail-sn1nam02on0040.outbound.protection.outlook.com'
	HELO:'NAM02-SN1-obe.outbound.protection.outlook.com'
	FROM:'brijesh.singh@amd.com' RCPT:''
X-RedHat-Spam-Score: -1.031  (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,
	T_DKIMWL_WL_MED) 104.47.36.40
	mail-sn1nam02on0040.outbound.protection.outlook.com
	104.47.36.40
	mail-sn1nam02on0040.outbound.protection.outlook.com
	<brijesh.singh@amd.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.45
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-loop: libvir-list@redhat.com
Cc: Tom Lendacky <thomas.lendacky@amd.com>, Peter Krempa <pkrempa@redhat.com>,
	Erik Skultety <eskultet@redhat.com>, Jon Grimm <Jon.Grimm@amd.com>,
	Andrea Bolognani <abologna@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>, Borislav Petkov <bp@suse.de>
Subject: [libvirt] [PATCH v6 7/9] remote: implement the remote protocol for
	launch security
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]);
 Wed, 23 May 2018 21:20:57 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Add remote support for launch security info.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
 src/remote/remote_daemon_dispatch.c | 47 +++++++++++++++++++++++++++++++++=
++++
 src/remote/remote_driver.c          | 42 ++++++++++++++++++++++++++++++++-
 src/remote/remote_protocol.x        | 20 +++++++++++++++-
 src/remote_protocol-structs         | 11 +++++++++
 4 files changed, 118 insertions(+), 2 deletions(-)

diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon=
_dispatch.c
index a8a5932d7134..30b22fbce092 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -3109,6 +3109,53 @@ remoteDispatchNodeGetMemoryStats(virNetServerPtr ser=
ver ATTRIBUTE_UNUSED,
     return rv;
 }
=20
+static int
+remoteDispatchDomainGetLaunchSecurityInfo(virNetServerPtr server ATTRIBUTE=
_UNUSED,
+                                          virNetServerClientPtr client ATT=
RIBUTE_UNUSED,
+                                          virNetMessagePtr msg ATTRIBUTE_U=
NUSED,
+                                          virNetMessageErrorPtr rerr,
+                                          remote_domain_get_launch_securit=
y_info_args *args,
+                                          remote_domain_get_launch_securit=
y_info_ret *ret)
+{
+    virDomainPtr dom =3D NULL;
+    virTypedParameterPtr params =3D NULL;
+    int nparams =3D 0;
+    int rv =3D -1;
+    struct daemonClientPrivate *priv =3D
+        virNetServerClientGetPrivateData(client);
+
+    if (!priv->conn) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not ope=
n"));
+        goto cleanup;
+    }
+
+    if (!(dom =3D get_nonnull_domain(priv->conn, args->dom)))
+        goto cleanup;
+
+    if (virDomainGetLaunchSecurityInfo(dom, &params, &nparams, args->flags=
) < 0)
+        goto cleanup;
+
+    if (nparams > REMOTE_DOMAIN_LAUNCH_SECURITY_INFO_PARAMS_MAX) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"=
));
+        goto cleanup;
+    }
+
+    if (virTypedParamsSerialize(params, nparams,
+                                (virTypedParameterRemotePtr *) &ret->param=
s.params_val,
+                                &ret->params.params_len,
+                                args->flags) < 0)
+        goto cleanup;
+
+    rv =3D 0;
+
+ cleanup:
+    if (rv < 0)
+        virNetMessageSaveError(rerr);
+    virTypedParamsFree(params, nparams);
+    virObjectUnref(dom);
+    return rv;
+}
+
 static int
 remoteDispatchDomainGetPerfEvents(virNetServerPtr server ATTRIBUTE_UNUSED,
                                   virNetServerClientPtr client ATTRIBUTE_U=
NUSED,
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 95437b43657e..fc649276799e 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -1965,6 +1965,45 @@ remoteDomainGetNumaParameters(virDomainPtr domain,
     return rv;
 }
=20
+static int
+remoteDomainGetLaunchSecurityInfo(virDomainPtr domain,
+                                  virTypedParameterPtr *params,
+                                  int *nparams,
+                                  unsigned int flags)
+{
+    int rv =3D -1;
+    remote_domain_get_launch_security_info_args args;
+    remote_domain_get_launch_security_info_ret ret;
+    struct private_data *priv =3D domain->conn->privateData;
+
+    remoteDriverLock(priv);
+
+    make_nonnull_domain(&args.dom, domain);
+    args.flags =3D flags;
+
+    memset(&ret, 0, sizeof(ret));
+    if (call(domain->conn, priv, 0, REMOTE_PROC_DOMAIN_GET_LAUNCH_SECURITY=
_INFO,
+             (xdrproc_t) xdr_remote_domain_get_launch_security_info_args, =
(char *) &args,
+             (xdrproc_t) xdr_remote_domain_get_launch_security_info_ret, (=
char *) &ret) =3D=3D -1)
+        goto done;
+
+    if (virTypedParamsDeserialize((virTypedParameterRemotePtr) ret.params.=
params_val,
+                                  ret.params.params_len,
