From nobody Fri Apr 19 08:33:22 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 152846892066465.65869908799186; Fri, 8 Jun 2018 07:42:00 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 954A3308A940; Fri, 8 Jun 2018 14:41:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 00ED21001646; Fri, 8 Jun 2018 14:41:55 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6BED44CA80; Fri, 8 Jun 2018 14:41:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w58EfcSe026239 for ; Fri, 8 Jun 2018 10:41:38 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4851816BF6; Fri, 8 Jun 2018 14:41:38 +0000 (UTC) Received: from mx1.redhat.com (ext-mx10.extmail.prod.ext.phx2.redhat.com [10.5.110.39]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3FD892A177 for ; Fri, 8 Jun 2018 14:41:35 +0000 (UTC) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0047.outbound.protection.outlook.com [104.47.40.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B7BC95D68A for ; Fri, 8 Jun 2018 14:41:33 +0000 (UTC) Received: from localhost-010236106000.amd.com (165.204.78.1) by SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.841.13; Fri, 8 Jun 2018 14:41:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b34I3cAjMy5KR1Z1yo9z6KiGKi6V09nXYgRiQFdDFdw=; b=SAL/QQeIlf4s3b/IPgDRowbq2qRM14Q02WSB7plAMyAZFQZEjZMIuZATecRUrSDQgIBLkgXTcAX0ikDMdqbBXeyp3OF91HHC778XUMyiB6vVXOmwckdCvL6vP/tDAfeZB/yviK6Y8yfn3hhNX81HAAPU7159IYXP+WBO4FQwgXU= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Fri, 8 Jun 2018 09:40:51 -0500 Message-Id: <20180608144101.34228-2-brijesh.singh@amd.com> In-Reply-To: <20180608144101.34228-1-brijesh.singh@amd.com> References: <20180608144101.34228-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0133.namprd05.prod.outlook.com (2603:10b6:803:2c::11) To SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN1PR12MB2461; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 3:Y4rEabzzs2MhLWOm7iCIZLpNFwytIuDERS9O4kb4D7fqpOfgApgBDzf+WOs+s/mBJHQ2UNcQdjtrPwe1vUH5bpxKtyHDV6k7veCEpz6jDA+f9GMKicSh3cscpkAwPGTpB+Ccrvs1h/Bk35nU5TsbUBAJYWVHyUDpL2XCNlS+yJhBE6WZYtiKIrYhDnX6I5IeDdTVwV0n7SODGiHB1iWhz815ERWOSmVeSIAFaGcs0JryyhHEBFO8mXl7o+bk3Ei/; 25:Ke6CkLfOHoxlAsYO6xSgxRSc9csiKdNBdOorJcgSY7hMt0a7azMbDYMo9cRVFGpwZI+oEQXW4NWe0w/NmTjvr2wMaCRfctz2MN/DYQd57d3pIHjPinrMALRDtPdlxRVYWcVLk6DAGeJLFQKP2CZWAGArZwQbCCSN4MdL21TKDDATOhJOjfHuuQLLJ1PDltz8FCtu+LbhKZ4Xzl3riClEgW6N9eP5bc2U2UfM/Zt0R+aHt5JcpBkFWO77FkBhtEwsPw/ngHN2KWMBUYCmUIcBxa1x1E2FUiE5hyxS8qfpG/8HL3QDKuips4BWuoKKmvj1LpHtKSbvIK2iErhwI5V2CA==; 31:QjAOKWDenOpGP1n0TtS7PpSpeq5J2DaDUCyO5dAxt4TV6fDxAT534R90WRCTr+M6rwYHVnQ8tINXRSoxHsoodD/QePEn+/oS+l4HmhLhNAvveX5UuGcG1Z+At+CW8ajqak6L7vk4DBdX+Frhr5tPDtHBeKj6bqhL3zih3ZnOXipcuBGgtqg6vAzK2HGNd9i+Ep3q1/R+and1cmIxNqyfzgIHEVSOwRkfxTDIAAM3zTs= X-MS-TrafficTypeDiagnostic: SN1PR12MB2461: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 20:XBNJz0apSNXv8UWLbgNrqafpHwq00flAfx+xdMm11sLLIf5eyHv7/O/qGmT6oFhwx8FtKb0P0enpupVNisjJuUlsveEs/a0mY/CoCc1SOVXwaRPjWWx8Iu+MONWMTynWZ7U3pt+N0cRb4QmJsZBNvHowVuc+g8cOzIbIj7uH3ct8knmHY02r47St0Pjh3SNDn2vyLnX9bvSoQscA9aXd2U0kcMfO8JPabt4naidC+lixHogUxt6zbz+TQG3O31aPdRULyr9aBBaC2S/PtccTEIbGbYlGx2z2V5Xl5gjRUtYAiI+0XRoBUO2XPaqiELVQxwvxNZ8IKaoQ2BedKHK4mIOMsFGY8evgpEfgAe9XwUulguY1cUpeI6cUaSSmLAInPgI3NqFcTSBnoHdPJciKc9uPAA3Nween/W+adGs8tZaiInluLYRBs9rUXATvZDuIwq4uWSe/ZEhpE9TXemYa5dAcdJQlSPz1eljUHWwSZWROlv1grD9WgfbCq1iS86lm; 4:+G9c1kbbgtXZg2JSKqubZtRCqLtAAN5CPLNP9rxW9IsFwthUpqu0sagYszU5A7dSPrB6mK5DsVUfJtzs9pxmyDIjQGFWD2kYAmsBS0Ph3fOo0ZZxfDXdUKF6uV3Ju2kjV1aH5k7RdmYqJiNJlshFd6O8ZoJRyx7KxGgD8elmhtbiDki4AmjSUZU1slUS3cnRfhC+e6SvNwCAl0Jy8rVUbQNFyp8CQGoj7ABjcWdkBg52gHEKo1tQ8YrmcEoYIms3udUZZM3kDGtEotFPWXBOaP8mF0XhIwpDRnt1ggcGez27Ovk6YYOYljia9TM62sE0 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:SN1PR12MB2461; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB2461; X-Forefront-PRVS: 06973FFAD3 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6069001)(376002)(39860400002)(39380400002)(346002)(396003)(366004)(189003)(199004)(106356001)(68736007)(2361001)(105586002)(305945005)(7736002)(4326008)(2351001)(53416004)(86362001)(575784001)(76506005)(5660300001)(50466002)(47776003)(6666003)(48376002)(81166006)(81156014)(66066001)(478600001)(6486002)(25786009)(8676002)(6916009)(6116002)(3846002)(8936002)(1076002)(97736004)(50226002)(386003)(59450400001)(54906003)(51416003)(76176011)(36756003)(52116002)(7696005)(53936002)(316002)(16586007)(476003)(956004)(2616005)(11346002)(446003)(44832011)(486006)(2906002)(16526019)(186003)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB2461; H:localhost-010236106000.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB2461; 23:o3EfReBZ3NJdRce9RdIBMGMIGPm3/1ru4f6pmcBbu?= =?us-ascii?Q?plSuf68QteE5k2+jKD6XhxPeIkj+wOCStLQuhvGWo9XBIFJ6vp9O4gWuYoCP?= =?us-ascii?Q?k+Zzq+tBpIV3qEp2MpfZrdGUr6lqhvbIx2IHYJRglzL4ND6Apbj4BwPtde7e?= =?us-ascii?Q?7fbu99++4bN3S+FBX98U9iIlylMpfV2kiNZSbMPdfryCi6WLcCKV0a1ol5/V?= =?us-ascii?Q?+tm6KuqaT0NseOBlnU898/lE2gwub/5uuDTJPrApOT9ASOF2G/L520vbnp6W?= =?us-ascii?Q?7lUOrWtLHpZz0DNBv0Ah01N7Dwl3dlPjG3wLw8s//M6i3tJuHvua+B8n83A+?= =?us-ascii?Q?1JXefgOxTeLjeyE4bKcvTG1ju7a+zWEAkMSHUWfGWXl7mPQpb0/Y5x1/eYc/?= =?us-ascii?Q?H9mS+WDo9cqgQHFE9DulL3pp5UNRRbxEUuR3DxASaaIXS8hXpl/Ji+8hgnqg?= =?us-ascii?Q?JZKU7Xz2HTD3kdswegM7/ScwvX7yGCmsr5VIZ7FIcY8sWuvk+1X55jNbrbk4?= =?us-ascii?Q?mi2YvPrtqBMq+zFtxUh7XlNuQ+qol4puEzEXpS4Q+qlakE8MdlsnlTIZounb?= =?us-ascii?Q?vj797DsWhtuApK1zxF5g8WJStPZwZl0FK8RjpuSW6eIMS9KeaX+OPdtME71w?= =?us-ascii?Q?F209gTEtzhhgdYts6hrL4Wb4Vey+woIvZ90wMi0INj80zrQF6PBogcTV2jbF?= =?us-ascii?Q?Y6f65GA8gY7CBiWW+b04irervIO7Z/2Pwg77GN/fvah//5h4pkZSIubUuDzG?= =?us-ascii?Q?Iu3fPY8Mm1CZKC5zuIl5nqDy6DQ5u8wkNJEUzfeuLTPI5kkKCptOx9bAThzA?= =?us-ascii?Q?S1FhJN1qVr0g6g019dkXKiGPkqahwzQkxCruLtSjVM+B4DBUdmHI29Fy2mA6?= =?us-ascii?Q?VGdBnVsI9wAictn/ySxSaKcFUOyK1hCYhbaeQP3SBDrCFJ62tVxCk7g+NVFE?= =?us-ascii?Q?1LNzF+LBnyD8KpFR6EiYEtx1snieEuSaWuyJkS8McubHUbHSamfE2b6Dn3Ck?= =?us-ascii?Q?E6MVLEH2mMQeUeNTPV/L4N17swxLgo7xXMJR/6zx1PwfpZtgedEoHnFKnR7k?= =?us-ascii?Q?mNxFtuoeAwksniTPamJSOk5uZv7hQJoi+Fm7s5eDYbCEHzALqGCypVCRcUCB?= =?us-ascii?Q?jnUyXcO/g8JhoNScXXX20y42Mk0yqh/jJtKqy06YVIA2c2z7u0K7znHzIs2u?= =?us-ascii?Q?QNB4WqY8JDDa2/efb1HaD+UOE5NvXQ2YDQe6kFLQPDZ2JYchxaGddHX/GTZk?= =?us-ascii?Q?WeY9SNj9RioOL66aZyfsS+PgU9V1yy9yrJTby9lZ8dB9HsRmajm+/59tFrTm?= =?us-ascii?Q?F5VQv0LqlI5xrjothoX1QVdDa1vfSc/qQ9VKSFdgmcNK4uTlRu3sfe67Xd19?= =?us-ascii?Q?Q9mT2cNvh6TNMPGYkaWXOpFQxE=3D?