+                                  REMOTE_DOMAIN_LAUNCH_SECURITY_INFO_PARAM=
S_MAX,
+                                  params,
+                                  nparams) < 0)
+        goto cleanup;
+
+    rv =3D 0;
+
+ cleanup:
+    xdr_free((xdrproc_t) xdr_remote_domain_get_launch_security_info_ret,
+             (char *) &ret);
+ done:
+    remoteDriverUnlock(priv);
+    return rv;
+}
+
 static int
 remoteDomainGetPerfEvents(virDomainPtr domain,
                           virTypedParameterPtr *params,
@@ -8448,7 +8487,8 @@ static virHypervisorDriver hypervisor_driver =3D {
     .domainSetGuestVcpus =3D remoteDomainSetGuestVcpus, /* 2.0.0 */
     .domainSetVcpu =3D remoteDomainSetVcpu, /* 3.1.0 */
     .domainSetBlockThreshold =3D remoteDomainSetBlockThreshold, /* 3.2.0 */
-    .domainSetLifecycleAction =3D remoteDomainSetLifecycleAction /* 3.9.0 =
*/
+    .domainSetLifecycleAction =3D remoteDomainSetLifecycleAction, /* 3.9.0=
 */
+    .domainGetLaunchSecurityInfo =3D remoteDomainGetLaunchSecurityInfo /* =
4.4.0 */
 };
=20
 static virNetworkDriver network_driver =3D {
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index 296a0871813a..9e979eb85fd9 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -253,6 +253,9 @@ const REMOTE_DOMAIN_IP_ADDR_MAX =3D 2048;
 /* Upper limit on number of guest vcpu information entries */
 const REMOTE_DOMAIN_GUEST_VCPU_PARAMS_MAX =3D 64;
=20
+/* Upper limit on number of launch security information entries */
+const REMOTE_DOMAIN_LAUNCH_SECURITY_INFO_PARAMS_MAX =3D 64;
+
 /* UUID.  VIR_UUID_BUFLEN definition comes from libvirt.h */
 typedef opaque remote_uuid[VIR_UUID_BUFLEN];
=20
@@ -3448,6 +3451,15 @@ struct remote_domain_set_lifecycle_action_args {
     unsigned int flags;
 };
=20
+struct remote_domain_get_launch_security_info_args {
+    remote_nonnull_domain dom;
+    unsigned int flags;
+};
+
+struct remote_domain_get_launch_security_info_ret {
+    remote_typed_param params<REMOTE_DOMAIN_LAUNCH_SECURITY_INFO_PARAMS_MA=
X>;
+};
+
 /*----- Protocol. -----*/
=20
 /* Define the program number, protocol version and procedure numbers here.=
 */
@@ -6135,5 +6147,11 @@ enum remote_procedure {
      * @priority: high
      * @acl: storage_pool:getattr
      */
-    REMOTE_PROC_STORAGE_POOL_LOOKUP_BY_TARGET_PATH =3D 391
+    REMOTE_PROC_STORAGE_POOL_LOOKUP_BY_TARGET_PATH =3D 391,
+
+    /**
+     * @generate: none
+     * @acl: domain:read
+     */
+    REMOTE_PROC_DOMAIN_GET_LAUNCH_SECURITY_INFO =3D 392
 };
diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs
index fe163db73f88..e73152d72371 100644
--- a/src/remote_protocol-structs
+++ b/src/remote_protocol-structs
@@ -2877,6 +2877,16 @@ struct remote_domain_set_lifecycle_action_args {
         u_int                      action;
         u_int                      flags;
 };
+struct remote_domain_get_launch_security_info_args {
+        remote_nonnull_domain      dom;
+        u_int                      flags;
+};
+struct remote_domain_get_launch_security_info_ret {
+        struct {
+                u_int              params_len;
+                remote_typed_param * params_val;
+        } params;
+};
 enum remote_procedure {
         REMOTE_PROC_CONNECT_OPEN =3D 1,
         REMOTE_PROC_CONNECT_CLOSE =3D 2,
@@ -3269,4 +3279,5 @@ enum remote_procedure {
         REMOTE_PROC_DOMAIN_MANAGED_SAVE_DEFINE_XML =3D 389,
         REMOTE_PROC_DOMAIN_SET_LIFECYCLE_ACTION =3D 390,
         REMOTE_PROC_STORAGE_POOL_LOOKUP_BY_TARGET_PATH =3D 391,
+        REMOTE_PROC_DOMAIN_GET_LAUNCH_SECURITY_INFO =3D 392,
 };
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Thu May  2 22:35:13 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527110384613690.7188793713544;
 Wed, 23 May 2018 14:19:44 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 22A1230CBABA;
	Wed, 23 May 2018 21:19:43 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id DEB6128D1D;
	Wed, 23 May 2018 21:19:42 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 633E518033F7;
	Wed, 23 May 2018 21:19:42 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
	[10.5.11.11])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4NLJTVw028820 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 23 May 2018 17:19:29 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 5195A600C0; Wed, 23 May 2018 21:19:29 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com
	[10.5.110.45])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 0B41F60BA1;
	Wed, 23 May 2018 21:19:25 +0000 (UTC)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com
	(mail-sn1nam02on0040.outbound.protection.outlook.com [104.47.36.40])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id B921330C1341;
	Wed, 23 May 2018 21:19:23 +0000 (UTC)
Received: from wsp141597wss.amd.com (165.204.78.1) by
	BL0PR12MB2449.namprd12.prod.outlook.com (2603:10b6:207:4d::31) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.797.11; Wed, 23 May 2018 21:19:03 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=zJXjqwlpnXs9+pCAysxKCrSbWspbvwbfZiefg0GZLeI=;
	b=19wumG89dBuFWHaR+GWFxUN/iUbCcQbYa44yWQ4P5K4YhJaxndOt24fZ7lJRXy678Rd7W8QbEl1XbFegkMBx4nDNQDXJBSCK1zlChFm9WhIch82OdHoGbsJB7NExL63Cgu0CuMu+yafavHoFu/oSFr1kCDwrxMowHyQ4dUX8apA=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: libvir-list@redhat.com
Date: Wed, 23 May 2018 16:18:33 -0500
Message-Id: <20180523211834.15817-9-brijesh.singh@amd.com>
In-Reply-To: <20180523211834.15817-1-brijesh.singh@amd.com>
References: <20180523211834.15817-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: SN2PR01CA0050.prod.exchangelabs.com (2603:10b6:800::18) To
	BL0PR12MB2449.namprd12.prod.outlook.com
	(2603:10b6:207:4d::31)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);
	SRVR:BL0PR12MB2449;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	3:MgPo/1Ghg5vBEcukZkLQGk6YCYje7TP4E/MaCkNckz/OajWbHZlHjGLCB/xMcsPtA5P0OUH89MvMtMjYxrjZfzGLpULnGC0CFdBuK3w9g2IGEIsAPwuUrnTTWrQQmy1Jbb+iodkZGp7QftqA35NCtQh9/Lx7mI/yEeBkxUwqYeeSIYhFbnKkmVTy/2s2Vvi1lAk4TjKSrSZBsdPJkH0u1l0cLEbO+qtJonyH/LcDA/cTbtbrrtOSEAK4lZgUVcD8;
	25:f+NHu+StrVzQiYU/hh+ysaf+XdKCKyAVxVSttFNTj1IdFa1HLHGhj3ufZk19drjtRyMp/4PJ5ak7Zp/wAXhJnSdPEFwVtTZBGxxJ7DbLZSwFRGdY37FrFYxa6PfVZRN0uf9XgCkXdwVsODKd3DrPeyWjWsywaXUIlP29DdXV1ECFK3CldDXL4R3zrPsFbQA67buWAMvfJ0vQPVDA3ucDv6rZCSrpdtNudvrjIMq/9QSyUEEj5PfvWq34YKA3aZDDnFLvPrTXib/sgjauUamVVwiFyuji/J4BhnOVugy/QONyuyzjqjRKN0XZlOhGjo1/hfLO31MuCD5qvpW8gfCIFw==;
	31:RNIje4V3Z0Cr4F58fx5CdYs7o53kMAj4xRABwucSh+GgLLZI0Y9CEclte3+gfazTH3DbYAg4V/W2Lcp+z4IRcbqwknEihMbzzwypgTpkq6rWZ+YkTo4Gx/A6kSKHnZ2gPE3rkuUNVdt6T6qBzLygRZC7UnItt4ksNntIGJmuYTIl5X/bXmvqwiohXfFkB3G6QggyTu+MOg5Y7jtCtAEUDFCazgfEwie8dg2r9EHFPxI=
X-MS-TrafficTypeDiagnostic: BL0PR12MB2449:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	20:ZsDrRVKOiY8pwxbTo8VVOy3xj2wtzJ2p+mmXyac4hAKTR9p7M9R4HSgFYUWSxbJk4cixGDbA8lZha6/bmdjwVBuxEOkONkS3OKgUMTb4yHrg6BKAiM7y1K1x3wjRKbHXSvHNa3BCu9pWiH141hd2qa2nSx5g15vXtlLjPrUMSUW+Jgg/pNNAZxcTOOvl4+28EnZXlH1Z+Skv9RNYoagu235bSguy3hl+M4K5IqGNOWMYegm5ji/H6wEg5irFFbh2mBRZoF/IS1GX2jjWGHCvLP+Gm+BUckjvonI27AmSiBRxtB+jkDki71EhJY8xNCM5yvdhEH5ofXTcIjdoaY39rLmLoxdHxvUpPUi/HI3zSi45awJyvYt6WgEVlGBLzVfydA9G0W2mRqJOa8JAGtIsr466zjlAULh5eZS2N2xpt5o8PpKjEMixbdBziAIaDMorrWwKVZYkFDYNpfKaifxNBW6OeYVscPEBHENU2CkB8Nd4mm1wL7nULwnzPoGkhrdg;
	4:OTLFxHtxcGG6sQPBHfc2Immjf4Tp93HOGk6hKbIIbSmKucGQZz82z45X5gwTSt+n2FyqZUJrzC5fNxilDquTiLX3jF+fN87GM6BXhU173hrgHYn8zk2CRPlCVcePuujIHOIFvwp3WRw0/pjZNzeCAJZHZuaRL2ck0cpGN8l1ywvuE83zpHVdv6H2cmNTrDA5IsPUyHSVsNs8RCOlcZfofCWy+pMZt1OF9JzaoUqJ+0YmxGZsFA2jB5WQcNNIT9wXKJMpgtz6ZZoBkxHgTTo/3dELCKCKhvP0ypPWvgft4a/Wi40ZBp+vh//KRk1ZHmyURZ6vNVESvIQVMGd4JrVxJg==
X-Microsoft-Antispam-PRVS: 
 <BL0PR12MB244982CB65046A5A6C5B1D99E56B0@BL0PR12MB2449.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(767451399110);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011)(7699016);
	SRVR:BL0PR12MB2449; BCL:0; PCL:0; RULEID:; SRVR:BL0PR12MB2449;
X-Forefront-PRVS: 06818431B9
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(346002)(376002)(396003)(366004)(39380400002)(39860400002)(199004)(189003)(956004)(6116002)(53936002)(1076002)(3846002)(4326008)(2616005)(36756003)(446003)(97736004)(11346002)(5660300001)(66066001)(16526019)(47776003)(186003)(6916009)(6666003)(44832011)(6486002)(86362001)(16586007)(2351001)(26005)(478600001)(59450400001)(2906002)(76176011)(2361001)(51416003)(68736007)(50466002)(25786009)(476003)(52116002)(7696005)(54906003)(48376002)(7736002)(305945005)(106356001)(386003)(316002)(53416004)(486006)(81166006)(81156014)(8676002)(105586002)(50226002)(8936002);
	DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR12MB2449;
	H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en;
	PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BL0PR12MB2449;
	23:d9+N8+jlwWIG8Ho/D1mDDXXmLVJtX5TbGTKrwr2M3?=
	=?us-ascii?Q?9cKS2SgtgZAnKH+Hzlv+Z3jqHIS3bunjJEYHoCZEBxF+vQcMC3tuiy+puDWl?=
	=?us-ascii?Q?/N5F+IQ5f9fkRrDI2GA6GXh++e2JLTg9j7SrdoIu5E6sSXlA+kcO4Ev9jiWd?=
	=?us-ascii?Q?GBlrXaqyAw9boztsyQE6xzcnFQhJ2p9LRQd/+RsHuhmJXmKZwlnx1fhs66nL?=
	=?us-ascii?Q?cFWyEB51OKR+zaQQb7UchvtutgX6UjYlQBm/eJbMV5Gp76oAgiMdXSe+Hdh1?=
	=?us-ascii?Q?1j1LjpXN3AIKzOUnSZD9WRuIyKvw4YCkwv4tKz2zh/Y0h5wJIFQsKpcP9SU7?=
	=?us-ascii?Q?/BBl2+fBP3L9tH9zwAuHskL4GMT7rSBzgjZPRtOTKzWkpVu+1G9d5Z9grpOq?=
	=?us-ascii?Q?FYO4FnGnseMJfLvJ4jurIolZXqsHMsuW7xw28nXNWKYzTOQDZsd4Vh3/0sLn?=
	=?us-ascii?Q?bf7vhmYLYzoRLPQEHispiDvmatqeFxqtmzLGvppP8Tbi1zIxOnN2K9YSb7hm?=
	=?us-ascii?Q?JXWAiadz9lj8pV1zq9cldcGNuDRMYEgxJkNPy1maYHrG8wj8fJKWTzmsxOKB?=
	=?us-ascii?Q?VX1AsKmmF384kap30VTuqBKJZRhg1Evya/rqqxLPpVBkhNttOlPr9V8rG/ro?=