= X-Microsoft-Antispam-Message-Info: L06eSJDdlJ2Jcs9QKHp+GvYE2Lax/4KyVjWedAkWhuPX6WH9MX6nXw8boVB0fMiJIHDTusDDsbcCIW5lHe+nje5vW9kdqTeIOtWrwJWUgrgcceZhDR48tN4I0kZAgSCE8a1GqEo4pawyoUqwXWIU73N587vjz1bbbLLm9b8NBkSJ261NISuaVKRs7Qr5PVGH X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 6:/3544nQ6bIM4FrhARvhtjVngPta+ZIRQbkENkCUUHNIexE6xEtZnsJqcNJyH+7cby+VG72Ad0egyEtPxWdlGX3nM/bfJ6syQ7+J+hms63XLWYWk0fXNyBTFPKOIRkWsv4Tgfq3XyPQR5epCr6QufZedn720bMqCMUSleNDb2NYd2I4fZ6Z/y5SSFyG8PDC8pM/34zHMCmmi493cFyKc8Cz3T87wjfHljphVt2oZ3/9binKzvO5ccPfUpKbKgjHtwi6aQA0eWK4YkP1ch0nadkzbfaT4E42hg1xMlsqjFzaEW4gKIHZwweOGk9t55b1fWkiaCCZuxGxjqIcRtTjRgeZ4Xkc3ZYSbNYfci91jK8qG5wpQFaSVZ6gYYHtnMa31eL12n8y4l3XappHDNwLWskeYt63i9Rlk74qT4tzc2ShS4pMw6Wwwpyx5w1ql/m5L+7bAy+kXz+kwnH1WyhTUCfw==; 5:ViwDRzAOzEEynkOzlp+M3GjcEqYt0KiQ0FYiAGm9FLKq7h/ri2Opdwq3W9e1nbo4cfNzycTVCd5i+Y5bswWzdp0ZioUQFnAIlDBEBnlXkDCYj+SagIxGOWHvy83/NUGN8tNm8K+yRj8ZfNDEMmKtZjBkzxb4QbIHlBQ/aHjqgBM=; 24:0s2mfnDsaEBaRi+LZA408wPvGjK+jwiUmv7IJ05DDzq0/rz2tIPEDqbkVzr6AfLArqTQhrxWIETGBqXJ6UBpE+S5WxgCl/MpHr2qzdvYELQ= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 7:HrjX9vqLdsK5YdVKukbe7eZiNld7TwBcEBtzOjDMITQHNyFlcpTtJVXGoW53DMZoxYufuYM63bKHqf465tTB2BS2yXE/ObDXuRmnD/RziAVx3+4M5cBsCK9OaCuTrm/2lc/3pRB5ecYEzuK/8mvczGECwQWpFnN3rParOlZYjrVhMjBpMwV1JCzPxUdHysurOiJBjHULTyDXB511/jA0eX5nUWpIUYu1wookoS0hPXSF9FcVxZCn0J0kjeLCGRDe; 20:2MHfdxB4l66O+gg5upPlI5xiBp0cVZjKWNRkt3nX0dSBwGOEbbSzO1qowQ7JTz21VfRmHD9esRAjM0IOvnyXSXGST9CQOPFKWgmJnFAMeb94s9KM8JdfSM0nURUBjZIj1fI/nyXwFH+Ipaqt2EuCZ/VmESPVrtWbybxgcsZS/R21SiU82PXUk28d0d8T0siHd7E/ia7iYs0Bj6BybtieG5iCKI/XRDJre58Mi7p8BiMU78OoozYAfO6o9Ao73Zw4 X-MS-Office365-Filtering-Correlation-Id: e0c3912d-df76-4216-01da-08d5cd4deb3f X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jun 2018 14:41:28.3912 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e0c3912d-df76-4216-01da-08d5cd4deb3f X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2461 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 08 Jun 2018 14:41:34 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 08 Jun 2018 14:41:34 +0000 (UTC) for IP:'104.47.40.47' DOMAIN:'mail-co1nam03on0047.outbound.protection.outlook.com' HELO:'NAM03-CO1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.021 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.40.47 mail-co1nam03on0047.outbound.protection.outlook.com 104.47.40.47 mail-co1nam03on0047.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.39 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Jon Grimm , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v9 01/11] qemu: provide support to query the SEV capability X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 08 Jun 2018 14:42:00 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" QEMU version >=3D 2.12 provides support for launching an encrypted VMs on AMD x86 platform using Secure Encrypted Virtualization (SEV) feature. This patch adds support to query the SEV capability from the qemu. Signed-off-by: Brijesh Singh Reviewed-by: Erik Skultety --- src/conf/domain_capabilities.c | 12 ++++ src/conf/domain_capabilities.h | 12 ++++ src/libvirt_private.syms | 1 + src/qemu/qemu_capabilities.c | 37 ++++++++++ src/qemu/qemu_capabilities.h | 4 +- src/qemu/qemu_capspriv.h | 4 ++ src/qemu/qemu_monitor.c | 10 +++ src/qemu/qemu_monitor.h | 3 + src/qemu/qemu_monitor_json.c | 79 ++++++++++++++++++= ++++ src/qemu/qemu_monitor_json.h | 3 + .../caps_2.12.0.x86_64.replies | 10 +++ tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 3 +- 12 files changed, 176 insertions(+), 2 deletions(-) diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index c20358e..3589777 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -67,6 +67,18 @@ virDomainCapsStringValuesFree(virDomainCapsStringValuesP= tr values) } =20 =20 +void +virSEVCapabilitiesFree(virSEVCapability *cap) +{ + if (!cap) + return; + + VIR_FREE(cap->pdh); + VIR_FREE(cap->cert_chain); + VIR_FREE(cap); +} + + static void virDomainCapsDispose(void *obj) { diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index b0eb4aa..56c1903 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -137,6 +137,15 @@ struct _virDomainCapsCPU { virDomainCapsCPUModelsPtr custom; }; =20 +typedef struct _virSEVCapability virSEVCapability; +typedef virSEVCapability *virSEVCapabilityPtr; +struct _virSEVCapability { + char *pdh; + char *cert_chain; + unsigned int cbitpos; + unsigned int reduced_phys_bits; +}; + struct _virDomainCaps { virObjectLockable parent; =20 @@ -202,4 +211,7 @@ int virDomainCapsEnumSet(virDomainCapsEnumPtr capsEnum, void virDomainCapsEnumClear(virDomainCapsEnumPtr capsEnum); =20 char * virDomainCapsFormat(virDomainCapsPtr const caps); + +void +virSEVCapabilitiesFree(virSEVCapability *capabilities); #endif /* __DOMAIN_CAPABILITIES_H__ */ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 2245101..ea24f28 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -185,6 +185,7 @@ virDomainCapsEnumClear; virDomainCapsEnumSet; virDomainCapsFormat; virDomainCapsNew; +virSEVCapabilitiesFree; =20 =20 # conf/domain_conf.h diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index a673709..8b3ffe1 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -497,6 +497,9 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST, "tpm-emulator", "mch", "mch.extended-tseg-mbytes", + + /* 310 */ + "sev-guest", ); =20 =20 @@ -563,6 +566,8 @@ struct _virQEMUCaps { size_t ngicCapabilities; virGICCapability *gicCapabilities; =20 + virSEVCapability *sevCapabilities; + virQEMUCapsHostCPUData kvmCPU; virQEMUCapsHostCPUData tcgCPU; }; @@ -1135,6 +1140,7 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[= ] =3D { { "vmgenid", QEMU_CAPS_DEVICE_VMGENID }, { "vhost-vsock-device", QEMU_CAPS_DEVICE_VHOST_VSOCK }, { "mch", QEMU_CAPS_DEVICE_MCH }, + { "sev-guest", QEMU_CAPS_SEV_GUEST }, }; =20 static struct virQEMUCapsStringFlags virQEMUCapsDevicePropsVirtioBalloon[]= =3D { @@ -2078,6 +2084,16 @@ virQEMUCapsSetGICCapabilities(virQEMUCapsPtr qemuCap= s, } =20 =20 +void +virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps, + virSEVCapability *capabilities) +{ + virSEVCapabilitiesFree(qemuCaps->sevCapabilities); + + qemuCaps->sevCapabilities =3D capabilities; +} + + static int virQEMUCapsProbeQMPCommands(virQEMUCapsPtr qemuCaps, qemuMonitorPtr mon) @@ -2665,6 +2681,21 @@ virQEMUCapsProbeQMPGICCapabilities(virQEMUCapsPtr qe= muCaps, } =20 =20 +static int +virQEMUCapsProbeQMPSEVCapabilities(virQEMUCapsPtr qemuCaps, + qemuMonitorPtr mon) +{ + virSEVCapability *caps =3D NULL; + + if (qemuMonitorGetSEVCapabilities(mon, &caps) < 0) + return -1; + + virQEMUCapsSetSEVCapabilities(qemuCaps, caps); + + return 0; +} + + bool virQEMUCapsCPUFilterFeatures(const char *name, void *opaque) @@ -4064,6 +4095,12 @@ virQEMUCapsInitQMPMonitor(virQEMUCapsPtr qemuCaps, virQEMUCapsClear(qemuCaps, QEMU_CAPS_DEVICE_VFIO_CCW); } =20 + /* Probe for SEV capabilities */ + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST)) { + if (virQEMUCapsProbeQMPSEVCapabilities(qemuCaps, mon) < 0) + virQEMUCapsClear(qemuCaps, QEMU_CAPS_SEV_GUEST); + } + ret =3D 0; cleanup: return ret; diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 884b406..f80da91 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -482,6 +482,9 @@ typedef enum { /* virQEMUCapsFlags grouping marker for = syntax-check */ QEMU_CAPS_DEVICE_MCH, /* Northbridge in q35 machine types */ QEMU_CAPS_MCH_EXTENDED_TSEG_MBYTES, /* -global mch.extended-tseg-mbyte= s */ =20 + /* 310 */ + QEMU_CAPS_SEV_GUEST, /* -object sev-guest,... */ + QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; =20 @@ -615,5 +618,4 @@ bool virQEMUCapsGuestIsNative(virArch host, =20 bool virQEMUCapsCPUFilterFeatures(const char *name, void *opaque); - #endif /* __QEMU_CAPABILITIES_H__*/ diff --git a/src/qemu/qemu_capspriv.h b/src/qemu/qemu_capspriv.h index 4b7a04a..cb5e0dd 100644 --- a/src/qemu/qemu_capspriv.h +++ b/src/qemu/qemu_capspriv.h @@ -90,6 +90,10 @@ virQEMUCapsSetGICCapabilities(virQEMUCapsPtr qemuCaps, virGICCapability *capabilities, size_t ncapabilities); =20 +void +virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCaps, + virSEVCapability *capabilities); + int virQEMUCapsProbeQMPCPUDefinitions(virQEMUCapsPtr qemuCaps, qemuMonitorPtr mon, diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 215135a..fd6bce9 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -3850,6 +3850,16 @@ qemuMonitorGetGICCapabilities(qemuMonitorPtr mon, =20 =20 int +qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon, + virSEVCapability **capabilities) +{ + QEMU_CHECK_MONITOR(mon); + + return qemuMonitorJSONGetSEVCapabilities(mon, capabilities); +} + + +int qemuMonitorNBDServerStart(qemuMonitorPtr mon, const char *host, unsigned int port, diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index 4384372..75d5d98 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -711,6 +711,9 @@ int qemuMonitorSetMigrationCapabilities(qemuMonitorPtr = mon, int qemuMonitorGetGICCapabilities(qemuMonitorPtr mon, virGICCapability **capabilities); =20 +int qemuMonitorGetSEVCapabilities(qemuMonitorPtr mon, + virSEVCapability **capabilities); + typedef enum { QEMU_MONITOR_MIGRATE_BACKGROUND =3D 1 << 0, QEMU_MONITOR_MIGRATE_NON_SHARED_DISK =3D 1 << 1, /* migration with non-= shared storage with full disk copy */ diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index e8a46d2..ba0da9a 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -6401,6 +6401,85 @@ qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon, return ret; } =20 + +int +qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon, + virSEVCapability **capabilities) +{ + int ret =3D -1; + virJSONValuePtr cmd; + virJSONValuePtr reply =3D NULL; + virJSONValuePtr caps; + virSEVCapability *capability =3D NULL; + const char *pdh =3D NULL, *cert_chain =3D NULL; + unsigned int cbitpos, reduced_phys_bits; + + *capabilities =3D NULL; + + if (!(cmd =3D qemuMonitorJSONMakeCommand("query-sev-capabilities", + NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + goto cleanup; + + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + goto cleanup; + + caps =3D virJSONValueObjectGetObject(reply, "return"); + + if (virJSONValueObjectGetNumberUint(caps, "cbitpos", &cbitpos) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sev-capabilities reply was missing" + " 'cbitpos' field")); + goto cleanup; + } + + if (virJSONValueObjectGetNumberUint(caps, "reduced-phys-bits", + &reduced_phys_bits) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sev-capabilities reply was missing" + " 'reduced-phys-bits' field")); + goto cleanup; + } + + if (!(pdh =3D virJSONValueObjectGetString(caps, "pdh"))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sev-capabilities reply was missing" + " 'pdh' field")); + goto cleanup; + } + + if (!(cert_chain =3D virJSONValueObjectGetString(caps, "cert-chain")))= { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("query-sev-capabilities reply was missing" + " 'cert-chain' field")); + goto cleanup; + } + + if (VIR_ALLOC(capability) < 0) + goto cleanup; + + if (VIR_STRDUP(capability->pdh, pdh) < 0) + goto cleanup; + + if (VIR_STRDUP(capability->cert_chain, cert_chain) < 0) + goto cleanup; + + capability->cbitpos =3D cbitpos; + capability->reduced_phys_bits =3D reduced_phys_bits; + VIR_STEAL_PTR(*capabilities, capability); + ret =3D 0; + + cleanup: + virSEVCapabilitiesFree(capability); + virJSONValueFree(cmd); + virJSONValueFree(reply); + + return ret; +} + static virJSONValuePtr qemuMonitorJSONBuildInetSocketAddress(const char *host, const char *port) diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index 2ae0faa..4c10574 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -152,6 +152,9 @@ int qemuMonitorJSONSetMigrationCapabilities(qemuMonitor= Ptr mon, int qemuMonitorJSONGetGICCapabilities(qemuMonitorPtr mon, virGICCapability **capabilities); =20 +int qemuMonitorJSONGetSEVCapabilities(qemuMonitorPtr mon, + virSEVCapability **capabilities); + int qemuMonitorJSONMigrate(qemuMonitorPtr mon, unsigned int flags, const char *uri); diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies b/tests/= qemucapabilitiesdata/caps_2.12.0.x86_64.replies index 78e1b45..ddee9b9 100644 --- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies +++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies @@ -19039,6 +19039,16 @@ } =20 { + "return" : { + "reduced-phys-bits": 1, + "cbitpos": 47, + "cert-chain": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA", + "pdh": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAO= AAA" + }, + "id": "libvirt-52" +} + +{ "return": { }, "id": "libvirt-1" diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml b/tests/qemu= capabilitiesdata/caps_2.12.0.x86_64.xml index 2afd7ad..0c38826 100644 --- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml @@ -210,9 +210,10 @@ + 2011090 0 - 391586 + 391832 v2.12.0-rc0 x86_64 --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri Apr 19 08:33:22 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1528468987912177.27904023635995; Fri, 8 Jun 2018 07:43:07 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CBB4C3084047; Fri, 8 Jun 2018 14:43:06 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8F8AE3001A57; Fri, 8 Jun 2018 14:43:06 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2866F4CA84; Fri, 8 Jun 2018 14:43:06 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w58EfcHS026238 for ; Fri, 8 Jun 2018 10:41:38 -0400 Received: by smtp.corp.redhat.com (Postfix) id 47C764529; Fri, 8 Jun 2018 14:41:38 +0000 (UTC) Received: from mx1.redhat.com (ext-mx10.extmail.prod.ext.phx2.redhat.com [10.5.110.39]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3F20126E5C for ; Fri, 8 Jun 2018 14:41:37 +0000 (UTC) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0047.outbound.protection.outlook.com [104.47.40.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0EA625D675 for ; Fri, 8 Jun 2018 14:41:36 +0000 (UTC) Received: from localhost-010236106000.amd.com (165.204.78.1) by SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.841.13; Fri, 8 Jun 2018 14:41:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6hAO6/HT+uCJv5onTpRYtLl3mUAkwfy33aLPaWdJj08=; b=gIvcmc/V78IvOUlwS8FMBRgG13DUl+QcSUIz3icUovUXBB7FMID16ubKDKxFUImkjA6Wc6OjNQh2EgZaPfBX+1300h39fbpl/4Q9Hq0CYEy1YOoOBjn54joyJ3XZ9s8n+hU+G111M0wyzAVn59mUw0EYxLAnDYOvsihBSnPYtro= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Fri, 8 Jun 2018 09:40:52 -0500 Message-Id: <20180608144101.34228-3-brijesh.singh@amd.com> In-Reply-To: <20180608144101.34228-1-brijesh.singh@amd.com> References: <20180608144101.34228-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0133.namprd05.prod.outlook.com (2603:10b6:803:2c::11) To SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN1PR12MB2461; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 3:nom5rKCQGwNtEOyuJ2j7ahg4pjFVrfqv9y19T+k98JRFKEcmElTV8PxZhlzK1QtjjiretZrz+UR2X9lIGLh7oHZDBBo34FMZBRqcmFsM2xQYNgqyHVP/+6DDS1yMea3/6T0IjsxM61Z3E02DZOzqHcFSJCfWOaIbLNN2eNk45xzdMV8UPkna5gu1JW+OLkjNPKia18YbZ4xPmtKnoWYXjj3iM2Yae3v110xcl4G6kLIeFpFUmOZzdVBhgv+cdT80; 25:S5JI6Zmh1aCs2gdajgi6t6afHySNxTVaPQCDPabdBIfNDUnaEwQSB8jKMxnKxoX/2Nu/fbbTdPhuUmrsmh/SEpLrKIPg911vVnWySJA83LZ22ednUZ4MHY07OJrBLwKgl1DQ+SnEUPcJkrMQbT6oqibAfXTYbJ8jkIOZd9Nt5rooAwMZ1Xp7njyrRSWKH3C1KK/vh8sAgaRJWZLSyXDoyxKydRElWcMuvLjUJJs/h9b7vKOzRfB7MF+rBH4BRMlm8TlLzI4H/IWNw4SZMeHEz7nv0y0EFYTKanydmNpn2rz7vsVsBqdoPia6wKizCgK9PvAPj+u48sAlPeCc8qd0tw==; 31:9wHYkB9KBcegB0WSBejk5oRLm0GTWWMY69HQHbYHW1gn3WNCrMdGegOzp+oFUMphXCgzBjcb7mrDkkBBlsTi9Q3VE85kOpPtSpEe9/elRGhgW1UknJxlxDTTg0oJO7DeuYwPLrQ8v2MM6NFjA8AOYqFhefwWaz3uEPz03SKQ2OcMt8JNVoFzIUvd+XW2AA6iGQUbgkuiXTKuc/HZ9W4N6PX3DdYe3DYKpqwA3IvQ2P8= X-MS-TrafficTypeDiagnostic: SN1PR12MB2461: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 20:+Zi4SSFS9+7CRrcQmyAQjeouA2m1JyHfOPApJz+xjBTzT6lmC79E76vX69Kmlxb2XH7ShzlQULHvATI5e26vWyoh7LQ7VuNBON4j9Oap/ndbanwQGIq0pvtt3/w/gLgYf9Xute7nl6CwdJG+jrefHmER3jGNnQYquX/KK9q/7iuSKIpO05BkmgcOf9RUxds9x6cn0p4eazRot2jQY0qvwA3EGalGinx1UZDtWlzIoL7GrrzVpCrOe0sMGjRU5BSBYALaLHfa8Sa6I9xV+ZPi4kxabX7T82gxfvzdcNsoD9kQg/6+0KasKHxivLsUM5lRdbC3u3wnnfRVSNiffPzJK3ABF9vtxIg03DnjnH+kDoeqw3TG3uORH83hCfq3QJfLUE9tsDUFXEXCkdl+Ime+igdxw0vq/pqEumw3Jk4sjtLLkfr36NLNA11PqTViewn58Xb/6s/IT1SLwnioON63vMiD8/8Acs4egmGBqFBJxIwa6drh0WkDux4iNL/nywrv; 