	=?us-ascii?Q?UrSLybQ9nKr4YbKpv2FsH0v/8XgoRZpWe4PLR18FvwATjSec2CjAwFHJO5mg?=
	=?us-ascii?Q?CiIWXigdSfN+tbVOnDDdAqDlnOjEAx5jY3NFa7XeIZ4avEXXq2ld4QkjNCCH?=
	=?us-ascii?Q?IhJ2pYbCKHGHv8RfOMe5G6zy5N/1c7YcNs2Qop1sui555AdVPxcxY2A1MKw9?=
	=?us-ascii?Q?0PmV3eVHNM4ya4pJ3Gzr1SvUwU8PB5DIPU5UhJ3f/nOBXfdyTWqp5o/VDd+o?=
	=?us-ascii?Q?eJ0GzfIsBcEPextV/2NOQsHo519i/cPgLyJKlxbt+Ip+Ec/EKLWFR0EoSafr?=
	=?us-ascii?Q?fcv55vI5f9bdRga0kjyapOVymoEhZUP9B+I1/0ZUUkhHOLGmIkm0ettPjZUa?=
	=?us-ascii?Q?pxLakLzA688NpsV5B5s4gi8Qk+itYuGMCrwrPgRsv0hHCzrQNHFwnQrtDJvi?=
	=?us-ascii?Q?M0Z8JMxndXRVweENaHPkPcJkoOmN5V+tyOdGNlqLk5Nxs9XDO5d1mGUYIDpT?=
	=?us-ascii?Q?/ag7frJlmK2rOSpwjWUXHuxNmuIRW4bfDB3r0OJQOphzCetMDGJp7dwdNw25?=
	=?us-ascii?Q?15CpvKBGRZZIlAjPPpwjQxXmbr0bmSXrIItg7U0tbxShJ2HirWNtLvHVc/8T?=
	=?us-ascii?Q?JXNjYnkqiDhDV+/nPCgMAVNZ1SBEyFhVmODgAdU94GFx3kFdGAZ1AHo9ccqh?=
	=?us-ascii?Q?TUT/n4OWoyTeEDBlo3wnV0=3D?=
X-Microsoft-Antispam-Message-Info: 
 n2FhABkqMjqldUfYOi4mH0ivpwRVK4sbWwPST14JyeLxAtivKzoRkA1qZ4l892rLeZw/PX96SPkuWLAPBosS3g2o2FFZ20xesVOdZzyejqRaSx56e3vl6QI8oncNkKJfUqbSFRpsLdSQ9tjwFqRyKOFkk7KHzUSAbbrZZk69jD6lAEWO32lyzrRE6PMUa03o
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	6:QfcaXsjk4hWSliKG7yOZgXPakhZ1XTb3xJQFZm0BRn6ktwidyZeJC3TJH899jeGLjDgHN/HX0kQwFKv4sXLeZ84UxOK6CUP4xNVMdPpIQ+eQD0UoSy8SMQdDCtILStQpM8mI7r0XYAgYXj/i0xEvzX9FaiedDx0edv59XBNtTDhVBxIU5QASoV2ROCEltGJ0tnuYlQcc3r7GDMw2QrVqYyKL16+OA+PY8j1trCvred1QArA+pkA0XFfBlnAUhG+Mu+8sDGKrcINOaxmdwRjFH5NcWYPCg7bdanX5xl9U9FnCO0VLSv8jCd3zvF1C4tKdBi1wyc1GjmoFzHHPRrOXGzX/6rhgSKGB8JSrFltbUxtsi9VZ3ih7IDbnyxwv62tMU0/7FVHKOFnykydXOMZZ+HBcp/Sxa9trnHXsB86xDr15BTiXiyq2isCaLsjWDfV5TbYsoBBLi+GURlicMLGytA==;
	5:OMkq0E87r8NYYliJDLLClWy8fOjXez9S87Cz3IfkSIiCuoZ9vjKqW2DiN3EBk19M5WyfgCDmtObd4gFpdQ30/QT0Qc7+zA3ZcSAn4/kNO6tI+3oNciVqkYJSMFCOZ0LS9YEbGZrQR41gdwkWcsTv4BskODGAwdvbfb1WPmNW0qU=;
	24:B7oiaI8nf9sQtkdImdF/+RVwFcoUCkkRVgi2fREk0AQetiok9fljUc5eH2Nn33DiQa/vuRaLeUf5mm4Xm5GekRQ8rsUP9m0bpfKvy4i45ZU=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	7:XrL4KUk4Htm0zFVS4yvmzTqJ8+bKQtjv4smrPMl4j3FtwBfe3AuSBKZsHywzroD1t3m0ih6ndfFoGvhOoJ0iCL85DUv6m8buY/FKbdjTSw5npBiyH2imvkhTQiWgXXBxvM/vQEJiBw/y4m1+RJyYnv7JEZua4l7bnuanEk1i3RRB0+0HwkqU7TW3bMw0erud2bCs/HRSMclaXq5deb1Sj5oJbIcR2rpTqBNs2RGZP92blmSdQ+IYH5k3XmnJyaz6;
	20:fNmAVLloKGKc8HMnELu+Ju80NasG4w7+erTePoKmgizaLNKnR1EMy0NNNEKuCDhVqIsln2rPW567epbzLDEfR82wEchRrQGBF9EQqgIAMDICkThoiPCsQXirdJfISPa+eNV4/PfSujaQKNJrBuJxzLCxif3LMAyvRBlzjN0xkqjTJbJueIRNRY3kUOFKMICs7GpUJGZAU2y535ByfOuoiZiomCedVaXXStFjazqe7fo76I6vd/UqMXDXJ48PkFwh
X-MS-Office365-Filtering-Correlation-Id: 99fb17d0-480d-48cd-96b4-08d5c0f2cf79
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2018 21:19:03.1429 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 99fb17d0-480d-48cd-96b4-08d5c0f2cf79
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2449
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.45]); Wed, 23 May 2018 21:19:24 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.45]);
	Wed, 23 May 2018 21:19:24 +0000 (UTC) for IP:'104.47.36.40'
	DOMAIN:'mail-sn1nam02on0040.outbound.protection.outlook.com'
	HELO:'NAM02-SN1-obe.outbound.protection.outlook.com'
	FROM:'brijesh.singh@amd.com' RCPT:''
X-RedHat-Spam-Score: -1.031  (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,
	T_DKIMWL_WL_MED) 104.47.36.40
	mail-sn1nam02on0040.outbound.protection.outlook.com
	104.47.36.40
	mail-sn1nam02on0040.outbound.protection.outlook.com
	<brijesh.singh@amd.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.45
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
Cc: Tom Lendacky <thomas.lendacky@amd.com>, Peter Krempa <pkrempa@redhat.com>,
	Erik Skultety <eskultet@redhat.com>, Jon Grimm <Jon.Grimm@amd.com>,
	Andrea Bolognani <abologna@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>, Borislav Petkov <bp@suse.de>
Subject: [libvirt] [PATCH v6 8/9] qemu: Add support to launch security info
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]);
 Wed, 23 May 2018 21:19:43 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

This patch implements the internal driver API for launch event into
qemu driver. When SEV is enabled, execute 'query-sev-launch-measurement'
to get the measurement of memory encrypted through launch sequence.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 src/qemu/qemu_driver.c       | 68 ++++++++++++++++++++++++++++++++++++++++=
++++
 src/qemu/qemu_monitor.c      |  8 ++++++
 src/qemu/qemu_monitor.h      |  3 ++
 src/qemu/qemu_monitor_json.c | 42 +++++++++++++++++++++++++++
 src/qemu/qemu_monitor_json.h |  2 ++
 5 files changed, 123 insertions(+)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 3a328e5d4679..6569dea32fce 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -21194,6 +21194,73 @@ qemuDomainSetLifecycleAction(virDomainPtr dom,
 }
=20
=20
+static int