4:7BPRk7fnraO0SQ0gNrLGGRJhyKj9bjISQXCgfajx7OntISVvhxX2IHaJiORTrqGzBCQN+c3Yw9tEj6upEdDnxvI3cq/7L1+p3nAPL9f5Fkt+TB6rsRjK5OKbr7UYBMSAKvjzZ0YevZDz8bRyI3HMBbpIIDqiEb+hhJPEAvD09F+scVCs282ZlYozcR535MTJHRQTfrL7PNgSi2dRCJn43vx0l2xTb85BXVosxr+DrKo37mKY6pq49gFfuHNnzAWkMh6TYUflK5NyqZf8vQOrwKxvsyBFkTM3KrfHi6S5apiia5SJ1LabrSDi++bbwq7bm2QvXP9ZoZnabd8xmtNbNw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(20558992708506)(767451399110); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:SN1PR12MB2461; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB2461; X-Forefront-PRVS: 06973FFAD3 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6069001)(376002)(39860400002)(39380400002)(346002)(396003)(366004)(189003)(199004)(106356001)(68736007)(2361001)(105586002)(7736002)(4326008)(2351001)(53416004)(86362001)(575784001)(76506005)(5660300001)(606006)(50466002)(47776003)(6666003)(48376002)(81166006)(81156014)(66066001)(478600001)(6486002)(6306002)(25786009)(8676002)(6916009)(6116002)(3846002)(8936002)(1076002)(97736004)(50226002)(236005)(386003)(59450400001)(54906003)(51416003)(298455003)(76176011)(36756003)(52116002)(7696005)(53936002)(316002)(16586007)(476003)(956004)(2616005)(11346002)(446003)(44832011)(486006)(2906002)(16526019)(186003)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB2461; H:localhost-010236106000.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB2461; 23:PkjQrvA2k7kv1UebHSN0nSWkO3k1CKrfja9dRNs7j?= =?us-ascii?Q?0HBfJDhpf/em2ef3a+cl0pG/GhB0MUiSdiX6zbgUDV7AUoMijJxvsfQDhqB+?= =?us-ascii?Q?6OgjX6LU8FXHkg7P27+UvFkqabD6P7Hhoqf49qwk3mGVnVnexses4J7cOc2s?= =?us-ascii?Q?pDE39XB/U4iDJQqmHDCWaJbp7Ad+KRQ8hc4wHvVXWRKo6TfoGo4r7ClWRTQc?= =?us-ascii?Q?Jdba1rCiGeZl/rjnzBDcR0/rsODlkqWk6+eI+2HbgwwsuL5s2zoPr3Q6x4mA?= =?us-ascii?Q?w62qbH3cZEyxxwFcRURQ4UDsG4zHhRmWuvckEJHEaWY2gKMOFABd0ylmr7Aw?= =?us-ascii?Q?wWLu4jZ/f57hn1t6SOX1Imi4Y3M49340w/NmlVLhhTi9HRLN89mNKUoZLy6E?= =?us-ascii?Q?A44uyjtk80tcSsEnlqn1dxE+ES1s2LklArteLAQDzaWZgJoaejaTdX0AavRe?= =?us-ascii?Q?/45gu1T2/VAFWsuFEQaHu1m/2k9RVIZD9Cahw9QY2m0NGRig8OHkCVWs+W+L?= =?us-ascii?Q?eFxnHuqR3DYIJzaRQu8TtRkZ0LRcxsTf4YSREFBqShgR1p7VkSCtQbTGyyXe?= =?us-ascii?Q?FwZylkZ9tZu6q5V7SCVQIPR7aODtHtpX/txQT2fwAjm7YWfoia2zOI4IdX/P?= =?us-ascii?Q?t75duxIJGYHXCxXEwMD/jZwSLtlQrnjoKq6tUqhPRk7y/+fhpDJCABkF8nEK?= =?us-ascii?Q?hdu+BaGbYu9pH4kttrHKEfsr+qkW+3zIzW1HmZoYOh6fC1W9JPXwbt+2c7/V?= =?us-ascii?Q?5yVQc7VV/wJeNkTCPxJO92lJ+zbyJ8adyiyatkVdUm5Gw+BgLqPha0v3d9pZ?= =?us-ascii?Q?PyjHUopoyeqnA42VGra58oMoq2+lboAwdQEVvgQILEYOlfXtcU+eRXJLnVQy?= =?us-ascii?Q?XtHnbHU87ORg8lP3t1i+NyOsSxRSKcOWEYXbPVw/M5LDTYVH3dExqfcQ9FjT?= =?us-ascii?Q?ik25JrvOVmlvnOqBk1NhMYrXZIbNFV54MWU5+EzJaqFZHb1WWjFJvL5k675e?= =?us-ascii?Q?QSdn47CVBN5E+/ISQJmjGLhcxmX1TUhotzMGQu9Zcz7ewPp/aAwyOFCeJmyT?= =?us-ascii?Q?olDWLkIZbAV9FhiJZXQRNxDiXVmbgSukbB9pj6cj7/cwGMSz9YrMR1QY8tFU?= =?us-ascii?Q?DOu+18NVM9jg/UAVKKCEyaVcNkRBsKGPNvdRBSncvbTVLkqAuLy0GGcLmBRZ?= =?us-ascii?Q?fxumbf59KtjeQwZ7hybS9hPC1pthVQ4UuazWNniGPh2PlFxKofbUWGVZrRZp?= =?us-ascii?Q?IFq6OSJCY9VGCaIRXRpIXGbQ20olBTD+DYeEojz11Af854aQYYG6P4mEgBBY?= =?us-ascii?Q?SG4qMz5LipWdHpWr7vdN8tsbsV+GMkDNEf78RGs8c6yD0VXGwMA4m8GHAhZH?= =?us-ascii?Q?Yqzs4Umvt+N0RzI0wIthVrHSFFx+QBglMQ619xQ+YJLp6GinJu8SpDyivtMn?= =?us-ascii?Q?QzQWYlubA=3D=3D?= X-Microsoft-Antispam-Message-Info: ZZEXtAbTRtu2qvONgPGHFRhfoiEUaAhdH+iiV6EeoH1O9Omu2/nb7iEvE122F1kI/jUj5pAcEF1PvTNBMisGFAWn/lU01Xk+rj3uS7+hg+q3GyGekB81D91mggZWoOyJhJUwjhErfSdHT89rRMIr9hczo92vhRqK94HlU2zd2l3Nu+pEW10+DOf3eghqC4uh X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 6:uG+Y85UYhwZKJnoHo6V1jLdlNN6xB3uBdDtdJx+SbD2Wv9hIznmE/G/OtomHkg3MdiRprPBFDOqC3CGAfWGEp4NjEy6OLduPtjRwuvmT9j91WOsGlMNiUhvrnWS3DEe6/abDkOH/jEOmmGnxMEDjYerPVTA7SCzq3JR+KYwghvOimIEUviwZ0Q3ZJIMxi5l7SG309B4311DCFo5+l4ozQpJ0abktAAy4vgVSDD/oUtNkI196XMq/jNr252TtV/tMMwpBIsNUCGRuiwvmt8+zY+eb165rwnTOC6sEE45DCM4kOv/VonDCwUAobk8Mnpr4R2nXBbiY4tlTMyXmrDbAwRM+8Odbg8046khSwr5OqgdltngguYUdixKvN8CFQP+aItyLOKc7ic60IW9MI9OD3JvA/LHf/8n83GGnhrs8XiEYkes3+cuYxqpUg06619+xUxCl9cgwFXPT8KP/gMZ34Q==; 5:YhO4TQSWNt8/js+lnwBW0/X+QTB0um3zddja5hrxKGIt8d6ApawQYH7iDJ1BQU0+3SNkoPoy8QXpZq4dB211Ks8eJ66L1XWPoez03lYta5aV99loQjW0/Rm3chE95jw2AEHt/5dYLXsPVaBwvnDSBppdmzP0eoE1NIcnMTz7cAQ=; 24:Icv7WsNFelYm2JE5zz4Ueyjdb/3WwpCeTgjBcLAKhBjeV+cpGdJvbInw4jDxPZSS6ZO+mOM8vebi2b/t2lUSwlpqCNm/FEf/yU2OWRo1fTw= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 7:WEM1d1dtCqfT5/Ud+MnfPnWpdUJAOz/n1028vs8EHsVvCuW8ZexmtdZq82a8p+uiDWj5mkME9zfWAyQ25Ck1oi3HgR/st7gYSRbolx/MmvcXIphG60GK7QjwApy2oldQfFkbp89Ce0rnGqqyb6Vhi9+Lw84t5dnqpV4HASmJl+KBWNyDmcLbJp4oqkgdox4/mVpjF6KFzNVgZoDEjdTfJ9SWIS0zHtqqdcIctBSGIgP0RhUV7JwEPBlfpDQq7vSJ; 20:CXZ2ZEkPMMINTWVDT+twU5klVeFxu2PjSM35k0f/qm4FFzZe1cgqy4Z36lXZk5OMa0UCVgam86+uLZ6FAM2ZQr0iFqTrCjn1P3zVzVR5AfRLXZoE/CBXxT1/4+D+yi3gronC9I+JyKi8AWiF1TvYoO84LcbI7ovkfm613QuebbZ0/XmNkR7eRCQ53RaW866QtQF39UnUE+ZMCz3MoD/BlAB2haYIkaeVECF9tkZnFiW2zkEUSI7/nyJWXxehBT2B X-MS-Office365-Filtering-Correlation-Id: 32ff650b-df38-49e0-9727-08d5cd4deb8a X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jun 2018 14:41:28.8866 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 32ff650b-df38-49e0-9727-08d5cd4deb8a X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2461 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 08 Jun 2018 14:41:36 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 08 Jun 2018 14:41:36 +0000 (UTC) for IP:'104.47.40.47' DOMAIN:'mail-co1nam03on0047.outbound.protection.outlook.com' HELO:'NAM03-CO1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.021 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.40.47 mail-co1nam03on0047.outbound.protection.outlook.com 104.47.40.47 mail-co1nam03on0047.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.39 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Jon Grimm , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v9 02/11] conf: expose SEV feature in domain capabilities X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Fri, 08 Jun 2018 14:43:07 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Extend hypervisor capabilities to include sev feature. When available, hypervisor supports launching an encrypted VM on AMD platform. The sev feature tag provides additional details like Platform Diffie-Hellman (PDH) key and certificate chain which can be used by the guest owner to establish a cryptographic session with the SEV firmware to negotiate keys used for attestation or to provide secret during launch. Signed-off-by: Brijesh Singh Reviewed-by: Erik Skultety --- docs/formatdomaincaps.html.in | 30 +++++++++++++++++++++++++++ docs/schemas/domaincaps.rng | 14 +++++++++++++ src/conf/domain_capabilities.c | 18 +++++++++++++++++ src/conf/domain_capabilities.h | 1 + src/qemu/qemu_capabilities.c | 46 ++++++++++++++++++++++++++++++++++++++= +++- 5 files changed, 108 insertions(+), 1 deletion(-) diff --git a/docs/formatdomaincaps.html.in b/docs/formatdomaincaps.html.in index e0814cb..6be553a 100644 --- a/docs/formatdomaincaps.html.in +++ b/docs/formatdomaincaps.html.in @@ -435,6 +435,10 @@ </gic> <vmcoreinfo supported=3D'yes'/> <genid supported=3D'yes'/> + <sev> + <cbitpos>47</cbitpos> + <reduced-phys-bits>1</reduced-phys-bits> + </sev> </features> </domainCapabilities> @@ -467,5 +471,31 @@ =20

Reports whether the genid feature can be used by the domain.