+qemuDomainGetSevMeasurement(virQEMUDriverPtr driver,
+                            virDomainObjPtr vm,
+                            virTypedParameterPtr *params,
+                            int *nparams,
+                            unsigned int flags)
+{
+    int ret =3D -1;
+    char *tmp;
+    int maxpar =3D 0;
+
+    virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1);
+
+    if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
+        return -1;
+
+    if (qemuDomainObjEnterMonitorAsync(driver, vm, QEMU_ASYNC_JOB_NONE) < =
0)
+        goto endjob;
+
+    tmp =3D qemuMonitorGetSevMeasurement(QEMU_DOMAIN_PRIVATE(vm)->mon);
+    if (tmp =3D=3D NULL)
+        goto endjob;
+
+    if (qemuDomainObjExitMonitor(driver, vm) < 0)
+        goto endjob;
+
+    if (virTypedParamsAddString(params, nparams, &maxpar,
+                                VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT,
+                                tmp) < 0)
+        goto endjob;
+
+    ret =3D 0;
+
+ endjob:
+    qemuDomainObjEndJob(driver, vm);
+    return ret;
+}
+
+
+static int
+qemuDomainGetLaunchSecurityInfo(virDomainPtr domain,
+                                virTypedParameterPtr *params,
+                                int *nparams,
+                                unsigned int flags)
+{
+    virQEMUDriverPtr driver =3D domain->conn->privateData;
+    virDomainObjPtr vm;
+    int ret =3D -1;
+
+    if (!(vm =3D qemuDomObjFromDomain(domain)))
+        goto cleanup;
+
+    if (virDomainGetLaunchSecurityInfoEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
+    if (vm->def->sev) {
+        if (qemuDomainGetSevMeasurement(driver, vm, params, nparams, flags=
) < 0)
+            goto cleanup;
+    }
+
+    ret =3D 0;
+
+ cleanup:
+    virDomainObjEndAPI(&vm);
+    return ret;
+}
+
 static virHypervisorDriver qemuHypervisorDriver =3D {
     .name =3D QEMU_DRIVER_NAME,
     .connectURIProbe =3D qemuConnectURIProbe,
@@ -21414,6 +21481,7 @@ static virHypervisorDriver qemuHypervisorDriver =3D=
 {
     .domainSetVcpu =3D qemuDomainSetVcpu, /* 3.1.0 */
     .domainSetBlockThreshold =3D qemuDomainSetBlockThreshold, /* 3.2.0 */
     .domainSetLifecycleAction =3D qemuDomainSetLifecycleAction, /* 3.9.0 */
+    .domainGetLaunchSecurityInfo =3D qemuDomainGetLaunchSecurityInfo, /* 4=
.2.0 */
 };
=20
=20
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 3b034930408c..977cbe5a41f8 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -4226,3 +4226,11 @@ qemuMonitorBlockdevDel(qemuMonitorPtr mon,
=20
     return qemuMonitorJSONBlockdevDel(mon, nodename);
 }
+
+char *
+qemuMonitorGetSevMeasurement(qemuMonitorPtr mon)
+{
+    QEMU_CHECK_MONITOR_NULL(mon);
+
+    return qemuMonitorJSONGetSevMeasurement(mon);
+}
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index b1b7ef09c929..8a64ae5f3d96 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -1137,4 +1137,7 @@ int qemuMonitorBlockdevAdd(qemuMonitorPtr mon,
 int qemuMonitorBlockdevDel(qemuMonitorPtr mon,
                            const char *nodename);
=20
+char *
+qemuMonitorGetSevMeasurement(qemuMonitorPtr mon);
+
 #endif /* QEMU_MONITOR_H */
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 24d3a2ff412f..041f595ca1e4 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -8024,3 +8024,45 @@ qemuMonitorJSONBlockdevDel(qemuMonitorPtr mon,
     virJSONValueFree(reply);
     return ret;
 }
+
+/**
+ * The function is used to retrieve the measurement of SEV guest.
+ * The measurement is signature of the memory contents that was encrypted
+ * through the SEV launch flow.
+ *
+ * A example jason output:
+ *
+ * { "execute" : "query-sev-launch-measure" }
+ * { "return" : { "data" : "4l8LXeNlSPUDlXPJG5966/8%YZ" } }
+ */
+char *
+qemuMonitorJSONGetSevMeasurement(qemuMonitorPtr mon)
+{
+    const char *tmp;
+    char *measurement =3D NULL;
+    virJSONValuePtr cmd;
+    virJSONValuePtr reply =3D NULL;
+    virJSONValuePtr data;
+
+    if (!(cmd =3D qemuMonitorJSONMakeCommand("query-sev-launch-measure", N=
ULL)))
+         return NULL;
+
+    if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+        goto cleanup;
+
+    if (qemuMonitorJSONCheckError(cmd, reply) < 0)
+        goto cleanup;
+
+    data =3D virJSONValueObjectGetObject(reply, "return");
+
+    if (!(tmp =3D virJSONValueObjectGetString(data, "data")))
+        goto cleanup;
+
+    if (VIR_STRDUP(measurement, tmp) < 0)
+        goto cleanup;
+
+ cleanup:
+    virJSONValueFree(cmd);
+    virJSONValueFree(reply);
+    return measurement;
+}
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 129aab22bf98..66db6653fce4 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -349,6 +349,8 @@ int qemuMonitorJSONGetBlockIoThrottle(qemuMonitorPtr mo=
n,
=20
 int qemuMonitorJSONSystemWakeup(qemuMonitorPtr mon);
=20