=20 +

SEV capabilities

+ +

AMD Secure Encrypted Virtualization (SEV) capabilities are exposed = under + the sev element. + SEV is an extension to the AMD-V architecture which supports running + virtual machines (VMs) under the control of a hypervisor. When support= ed, + guest owner can create a VM whose memory contents will be transparently + encrypted with a key unique to that VM.

+ +

+ For more details on SEV feature see: + + SEV API spec and \n"); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "%d\n", sev->cbitpos); + virBufferAsprintf(buf, "%d\n", + sev->reduced_phys_bits); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "\n"); +} + =20 char * virDomainCapsFormat(virDomainCapsPtr const caps) @@ -600,6 +617,7 @@ virDomainCapsFormat(virDomainCapsPtr const caps) =20 virBufferAsprintf(&buf, "\n", caps->genid ? "yes" : "no"); + virDomainCapsFeatureSEVFormat(&buf, caps->sev); =20 virBufferAdjustIndent(&buf, -2); virBufferAddLit(&buf, "\n"); diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 56c1903..755de13 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -169,6 +169,7 @@ struct _virDomainCaps { virDomainCapsFeatureGIC gic; bool vmcoreinfo; bool genid; + virSEVCapabilityPtr sev; /* add new domain features here */ }; =20 diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 8b3ffe1..1803ed9 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -5157,6 +5157,48 @@ virQEMUCapsFillDomainFeatureGICCaps(virQEMUCapsPtr q= emuCaps, } =20 =20 +/** + * virQEMUCapsFillDomainFeatureSEVCaps: + * @qemuCaps: QEMU capabilities + * @domCaps: domain capabilities + * + * Take the information about SEV capabilities that has been obtained + * using the 'query-sev-capabilities' QMP command and stored in @qemuCaps + * and convert it to a form suitable for @domCaps. + * + * Returns: 0 on success, -1 on failure + */ +static int +virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCapsPtr qemuCaps, + virDomainCapsPtr domCaps) +{ + virSEVCapability *sev; + virSEVCapability *cap =3D qemuCaps->sevCapabilities; + int ret =3D -1; + + if (!cap) + return 0; + + if (VIR_ALLOC(sev) < 0) + return -1; + + if (VIR_STRDUP(sev->pdh, cap->pdh) < 0) + goto cleanup; + + if (VIR_STRDUP(sev->cert_chain, cap->cert_chain) < 0) + goto cleanup; + + sev->cbitpos =3D cap->cbitpos; + sev->reduced_phys_bits =3D cap->reduced_phys_bits; + VIR_STEAL_PTR(domCaps->sev, sev); + + ret =3D 0; + cleanup: + virSEVCapabilitiesFree(sev); + return ret; +} + + int virQEMUCapsFillDomainCaps(virCapsPtr caps, virDomainCapsPtr domCaps, @@ -5194,8 +5236,10 @@ virQEMUCapsFillDomainCaps(virCapsPtr caps, virQEMUCapsFillDomainDeviceGraphicsCaps(qemuCaps, graphics) < 0 || virQEMUCapsFillDomainDeviceVideoCaps(qemuCaps, video) < 0 || virQEMUCapsFillDomainDeviceHostdevCaps(qemuCaps, hostdev) < 0 || - virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps) < 0) + virQEMUCapsFillDomainFeatureGICCaps(qemuCaps, domCaps) < 0 || + virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps) < 0) return -1; + return 0; } =20 --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri Apr 19 08:33:22 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1528468993942586.9836865178092; Fri, 8 Jun 2018 07:43:13 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CBA173082133; Fri, 8 Jun 2018 14:43:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9636B2016361; Fri, 8 Jun 2018 14:43:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 482251800FD8; Fri, 8 Jun 2018 14:43:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w58EfeXx026257 for ; Fri, 8 Jun 2018 10:41:40 -0400 Received: by smtp.corp.redhat.com (Postfix) id 12B1E10694C5; Fri, 8 Jun 2018 14:41:40 +0000 (UTC) Received: from mx1.redhat.com (ext-mx12.extmail.prod.ext.phx2.redhat.com [10.5.110.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0730C1001646 for ; Fri, 8 Jun 2018 14:41:37 +0000 (UTC) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0052.outbound.protection.outlook.com [104.47.40.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 92DC3308A95E for ; Fri, 8 Jun 2018 14:41:36 +0000 (UTC) Received: from localhost-010236106000.amd.com (165.204.78.1) by SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.841.13; Fri, 8 Jun 2018 14:41:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+T+fZDxQwgfJmUajO2HMGFou8mmE1G3Fz2Rj6CHqvow=; b=lYJ6FG84u5tdKc7JLBQ0J2dvgA5szXuni5UTYRwe4qdwryJArqKlHaFzeBcVKQU9mEvmPh8Fz33Dw6J9OaAERJYZM3XqbU77EpwRGj7wXte0aFNH5suALa9gW5OHe2Fg3DA69T0EXnnncAE0f5o3hNM7cWJP7DnLRnyP/QvLzao= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Fri, 8 Jun 2018 09:40:53 -0500 Message-Id: <20180608144101.34228-4-brijesh.singh@amd.com> In-Reply-To: <20180608144101.34228-1-brijesh.singh@amd.com> References: <20180608144101.34228-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0133.namprd05.prod.outlook.com (2603:10b6:803:2c::11) To SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN1PR12MB2461; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 3:LA+68oHiPLXd7csw2dIuK/LwMUxEli1zVYBCDFVuvx2ZSuP+SM5z3Rla2CfP08BAvOqtRLLuHocb/jolsuQPXmFUuHNnX2dcfOurcWjQCI8LwY6WH090vDjA/d+pJOyD75yE2WgN/HZ7OJZg/kCct/PAdke6HyfwliZXShLaU/GTg8cAQV3Hp1XhlI21nAEYfFlBXOGwDchkbeNL5BJXS8iMkMQkj4c29tV1mtLmaYNn4lCjBLor6RYEhXHdlCOq; 25:oBTR6JrDFpWTKRe2gvS/1QqW/W6vfjkLGCT+YgOPTPbMEi1gjEF7S74Q+bEdlelEIClEi16zO6oyUhFwLDJAn7+WRI9saKNHpgL2mhxqMVha1xK3TpscSHk8SRSiuxlllPru6O/EDV+D0p+wcCJETJTz3+rglqokUb9RfOxB8qd2jt2qExjc+cMAv6JD3eMJlrpehxHFnDfzaA3HmU7IKLzZx0ofGsJRtilyYRoZgIucS8RGCHmTBdotTceJf6pgYOG6WQkMnbknMEJDhLNWD3++fUi8JFsug+vYcBfzlX/x3ZPzfzMLFflfGOubfsGwIg34mSNFfhR/kVG1Tbc38g==; 31:awOPvPPxEaTZF+W+46zppmEG2Li+PRX8CkJu1jN/WDiB8xzSbSYyv2Zdt1TR8Nt1sZnN/a+YYELW5v99I4tMOuoz68brpfCHaJXJXq74vKqzsWlWYIMJsk/9EuaMzwMT+HPMT9VN8rLGpL7xCjJzoeZKtxILgyJHrLYQ2vw5+WNBXBUOSQN2mbwHEgmcAwqKwbhGdk//6Q8iq/7vA4rvosSCZjhLIbwOaIC8dDH/HK4= X-MS-TrafficTypeDiagnostic: SN1PR12MB2461: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 20:jRx6xFdtgoKCNWc5PeWRMqfSBqvIYV0bFZO1zx185v9SBbRgTpHEfkN7PjRWRSzmtedk5o27Fx4Ohdu5uUoAf/caqOLO48uRNy3EBgpFAOt5YSYwjMRi+igxVdoYFM7sV0jhIrizSZJ8dpVBTNQO4s2Fr0p0/zvFWDEU62PyBvYh6VPtl/n3CGAPJMl4qvwJAMHGMUZBHz7Exgrrf0MW+M5iXl09zWp/h9kxykaBmdaj+4L/9vQmBJWryPAcn6sl60G6c+M9eRBo9hdKuVrg3C8AxTp0Jy0bOHrpQwt8Ku/IF3+v/4gWyZjXj/84yP3+ZAPzbj8+jSau5MDf4q0jOD2JougA5Jy4R+UmLXQITDRtJeA5TmTCan+msmLpO6I2rc0o5usTqRwdYXpYMeucvzs7XtV91jMY3Dja8Kv8Eo6nFo5SNzM2zwSN5oD/J1UiRHHp0B+HLqPasaooOaF2l6G9OnWfcYXee882pkpQFmLoIfgOyXUiwZabuE+rbnY5; 4:Qy8/8ygNCwxPUqXpaWK3rh+zTaoY3rFlV7Y2HKiEPdnGK0nOxFLwG/EegnAslGKN1dboMJ3cv2FEgkjiE9W29Qfwwim40Z891ZpZd9M1bzpqy2QcljfuJMIanL/kBS9ey8CsDJRD9srD09jEMH3AR48L5hMYlmJgYRK8a5sTo0Cq2Z6ZNws29ML7wOMOxwV3JMJ+5dYUo2nbR6SUwAU09A2M7Vc7Hnc4r4eXExhjHRSCr+A08HWveaBO89DM6Fwyrcy1WVFsC2OinvKedsoXsrf8Bl7r7n429wKU27lr9S39KzBKJ2L+VuqXSc7IcAnd X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:SN1PR12MB2461; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB2461; X-Forefront-PRVS: 06973FFAD3 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6069001)(376002)(39860400002)(39380400002)(346002)(396003)(366004)(189003)(199004)(106356001)(68736007)(2361001)(105586002)(305945005)(7736002)(4326008)(2351001)(53416004)(86362001)(76506005)(5660300001)(50466002)(47776003)(6666003)(48376002)(81166006)(81156014)(66066001)(478600001)(6486002)(25786009)(8676002)(6916009)(6116002)(3846002)(8936002)(1076002)(97736004)(50226002)(386003)(59450400001)(54906003)(51416003)(76176011)(36756003)(52116002)(7696005)(53936002)(316002)(16586007)(476003)(956004)(2616005)(11346002)(446003)(44832011)(486006)(2906002)(16526019)(186003)(26005)(145543001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB2461; H:localhost-010236106000.