+char *qemuMonitorJSONGetSevMeasurement(qemuMonitorPtr mon);
+
 int qemuMonitorJSONGetVersion(qemuMonitorPtr mon,
                               int *major,
                               int *minor,
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Thu May  2 22:35:13 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527110390482743.4901215957415;
 Wed, 23 May 2018 14:19:50 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 214B030A9CE7;
	Wed, 23 May 2018 21:19:49 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D74AA28D1D;
	Wed, 23 May 2018 21:19:48 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 87D294CA8C;
	Wed, 23 May 2018 21:19:48 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
	[10.5.11.11])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4NLJTsl028825 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 23 May 2018 17:19:29 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 5FE9960BB2; Wed, 23 May 2018 21:19:29 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx10.extmail.prod.ext.phx2.redhat.com
	[10.5.110.39])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 2B031D1D2;
	Wed, 23 May 2018 21:19:26 +0000 (UTC)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com
	(mail-sn1nam01on0058.outbound.protection.outlook.com [104.47.32.58])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 68C04D7FEB;
	Wed, 23 May 2018 21:19:16 +0000 (UTC)
Received: from wsp141597wss.amd.com (165.204.78.1) by
	BL0PR12MB2449.namprd12.prod.outlook.com (2603:10b6:207:4d::31) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.797.11; Wed, 23 May 2018 21:19:04 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=HDh1yQJlrOawrD0Zyplqzul+qiUAvtJCB+HMBUxi+TI=;
	b=eHDpeWuOpa8584Writs5eOmemnZ1gR6QV7v4JyYnXMJT1iBotp6WkUwznn9INRsKnYjrQoZQtdQeFIjodGy5J8uROYn7NA0f5HkDMI5Q4CBPGyvJVdRM2eZVmk7jYCbRoLihFJdU9S2FSUWT44q9UGy1/ppyGrHKpAlUc2ILky0=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
From: Brijesh Singh <brijesh.singh@amd.com>
To: libvir-list@redhat.com
Date: Wed, 23 May 2018 16:18:34 -0500
Message-Id: <20180523211834.15817-10-brijesh.singh@amd.com>
In-Reply-To: <20180523211834.15817-1-brijesh.singh@amd.com>
References: <20180523211834.15817-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: SN2PR01CA0050.prod.exchangelabs.com (2603:10b6:800::18) To
	BL0PR12MB2449.namprd12.prod.outlook.com
	(2603:10b6:207:4d::31)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);
	SRVR:BL0PR12MB2449;
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	3:iiBPWYuz8IweHESRrhFkiVpWf+LmcOYfodfExU7evMRCXVFA6kajZr5CJsolUMNK76Ff9vAR6EQ/puzk7MRN2fsDesyrDEiN1xCireMitAYjfnv8pr7Trmjqy2upnIQDwXEOHBRhSj1pZSW3Y/1SXf/OmXSIiNimyBTKAHV7PloP+vQMdddyNlgW5BwdQn5UziGQIyOyGs8J8OyfWjHn5SijgshEUnQklqwFsZta6rCFeyy33CVkr454snlDNO6E;
	25:7x0KDRR3de/5OKErCAReOs7blxHD5bEwxAg65PDQX5DwZH7lA+CVRQ+UXUzrPR3Ob+rswQIqw85mJV5dbnh0TzWgPeht5TKkfn4ha/Bssj0+tJTm01q1msEM84YfioEaOwVDW+kmRTsMcmyXce70ov4Zu+b5YQOCPlS4RwdIMhEm1Os5bEKPqZUYYmXH4vQgtBvHHWqWDOzlW1DeHyBzyaZNzFFpmrwKQRgkpUSqJL7txULsfb2+s3hySU4SPNU/v/7jzxCi8PMCHj+ELxYN8uLld4Ey7tGAHoJ32n7mzRwQF7uC3IAXq+Zd1TeGzWkaFzrvcyaQ21ebvUWN/tD4cw==;
	31:5jSrS4KQGYCu8qIc3tt1kVUl5t83hHS/8RCB8gl6QK87stBg03Fhi4BvcKh08K0J99gJbvB+cBYPcqAr74JX4nHw57RyITUhi+UeBoEbkCraONZbT5/vCIKd5JTVjxEFQelDbsyAVCD+nAHyzVtnaxeC4MIMs32siMf3x3CMF/idM3ML+VusRTJn4b9KXDw9u5johUxDaI7xIuC97lMjPAGob11FQZi6frXlIjdupbg=
X-MS-TrafficTypeDiagnostic: BL0PR12MB2449:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	20:d/1/GlotqMZGSQGrNhW2EPRe3rFLJJVRrnkiVM7NQtkYyF+b14NHlBBwlnlN6XZdmqR3fjCXRMfTZzk4AlXOaE7gxQXYBd5sUvd/ffhNeaYBqUTABy0eRKJv2QEwMs9ThND56vFI7n3dc2JLgTkG025WDy9e4ZuwHujxtfY5UEi37jLQYTgIxcP+VOGq6igx2AV2NL+N7MS+rgzR+SkTwYddvlnI4Uwcmf+XDDxiU+liEdcmOwxPwpQZPQc1FE5jpQ7DTuS8Wku2G3tMM1U12U5tdTA/ZX+umMmz41RtDzFZmCEteB+r0G/JgPCnS83OvKXaZbPBu9wJbRRc1Jq6K89w/bz3/7HTHkuNumPgB8oqMhR70Sc2UxH7fY9V/QcZ7jwFKestH1TLIdaLyAsX/+RP08pVuC6RmR/LaoSqPjopttLyKqf4D0Ch0oAlPEcIO6tZ0Sn/+WyTyJJgsg3aIWrrW1hBwHjr0m7nWtLJfV3TjQWEs6+iEuG5vUsmXZT/;
	4:Uu6MsmiTNlEjhUcLOilwR8sCIl4X0nMwpXobETxxDh/CH6L96Jx+FgG+FFaBz/k70YDzu0qZYtGH2eWAQttijG0Atlicodf6oNadBF1tpBq9bP2UA8ldVAKZyDcHL15QJWGXhOR3YCkTyKufvKxHUO45Y+2iAbYOva/U6rlW5XW7mcQ1Kn8E/3qj0NjuWp4UOa74A+tyfMZEdCYnWDInrgQjvGRmoUR1aicOSKl+T672Z8YnuID6wmbG3UQT+7o4dd4tq/gNt+pmIkl32gq+YMQCWGno6NQIU7/H/8AdtsuGGKKunnF7EqiglDW7RycePOsPEjqGkBMwaJ6TMvcTVw==
X-Microsoft-Antispam-PRVS: 
 <BL0PR12MB2449DCCFA206AAC3CE9D98E9E56B0@BL0PR12MB2449.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(767451399110);
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123558120)(6072148)(201708071742011)(7699016);
	SRVR:BL0PR12MB2449; BCL:0; PCL:0; RULEID:; SRVR:BL0PR12MB2449;
X-Forefront-PRVS: 06818431B9
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(346002)(376002)(396003)(366004)(39380400002)(39860400002)(199004)(189003)(956004)(6116002)(53936002)(1076002)(3846002)(4326008)(2616005)(36756003)(446003)(97736004)(11346002)(5660300001)(66066001)(16526019)(15650500001)(47776003)(186003)(6916009)(6666003)(44832011)(5890100001)(6486002)(86362001)(16586007)(2351001)(26005)(478600001)(59450400001)(2906002)(76176011)(2361001)(51416003)(68736007)(50466002)(25786009)(476003)(52116002)(7696005)(54906003)(48376002)(7736002)(305945005)(106356001)(386003)(316002)(53416004)(486006)(81166006)(81156014)(8676002)(105586002)(50226002)(8936002);
	DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR12MB2449;
	H:wsp141597wss.amd.com; FPR:; SPF:None; LANG:en;
	PTR:InfoNoRecords; A:1; MX:1;
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BL0PR12MB2449;
	23:pCZwSsfLL72xhiKDKohmV+3cyb+awUw+9OGgECMXV?=
	=?us-ascii?Q?48slHI/Hj8bnBDfWt6xgjm1WrquBxCkpE6AlljtAn53JQT3OxRv2K8s0kDax?=
	=?us-ascii?Q?KJgzdgm6zoyp3VsxvD0MfNCyXthaZif0FHTbvfBKg93lkoZsBoeymYbuF/py?=
	=?us-ascii?Q?5/Sly8wTFeQ7SNqeXaxk+Esgv11oZ1dsSQCJ/7vCjTdM3RK2U7kz9fSxT9Fe?=
	=?us-ascii?Q?p+LELmqq1hOV1d9Yn0ylKqDD9u5qJ7HAzMCEXJqznIoSjZHv4LFqLawXdK5j?=
	=?us-ascii?Q?zYLttzfvtuWYNd00kpd5wrFaz5o9UJ61R2rUEqo9cSIGcctLH6eKOGiBM6Bl?=
	=?us-ascii?Q?joyM7I0lQTzqK7U+R7YtT5bI63qV97iz59Ab50Tz9ru2rfUbNENIT4EWyhOE?=
	=?us-ascii?Q?+nmvsDnvCbVkJpsRi7tF25SnFOHbts1q57A74B5iEUf85MXHFM31kD1WxuQ3?=
	=?us-ascii?Q?ii+Qfv8G6q1et+Ny74w7/NvLvtS5y30k2to2wcWSXjDaIJwmqZ9ncicu4+AB?=
	=?us-ascii?Q?lZ3OsOdZv+bwVH/dvHWYfeo+b5jDem3JhLqrMEQ/yYt/PMBH6MqClFWrhzde?=
	=?us-ascii?Q?Z/QrJVQaS3RCpJH7GNqY+KuWkkIcisGYUW2TAzUEv92mIyxpdMYEZ1OC2bZ2?=
	=?us-ascii?Q?Z4zM/TdHYDImEqRRBt1lvh9xlLHpcLl11ftEXWRGXztyDmMKyQO3WQqMQvIq?=
	=?us-ascii?Q?7JiaQSbAY1Qd7+wj2kf84IVCCQz98YdlqdtSLmpKBbzdAlEBYz8pK+qQTUoY?=
	=?us-ascii?Q?MbQ5Dg5tyK4XVMcP+iqSBfwLUFx6s7Nl8fqzYLEQ8DokTrTziuV+jc5bEw/e?=
	=?us-ascii?Q?2jyaMvyYH5232b82L/45ELzn8zzz4K+hwq4zMhG/drafrHbE83xsAU/WKv7z?=
	=?us-ascii?Q?2kOhIVd8I9g4i8cSgDT0PAsLg+7IftwsX4KUqWh0jSqJEguHy+GNIMrfOWs9?=
	=?us-ascii?Q?dAJiR+VIA05hPDFcdvIg5bxoOpn8ykdHVy+Eb2KszcJiEj7Mh/flusQaXtfQ?=
	=?us-ascii?Q?q2vVhrzL0Ihl6WCXriahWquBTrRGYLhcHXfPE7WN00BJeJ0G2T5mJVcBqtLe?=
	=?us-ascii?Q?kepqqm+sfrXT2alpd15N8dderaAExd1a2u+dUdxR1lw17yKT1YYxyFcgvpQv?=
	=?us-ascii?Q?b1BtH74FppkKVIlrWmVHgk85WshYxp6ao5FoAF5cP4tPlub/CIkvubb/bTG/?=
	=?us-ascii?Q?bJ8kxz6W9ESdOPkdc6gqfuUkvBKxVoUYnnhc5VXHGDqRtMOzfdaHsiDFvYj7?=
	=?us-ascii?Q?ziYj7M5V+O1ahzEwQPeckgwLWA6rJssRfUxwkryLOe5i6zACtFLxzmaY50ab?=
	=?us-ascii?Q?izoMrGocEJeXSjLvcUx2+1nF7YHx0RNXGp+JICRkbvKQ2UqVETjUFMu0lPwd?=
	=?us-ascii?Q?vQftg=3D=3D?=
X-Microsoft-Antispam-Message-Info: 
 wD7Df4Ak6p7B4Q61FWjz+02bRJWJuc9BOQbB5toK+8wZ8MrD5ezKSV+f92qLEQSfjcK+J8fYAipJT1gvhnOXv0iTcPlGi9v0Cvtu7bOvIt0+wjQ9IK18Fd47iBWOUZj32OFnK0+zkuV8ZYGvZnrLRGO6N+/2NeaMZVXmdBQ19M6lsvZ2dZcTfBXQO/2LVjjt
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	6:9Og0zyvSA0GGuYuAjeJu6Uao57d1SB8QS4uAUbBEokwL7Q+4nCutxVKNb0qxKYFcwIcaE28vAhArjPglldz2jmfed93oaeb9Pj/zc5/ui/pKdMG+Jcl/LYRGB/NZqe8KUjzx3FuV1+94YjviZ1YCHW0DY8rjxRBmr+YM85L17kEvgnLlZqOg7iZ1Na09Q4TBf1op1ny++0tyDdSp9DpoUzKu9nobji2HUCfwE4F9/KjKurNteY9Sn/5VV4Znn/rckDJdDfNlqFG1hWTEOGd57QtzldS8nESaz9wJWtnPW2UaJYcJ5GSomFxFb1/hjNeQdMBqbMq+1MyL2Skw//hN++SAtIiwsm7s3WbQp+pC+XFfhRjhQKBEZz6x47TDs7iKdYwyCIlqjmVZSUI01WIxkqP+ltggMGIvP+z3Y4A/qsviiJIKTwoeTiow0pEYdYA1dz86ssXv1jxAOwq4FxWiow==;
	5:dbHchREU7tvvFcPDYGHxr0tQa0oOGfadF5YGx+d7dVWYrL9Kxc1hSkvLoSQ8litqpA18gXvs/kkFxl5NdRmjdxm+NCjfJ8R8CckCLpaJWGnMBaM2ujfmUs0WRx01k2w4e18nMwP43OuWiC8j5z7M+giwFqll/dm+SAp3wbpJo0Q=;
	24:ZDJ6RvnVTupR2ObxrYAUZ28723GChAgosufBLpWq6vo+3DgMujOeQ4AkS8PTlZfmzNm56ny32hiYV6ss52WrxIK+GMVV68rGXTLvag4N0YE=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BL0PR12MB2449;
	7:V+lhui2ePosxOBnoTKyIw53vASbHMYQ1k/U2MwHw6S7h3w1CH7m0UryygmzHwkL7EBA1aCminHsjjIOF1wGlNtdN/pAEP8+gopwlE++zG10dhULhlNRQRHQuuM10uB1luCZWyISTrDDLD8b4K37NDde6gFk7MJrddoPM/luRzYGS1K4UK2WH7TzvWdPodNcVynWJh5lH7g0AGZVhOWDaG85IN/gM2+Ylk5MvZFLfwzB1riHfbclMkrz+IFe6D1C6;
	20:PRrHIRfR64ejl8ee1ZPDnKn6/aC+Uu5i7KxE2mIfyxBhCG/aBjjiYt38TPP1clbAKPhyWfWA9cB/2em2R42pNHBpeV0Ucl1KOdTGPIYHvCgnR8SWfnQruMFZF60N3Nf1uWAwFOPgwtj14tUGNMlJKlFT266Kb1J0dJVt+Nd5wlK10To/FPRsr30a3Uw4xn4r+Aj9geUfgBrGnc+exhjk2z8nTMZM23F/dQ7R5OrfoCCN4I/ypWbmks49I589t7op
X-MS-Office365-Filtering-Correlation-Id: 6f8ebabb-40a6-4b21-dfc0-08d5c0f2d01f
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 May 2018 21:19:04.2346 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 6f8ebabb-40a6-4b21-dfc0-08d5c0f2d01f
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB2449
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.39]); Wed, 23 May 2018 21:19:16 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.39]);
	Wed, 23 May 2018 21:19:16 +0000 (UTC) for IP:'104.47.32.58'
	DOMAIN:'mail-sn1nam01on0058.outbound.protection.outlook.com'
	HELO:'NAM01-SN1-obe.outbound.protection.outlook.com'
	FROM:'brijesh.singh@amd.com' RCPT:''