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB2461; 23:E1ucxtm2Q1zSXdhcfzhHLjXq5PW1zaFtu+kLhpwCN?= =?us-ascii?Q?JZpPrI6KVQBb/YUFGyFglCEYzZOmtxnN69PDrzqhuSvRvneQ87lwavQvDEIB?= =?us-ascii?Q?8pL40aTrj2nQxX3Icj6ZhYnWH+Y8B9PcI2VSOn6MD7OSPu5+H65GKHTmqqQB?= =?us-ascii?Q?/ErymmVhywREKL6oftyYtZ43CXWPbxd31drsm8uNehEbOhfs7atI7WgAOB0a?= =?us-ascii?Q?jt5yxbkPYyirVou7nkkTWPmCwSu18vfK1lkSr0VIVoX2atTwZI3+n9iklUQM?= =?us-ascii?Q?ESJtfVx68vUFML7wwmeNA8rsrpVJRlGc4Q+bI0geiXZ1vkn5weBrmEx2pQ87?= =?us-ascii?Q?q8lfXhvHXwuhyiNLE3TlO/yNwAokUHmiKELg3xyqhASx+N7pbU3Sxp63ofMK?= =?us-ascii?Q?WuG5WLc4o61VlFYe9fL1i/wM761RJjl5ixA97WA5a8PqiszgxATc3rVJLdqT?= =?us-ascii?Q?SQ0ZZCHipM7XPbYzW8I9LeDySyGHFT8b2n+eeYEw9++RvlmBpsb1sHJk9D+V?= =?us-ascii?Q?tmaGm14ivjkoYezVY8LljFJ3eEypu3UzktZJrqap7LtKLJSwvQPWDzihVeYL?= =?us-ascii?Q?kULCfGkS7WAINFSPCkViQzfzOzWb4LgQOgbDXErg9eDJBl0D5ENLruR8ST/2?= =?us-ascii?Q?WIht9NBZ+e0LozXS+ZpZJ414BEArcUzte4pur7bxs0oVNZ6qidxuafeFjnDJ?= =?us-ascii?Q?3jteMQxtrmUbk+b+72rFrAa2p3eh2ZTPJL3Gp6q5eIRys1J3i+YmtBJDu59Q?= =?us-ascii?Q?Q6BzX5VPH4DDxGC9eB5elZYsTSyqrshRLRMO2kXv36CkhKlY2JY4UD5Stm+d?= =?us-ascii?Q?YXiH8cwLIvnGddsmuHXccgJaDMqAi0Pud7w6PE3YlmizrvEVml93QzwHd83f?= =?us-ascii?Q?RCEZbecR5aQFWSqTpmh2khU7nfpjt1/BgiRmFaJVlmvXpB+iA3AgJ0PB2ok2?= =?us-ascii?Q?71e6CuhR5D8YZpfKvaZafU/CKUvrdzrRCSOO2s5z4MFZSBqfChHeevZjiI7H?= =?us-ascii?Q?77ro6cyxlwZvRGwpwzInkg6U4gd6XMw2ClYL1Qe/M7GrD+wEZf6eJnTg4BnJ?= =?us-ascii?Q?g1yLqQ8zEQxa9CX76a5PbLcxHYfTjyjiZ/l6LYaytbZsVEYkid9A/1O42W4+?= =?us-ascii?Q?Dynq9KWLiLVLLAN/DS6NWZLRAZXU4LRoTABAXcmE4pP+nmK+ui4U0iH/Nfzy?= =?us-ascii?Q?AxVSHnwEylvHL06O0sqz2OX/U/R8JZhIAn9UmLWvLHSGAB3DNj8XsYx+fYhz?= =?us-ascii?Q?/n2TUUVVY0zdqisikDphJzyGfnc1qgmEki0q0KpoWXq0GveuYMoEB6stEycX?= =?us-ascii?Q?FRGKaf5QDSxRcaW20KlOXE8fD6z/88g4DbUQ4QLT8h1yhrBwQZchaber9ogj?= =?us-ascii?Q?qGKIeAr4C984eFQpK0FHRji5Dw=3D?= X-Microsoft-Antispam-Message-Info: sPJ6EEXVy0ow50AfSyegf+xTTSHCJ3avH7vxDEX1+maFVfU4Sd1ulphy6JnStNf2ENSBHeQxFRuNNK0/sKEDowhf10leAn+SU0Xql9RvdyZXKeuiVAwNPqVO8l8yQ8EO+0NW3kT2Mf/lPyJj6ILJvL1dq0G9eRWRfuoWZQugjC04So7Lj5j5XquDAtAxpvHp X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 6:ZWkrwFBc7qae+1l0weVaWhoTHdRVV1sqalR71FLz+pyGPWTGitC09UHxkdbmviIOPvneqIRtd8NzZKVXAxDbZBdwrRNHlNO6Ds/z4cxDm2CkjIKgK9yrtncKu1iAzeTMup8a9dbm9O92s/qlY0735b6cxyAMoosHPGsuraP4rZor0B9JZmhu6KIjJ0LpUVqEVSXAOC5xDOGRSn5QA5Sm+EkE3jx2WiboQqiKowFGTNNCsDJdJ+aS35NNtjBum5ksx0MynQ6vWVc08PcNse/io3g1kb0UxsRtjy5KzdnrW5XA56Q+Pe50RcGJUZ9lQezylf2QW53HY47pSgq9WvzZvT7cFgzANkseoxk5pBEQWa3kbGJtJfssSr2uiFAV1r9mf1TNzPvwOtumRD+B73CSk5R4Py1h+rVFv81mNR5GscO/FnywQAscNGyM88Nop0pG8VY0TrfPpYszWCI2WUAdYg==; 5:OLWkAKJD2p/9OMtEWcpI29GNABxY/a7KyChfaoWVUPjtEBm59GW6wZBY6Fda9Cdj7tMq4nKRqu3NYWt1jaMnZauxtVOPBpOPUSHMdSF76ETTjhEIlTtde4ZWdIY3XFso3m54y5k5rQS4NF065I5L6HAZidFBtYeu+5Cu6MCqHyQ=; 24:YBcNq5Y4JdYCRAr24O4CnK+O84Lk6GL50jwNTVevO0DWbcG7FhItDsmVgRkbg6E0+82sF/lkmipkmuly2rmopYyZEYTvXlrOGPXWKDnduks= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 7:cS2ORDZIGOlEFK3gYXE5vruoZWp0ZUpUZp+Gk1ZJP0DXMMfpuINoknUxR4q3n120Ejeha6xEcqvV6YTWk6IBT1H8rjXAB1UqoZ8ZlNrtGhvYHQi2qfbHH1zKLRnNf8Nhl8R8Ymc8/sRFD6OWjB1ht0msKJbTKgdB4LTyWZykUVi2Ied9EFXCAW3S1m0LuqXd4eLZ4Cs+IElpASXyci52a6iX4XOogW8t6iIzFF2hSNXU6yoWvHRNWU4nZIyhyB7G; 20:tEzQgJJ7ynwslWz8f8Z0d+fJRJEKI08/n5q/EAIsPctpTuasQ7vqSIGhSleq4AUrzldCO5sFLu3splQMN4zVyC0Wl2hHw2Oz99AG4L33K3eI1aDHKvaU8jG9WDnobCiMdPDhLCqV+QLwXT+JyivOAebpjTHEH01YV3Nl6EvqB9l3hagYPH0FX8lU+9sfBDQ0LA/TgNeatWrCiuy3G9yEbQBQ0J/bmHuytFOuXOA1fTAfH9OC1X5/gVz+HPfUMjNr X-MS-Office365-Filtering-Correlation-Id: a7e19426-d8ab-4cf3-3297-08d5cd4debdd X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jun 2018 14:41:29.4269 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a7e19426-d8ab-4cf3-3297-08d5cd4debdd X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2461 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 08 Jun 2018 14:41:36 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 08 Jun 2018 14:41:36 +0000 (UTC) for IP:'104.47.40.52' DOMAIN:'mail-co1nam03on0052.outbound.protection.outlook.com' HELO:'NAM03-CO1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.021 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.40.52 mail-co1nam03on0052.outbound.protection.outlook.com 104.47.40.52 mail-co1nam03on0052.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.41 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Jon Grimm , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v9 03/11] libvirt: Introduce virNodeGetSEVInfo public API X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Fri, 08 Jun 2018 14:43:13 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The API can be used by application to retrieve the Platform Diffie-Hellman Key and Platform Certificate chain. Signed-off-by: Brijesh Singh Reviewed-by: Erik Skultety --- include/libvirt/libvirt-host.h | 42 ++++++++++++++++++++++++++++++++++++ src/driver-hypervisor.h | 6 ++++++ src/libvirt-host.c | 49 ++++++++++++++++++++++++++++++++++++++= ++++ src/libvirt_public.syms | 1 + 4 files changed, 98 insertions(+) diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h index 84f4858..a04d669 100644 --- a/include/libvirt/libvirt-host.h +++ b/include/libvirt/libvirt-host.h @@ -432,6 +432,48 @@ typedef virNodeCPUStats *virNodeCPUStatsPtr; =20 typedef virNodeMemoryStats *virNodeMemoryStatsPtr; =20 + +/** + * + * SEV Parameters + */ + +/** + * VIR_NODE_SEV_PDH: + * + * Macro represents the Platform Diffie-Hellman key, as VIR_TYPED_PARAMS_S= TRING. + */ +# define VIR_NODE_SEV_PDH "pdh" + +/** + * VIR_NODE_SEV_CERT_CHAIN: + * + * Macro represents the platform certificate chain that includes the platf= orm + * endorsement key (PEK), owner certificate authority (OCD) and chip + * endorsement key (CEK), as VIR_TYPED_PARAMS_STRING. + */ +# define VIR_NODE_SEV_CERT_CHAIN "cert-chain" + +/** + * VIR_NODE_SEV_CBITPOS: + * + * Macro represents the CBit Position used by hypervisor when SEV is enabl= ed. + */ +# define VIR_NODE_SEV_CBITPOS "cbitpos" + +/** + * VIR_NODE_SEV_REDUCED_PHYS_BITS: + * + * Macro represents the number of bits we lose in physical address space + * when SEV is enabled in the guest. + */ +# define VIR_NODE_SEV_REDUCED_PHYS_BITS "reduced-phys-bits" + +int virNodeGetSEVInfo (virConnectPtr conn, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags); + /** * virConnectFlags * diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h index aa99cbb..c50d2a0 100644 --- a/src/driver-hypervisor.h +++ b/src/driver-hypervisor.h @@ -1309,6 +1309,11 @@ typedef int unsigned int action, unsigned int flags); =20 +typedef int +(*virDrvNodeGetSEVInfo)(virConnectPtr conn, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags); =20 typedef struct _virHypervisorDriver virHypervisorDriver; typedef virHypervisorDriver *virHypervisorDriverPtr; @@ -1558,6 +1563,7 @@ struct _virHypervisorDriver { virDrvDomainSetLifecycleAction domainSetLifecycleAction; virDrvConnectCompareHypervisorCPU connectCompareHypervisorCPU; virDrvConnectBaselineHypervisorCPU connectBaselineHypervisorCPU; + virDrvNodeGetSEVInfo nodeGetSEVInfo; }; =20 =20 diff --git a/src/libvirt-host.c b/src/libvirt-host.c index 3aaf558..e20d6ee 100644 --- a/src/libvirt-host.c +++ b/src/libvirt-host.c @@ -1639,3 +1639,52 @@ virNodeAllocPages(virConnectPtr conn, virDispatchError(conn); return -1; } + + +/* + * virNodeGetSEVInfo: + * @conn: pointer to the hypervisor connection + * @params: where to store SEV information + * @nparams: pointer to number of SEV parameters returned in @params + * @flags: extra flags; not used yet, so callers should always pass 0 + * + * If hypervisor supports AMD's SEV feature, then @params will contain var= ious + * platform specific information like PDH and certificate chain. Caller is + * responsible for freeing @params. + * + * Returns 0 in case of success, and -1 in case of failure. + */ +int +virNodeGetSEVInfo(virConnectPtr conn, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags) +{ + VIR_DEBUG("conn=3D%p, params=3D%p, nparams=3D%p, flags=3D0x%x", + conn, params, nparams, flags); + + virResetLastError(); + + virCheckConnectReturn(conn, -1); + virCheckNonNullArgGoto(nparams, error); + virCheckNonNegativeArgGoto(*nparams, error); + virCheckReadOnlyGoto(conn->flags, error); + + if (VIR_DRV_SUPPORTS_FEATURE(conn->driver, conn, + VIR_DRV_FEATURE_TYPED_PARAM_STRING)) + flags |=3D VIR_TYPED_PARAM_STRING_OKAY; + + if (conn->driver->nodeGetSEVInfo) { + int ret; + ret =3D conn->driver->nodeGetSEVInfo(conn, params, nparams, flags); + if (ret < 0) + goto error; + return ret; + } + + virReportUnsupportedError(); + + error: + virDispatchError(conn); + return -1; +} diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index 4f54b84..524d5fd 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -796,6 +796,7 @@ LIBVIRT_4.5.0 { global: virGetLastErrorCode; virGetLastErrorDomain; + virNodeGetSEVInfo; } LIBVIRT_4.4.0; =20 # .... define new API here using predicted next version number .... --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri Apr 19 08:33:22 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1528468941474866.5118461828848; Fri, 8 Jun 2018 07:42:21 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 75C9F4E4C6; Fri, 8 Jun 2018 14:42:18 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 467EB3001A7A; Fri, 8 Jun 2018 14:42:18 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id EF797180BA81; Fri, 8 Jun 2018 14:42:17 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w58EffqJ026277 for ; Fri, 8 Jun 2018 10:41:41 -0400 Received: by smtp.corp.redhat.com (Postfix) id EFFB3B1A02; Fri, 8 Jun 2018 14:41:40 +0000 (UTC) Received: from mx1.redhat.com (ext-mx12.extmail.prod.ext.phx2.redhat.com [10.5.110.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E603DB1A00 for ; Fri, 8 Jun 2018 14:41:38 +0000 (UTC) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0052.outbound.protection.outlook.com [104.47.40.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C6610308A953 for ; Fri, 8 Jun 2018 14:41:37 +0000 (UTC) Received: from localhost-010236106000.amd.com (165.204.78.1) by SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.841.13; Fri, 8 Jun 2018 14:41:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4vukPUL3kJE9UeQz7ZzZx6cL9lttBT0zjgXpNWt2G+M=; b=T5g8MIHTGVAx0RVGmE++s72wrA6xktUPT6dEZ+i0Ulv5I7FHUKE/sJLE2EQNMjYZpslMTV1Lx0oPZ7E1QC3AzTErvV+xNVdfUfVDWImGX1TRPiEXiX1NOelAGPUi5krXhOs8zlTmYsNdwIVBWycNWAm1w2JgjqbYYFNRxuV9BxU= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Fri, 8 Jun 2018 09:40:54 -0500 Message-Id: <20180608144101.34228-5-brijesh.singh@amd.com> In-Reply-To: <20180608144101.34228-1-brijesh.singh@amd.com> References: <20180608144101.34228-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0133.namprd05.prod.outlook.com (2603:10b6:803:2c::11) To SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN1PR12MB2461; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 3:k6XPaX/wUYT1xxyciguqaVlOgD4VzE9ap7B8pr3Zdd61z0DZ6VidfDso4WAiZ3+lsxvSLGIJN7vX4wBFMR/43a7wBX61DIenkgwc+6SlMgPoNSH8WSlfvs9KQOifQSAky6cg4dk94VgCPOYDUxQSAZtTGDjxYHrhElAdEmIMEe3qNap2PdivMR3DKh1V1TSkLGypUJRCqUQAl5nOD/9oUFPz5+scd7Xtd5+BqE4G1Sz6YZSnyCznrGjWGQwnG0c7; 25:rinajOaXtI0mflrcmEaNAXDvOdiSzhAG+W9WiIV1jbhRfNLloja4VksK4GSOwx9lSqbDF42yFsjf29NyPMIklVs3Yl9vQR4wkE3kPSDGNwhcAeIp3a6AAGJklWRySx9oiW5MHyVDVaXM1ZpPkxqLLii2uUoS1I8vYmOZ/tgXuU7NRXshAoSqHP+pJWkZlaShu30lkZ7yMwNuPsqp0p2A1mSEfO0cb9iVmemaZJkHErTKNTYKtewUx7UbPjEbqkbgQbHV6blDCj4wNdTIGZpNJBEdh6FP0vZ2rIXbNIKy9++Epf3IXx2JtQwxCW8jndsb/lpzm8PYoj105k0HTKePfQ==; 31:cJUqGwHkGfg6/46KOKhs5+cxJnS8tQbZmIAX34GXEW/JU3BcYgKER9+qmNYNWr51r3lFuMUydXE3fnv3pxyEOrH6M1X04YEOTuT5+/N08Qmrz4qdoroEw0GLmJsqmNfusSys0aQEpRsz9bs/3j2ncIzFx5N7JjAEzNu2pXYjlrm6pWomQMC75tRqIQjVEQZkC6Mv5HZ1llMdz7h5Lspwx+N742UuotRKhKEjCNTduCQ= X-MS-TrafficTypeDiagnostic: SN1PR12MB2461: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 20:ZsfalPJz6G+HhPt02tjDijemiouRHs62nO5y+vEhtTAIqEgfX2xAeJlWIj66X2vhz3CC5oySCRrlTd0+HEIAn559BM4pGnUygAxkV/uZIHdvGwSApaeNeoOAn5csd30YaZ0K/0QLx7nRE8+1WteHkyZj2+8WaxDC/gmPILE+FLQSrXcf0LJb9gMJBKvMX9/6vB2sSuL3TR6uuJZSzvCyQbcFyptk1IsRi7P/k43Dtr5L4Ybim61S8jJRIvKxXjDaLMC2CtArdlX71fpBzllfUVod4hrfx8jw/uk2wGFeC/bvHOeidPN58OnxbcGx+OoJB+CjsVqOmTR8cUmQBwZfZ+ZwIOQm6ei6sNBgIVm/9er2FcMf/9K5QieYkAkva7bhJX3gIz6Sg9pXZ1AUVgcystsP8GrtONaC1zptnKIOol5Bw0FqTSzPd7QAIjghqljEcNACFd//v0Lulii7Wy8VsEs6zGLoZYX8ZZtvgenDdAsBAJzw3b7jWbNruZoXMpPQ; 4:zhCU9VG3rQWb3YxhrS6U4y7EE7zjkQjDZUypi3FakoSs3gMK2h8EsaQLxznmxR+nvjiUFdvrTKeLIlsDydcfx3qIOUrLy+n9fs3cHn3A8cV6C7jNtuwWpFn+LuG6CwVkMt+hFovfcKO0V/Qm5hN7VCpAijxOIzJvAB1KLVk0N5ZTL6pLQNtXZS3sNVYd9pNZfIVUJe6A+wOX4FLk2M48XmFMdAqzz1EeSfssPA29G0qjNbeUkoCgENYffkWPk0BVbUsfUuP7/uTVqfgYmtQRMNaN5PkCWIns5DC5YBQKWAbWBqgV4T3pb/vIi+oTphVGiBpk9EWuxQPvTv4K7dpBGgfSh/Cj+E28I8xSgv0t6I3Kbm/S8MZR+RW6PgeYVsfA X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(158342451672863)(767451399110)(21532816269658); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:SN1PR12MB2461; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB2461; X-Forefront-PRVS: 06973FFAD3 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6069001)(376002)(39860400002)(39380400002)(346002)(396003)(366004)(189003)(199004)(106356001)(68736007)(2361001)(105586002)(305945005)(7736002)(4326008)(2351001)(53416004)(86362001)(575784001)(76506005)(5660300001)(50466002)(47776003)(6666003)(48376002)(81166006)(81156014)(66066001)(478600001)(6486002)(25786009)(8676002)(6916009)(6116002)(3846002)(8936002)(1076002)(97736004)(50226002)(386003)(59450400001)(54906003)(51416003)(76176011)(36756003)(52116002)(7696005)(53936002)(316002)(16586007)(476003)(956004)(2616005)(11346002)(446003)(44832011)(486006)(2906002)(16526019)(186003)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB2461; H:localhost-010236106000.