X-RedHat-Spam-Score: -0.021  (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE,
	SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.32.58
	mail-sn1nam01on0058.outbound.protection.outlook.com
	104.47.32.58
	mail-sn1nam01on0058.outbound.protection.outlook.com
	<brijesh.singh@amd.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.39
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
Cc: Tom Lendacky <thomas.lendacky@amd.com>, Peter Krempa <pkrempa@redhat.com>,
	Erik Skultety <eskultet@redhat.com>, Jon Grimm <Jon.Grimm@amd.com>,
	Andrea Bolognani <abologna@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>, Borislav Petkov <bp@suse.de>
Subject: [libvirt] [PATCH v6 9/9] virsh: implement new command for launch
	security
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]);
 Wed, 23 May 2018 21:19:49 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Add new 'launch-security' command, the command can be used to get or set
the launch security information when booting encrypted VMs.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 tools/virsh-domain.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++=
++++
 tools/virsh.pod      |  5 ++++
 2 files changed, 86 insertions(+)

diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index cfbbf5a7bc39..27bb702c8bb7 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -13870,6 +13870,81 @@ cmdDomFSInfo(vshControl *ctl, const vshCmd *cmd)
     return ret >=3D 0;
 }
=20
+/*
+ * "launch-security" command
+ */
+static const vshCmdInfo info_launch_security[] =3D {
+    {.name =3D "help",
+        .data =3D N_("Get or set launch-security information")
+    },
+    {.name =3D "desc",
+        .data =3D N_("Get or set the current launch-security information f=
or "
+                   "a guest domain.\n"
+                   "    To get the launch-security information use followi=
ng"
+                   "    command: \n\n"
+                   "    virsh # launch-security <domain>")
+    },
+    {.name =3D NULL}
+};
+
+static const vshCmdOptDef opts_launch_security[] =3D {
+    VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+    VIRSH_COMMON_OPT_DOMAIN_CONFIG,
+    VIRSH_COMMON_OPT_DOMAIN_LIVE,
+    VIRSH_COMMON_OPT_DOMAIN_CURRENT,
+    {.name =3D NULL}
+};
+
+static void
+virshPrintLaunchSecurityInfo(vshControl *ctl, virTypedParameterPtr params,
+                             int nparams)
+{
+    size_t i;
+
+    for (i =3D 0; i < nparams; i++) {
+        if (params[i].type =3D=3D VIR_TYPED_PARAM_STRING)
+            vshPrintExtra(ctl, "%-15s: %s\n", params[i].field, params[i].v=
alue.s);
+    }
+}
+
+static bool
+cmdLaunchSecurity(vshControl *ctl, const vshCmd *cmd)
+{
+    virDomainPtr dom;
+    int nparams =3D 0;
+    virTypedParameterPtr params =3D NULL;
+    bool ret =3D false;
+    unsigned int flags =3D VIR_DOMAIN_AFFECT_CURRENT;
+    bool current =3D vshCommandOptBool(cmd, "current");
+    bool config =3D vshCommandOptBool(cmd, "config");
+    bool live =3D vshCommandOptBool(cmd, "live");
+
+    VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
+    VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
+
+    if (config)
+        flags |=3D VIR_DOMAIN_AFFECT_CONFIG;
+    if (live)
+        flags |=3D VIR_DOMAIN_AFFECT_LIVE;
+
+    if (!(dom =3D virshCommandOptDomain(ctl, cmd, NULL)))
+        return false;
+
+    if (virDomainGetLaunchSecurityInfo(dom, &params, &nparams, flags) !=3D=
 0) {
+        vshError(ctl, "%s", _("Unable to get launch security info"));
+        goto cleanup;
+    }
+
+    virshPrintLaunchSecurityInfo(ctl, params, nparams);
+
+    ret =3D true;
+ cleanup:
+    virTypedParamsFree(params, nparams);
+    virshDomainFree(dom);
+    return ret;
+}
+
+
 const vshCmdDef domManagementCmds[] =3D {
     {.name =3D "attach-device",
      .handler =3D cmdAttachDevice,
@@ -14485,5 +14560,11 @@ const vshCmdDef domManagementCmds[] =3D {
      .info =3D info_domblkthreshold,
      .flags =3D 0
     },
+    {.name =3D "launch-security-info",
+     .handler =3D cmdLaunchSecurity,
+     .opts =3D opts_launch_security,
+     .info =3D info_launch_security,
+     .flags =3D 0
+    },
     {.name =3D NULL}
 };
diff --git a/tools/virsh.pod b/tools/virsh.pod
index 929958a9533c..31bb26bda2ac 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -2899,6 +2899,11 @@ See B<vcpupin> for information on I<cpulist>.
 Output the IP address and port number for the VNC display. If the informat=
ion
 is not available the processes will provide an exit code of 1.
=20
+=3Ditem B<launch-security-info> I<domain>
+
+Get the measurement of the memory contents encrypted through the launch
+sequence when I<launch-security> is provided.
+
 =3Dback
=20
 =3Dhead1 DEVICE COMMANDS
--=20
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list