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB2461; 23:byDAJOpkxEFiHmNFdtpz6ywr0IYM7v7Lj3C+EH0jv?= =?us-ascii?Q?dcfLaYefXVLXP6STXtBn9id/neWifc9GIHw3drhMP3hQY9zAqh41fwk+pNak?= =?us-ascii?Q?Nvqg4PwPCbqBSVW5S1BYG/dpKXK+ef0IbI8fbkhqKNsQ6lnWuOvYJNnscjgq?= =?us-ascii?Q?nwuk92Da1GQnoBlAZZwK1ZvoeU9qCiz57yNshQhgqq3vdR59H4PUJc+BAA3a?= =?us-ascii?Q?catMb7JtlU6igg28PQeapQOc4dhzvVB+iZFsCqElaMIM3UumOFml0JcWeiYI?= =?us-ascii?Q?wQOPwoJE8dXtm0FmPUrx1dbd3pgokKTnGxGpHFaJ8VpE9W9gXGnxKKQFfN3i?= =?us-ascii?Q?4wev1PQxy7LUvupYTnrBoFUMaazQTtNoJcyAV5HKZCjN4WysFuwxgwbMS8Mj?= =?us-ascii?Q?uLhXUY3sR2FU+m2YT6EI8vJgrb7oNwpyQVAUynGeVR9DTeYchC5oe18tOdgc?= =?us-ascii?Q?8GUvwnFr0Cqt66TZTN8FylIhsVHyyNcYmw/Ovv1w4QehFaDr960TDYlxT15M?= =?us-ascii?Q?LM3bHjS4rOkLlw4Lv5v7mivzoBef8KwtGiUQc+4VNXghdOEjtp/BbupNZWW5?= =?us-ascii?Q?O+MlFzAyD6jmm3bSUoRWjWj1KUOIz79fYvR9cbinuAjrS6FHFTj0WrJb01Tt?= =?us-ascii?Q?UQVnSR4FBQHUOMXqAGdXZBV+ZdRbITSOH2EnakODrGPJj+LRUnq7BF7cVCgT?= =?us-ascii?Q?2bmfVoLJSceWA0kv6JdmAbTY4sJB2i8T4696TBWag6Rm2huZw9WbIgxoAvzY?= =?us-ascii?Q?GlGnHPiU/7wa6KPmqW/8hF2BnmIL5HNsSyQMxlDzlkrdHHALVQPlg337SoBn?= =?us-ascii?Q?AQlzzg2QSji64vkBuE+QprTg5RRHfqjtxHS6Yt/Mt6C0PxAh//1Iw3uwAsUL?= =?us-ascii?Q?Aazx+/vEyq6jWcPG+ZFxO2ccTFdtTs8KCIoi+LHiv7c1zlf3rFg3VNtA8iwj?= =?us-ascii?Q?zY7e8sLyiBwPSUnItVo4YqaHmAPINbqVHq36EnAqVXSUt6WkFOrTeepZbAD+?= =?us-ascii?Q?KZspNS28OdpAmhHlDFczwE0LwFWjjbZcGkdPGx88SdMgzJcXVZII0BBs/KVp?= =?us-ascii?Q?GhDXpUIMDq+f0A33i23Eq3wlTcryh+0+xVtydlDGJMJh1CCMaNE5Vkc345pe?= =?us-ascii?Q?3EqWQgqOn1hfwcgGLfZS8q0TF7c6fxNQIp8ql6zzB/N4fL18yF/PuvD2Wbmc?= =?us-ascii?Q?LjeO7J/SVaWsWDuVtdzRJiIx2VuoFDBgLG/kpPuWf3ez/82JQE2CnkGEHZCD?= =?us-ascii?Q?jvobswz57GJ3i+ycqrCLChq49ZUPV3WXOc1kUL6a+BdJR0O5nBxBiTuMKMsv?= =?us-ascii?Q?FPykfkWtat+q6XVRd85Y8x9h0pBrr8c75qVmjHTOIqzjN0vh3gYgyx0FyUHT?= =?us-ascii?Q?Q6bvtuwUmZrPQos7B9JEEyPHnw=3D?= X-Microsoft-Antispam-Message-Info: Ww/fm65bN5zOhOtSBfV/xuGpDR4Un05UQkR2U1vpyT7o7U/6/1Yb60StKFISEU3AafpkyIeus13Vdl0IeA+FY8MOjQGTng/OUXwGBKe1WjZFhSVzF+8ry60TqKefFpoVK6T61zh4mPav84wN8nF5EJwIz7+tT8OiXM4/1/W1QrS7cK4jJadgKgJZ8vjmQtlG X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 6:HVjXTWzfPOsgkHlT1JbitdzuAPbzpyZ9qiWIYlHuwYemvkWx8W8vhCFy3m/S5AFFy6LbLNalCzfduFucIg+0B9QJqxY/9WdMBaU7UZHVe1jrisOLgSnY3nIaapmCLLDtATF6MSuNPB1vrPx1dgJTdpjbcPlxYJ0+gVSGQvA6O39WVH+8hr9lvLZeOeqAiVuhHqbl7yIZT91EI9HNVI8QlH7J0cQhUlzb5WOyQnRKdg1abBZfbTA514+CLJ041sAzoodC5Bv6dtHweiPFcgKKxvVLs7Qp2lcI3unoRGBaTxcey4bcdUfHNkWsAAhmqq0Na+zlQ7cvbZJl5+jPpFX/TE1kMbudji+l1MHBsE5t2g7RhfjuK+z69GVXzcp1Q+AzeLU3SFbMIPmzO6cwxmg3PX9bSYPCp0t8MHawpH8p+1uoiCgpPXM/qkUHYP7DDKAg2OTc1Gns9bAPmRty+pTbtA==; 5:61cqMIEVBKDu9TpEg2XcNiArA5ZXyMus1MIxdlZYK2XvxOUacZMd/U8sgsSs+MYO/rwE3Mtu8o8kuB573jylCgcLyoGJ4ifDseJaNrLfU3m0MKZjzLCFpfJGqkaUikcCmBvbMik4ydCDnnRMlNquEJJ8gwDMr2hqy7V+4z+RASo=; 24:n2nvHqokAYCE/PqQZTT+Ht6ZQEnGpXsc1qZ2V9krIxlvl0t1a2MSMblS/ZwFyqHWmUf6v9NiJhJ/CxTtvAA03Se46W2CdnCYEU3rcz5Y6fM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 7:LJcGjgrtzPSK1i4jmgjGNE32lzLuBefw+OAGaoZcl5E28YF9nuegtdfRmK+TpTaLBcCLLdWqcYBcLOEof6UnmSLzWWZkZ+BKqryU7mXS2GBaHMwRshE8oUZVgx3NXCKJbmW344nCeZUv/CRrC4Y67DYSJt8qP33FuVE3R/QoK6jY3oXbIU5zTsejgfb8whpyH9l0loOldNs2kMKXcaWerVEGQKbTllUyNNowbeRABAOF4cFMK+veilwleYc2ZJrB; 20:EfzpcHypHQF0ZCHHpvbR4B/kC3V43XL+DWuDm0xjpKbiehXseco1qDLONhB6u9uPaEw8tJ6MLWFaAlyp7ZYfrHF/nvDGKSe6NsleuKeC68GKnkzOogGbofyzcOzZjAw7d2a42o5FYBOPQafMAnHnBQnyUITu9N2FqXovkF2GoBhU7+8oihs6TKyD6b67AvGBZeU/CUamyknCqMK1nlhV7yplV6cC6OLdMDaQmEN3SlzH+w6gjWa83Kb3XpKV1k2r X-MS-Office365-Filtering-Correlation-Id: 39a6fb94-37bc-4913-e508-08d5cd4dec23 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jun 2018 14:41:29.8913 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 39a6fb94-37bc-4913-e508-08d5cd4dec23 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2461 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 08 Jun 2018 14:41:38 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 08 Jun 2018 14:41:38 +0000 (UTC) for IP:'104.47.40.52' DOMAIN:'mail-co1nam03on0052.outbound.protection.outlook.com' HELO:'NAM03-CO1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.021 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.40.52 mail-co1nam03on0052.outbound.protection.outlook.com 104.47.40.52 mail-co1nam03on0052.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.41 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Jon Grimm , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v9 04/11] remote: implement the remote protocol for virNodeGetSEVInfo() X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Fri, 08 Jun 2018 14:42:20 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Add remote support for virNodeGetSEVInfo(). Signed-off-by: Brijesh Singh Reviewed-by: Erik Skultety --- src/remote/remote_daemon_dispatch.c | 44 +++++++++++++++++++++++++++++++++= ++++ src/remote/remote_driver.c | 40 +++++++++++++++++++++++++++++++++ src/remote/remote_protocol.x | 22 ++++++++++++++++++- src/remote_protocol-structs | 12 ++++++++++ 4 files changed, 117 insertions(+), 1 deletion(-) diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon= _dispatch.c index 81d0445..959367f 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -5001,6 +5001,50 @@ remoteDispatchDomainGetDiskErrors(virNetServerPtr se= rver ATTRIBUTE_UNUSED, =20 =20 static int +remoteDispatchNodeGetSevInfo(virNetServerPtr server ATTRIBUTE_UNUSED, + virNetServerClientPtr client ATTRIBUTE_UNUSED, + virNetMessagePtr msg ATTRIBUTE_UNUSED, + virNetMessageErrorPtr rerr, + remote_node_get_sev_info_args *args, + remote_node_get_sev_info_ret *ret) +{ + virTypedParameterPtr params =3D NULL; + int nparams =3D 0; + int rv =3D -1; + struct daemonClientPrivate *priv =3D + virNetServerClientGetPrivateData(client); + + if (!priv->conn) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not ope= n")); + goto cleanup; + } + + if (virNodeGetSEVInfo(priv->conn, ¶ms, &nparams, args->flags) < 0) + goto cleanup; + + if (nparams > REMOTE_NODE_SEV_INFO_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"= )); + goto cleanup; + } + + + if (virTypedParamsSerialize(params, nparams, + (virTypedParameterRemotePtr *) &ret->param= s.params_val, + &ret->params.params_len, + args->flags) < 0) + goto cleanup; + + rv =3D 0; + + cleanup: + if (rv < 0) + virNetMessageSaveError(rerr); + virTypedParamsFree(params, nparams); + return rv; +} + + +static int remoteDispatchNodeGetMemoryParameters(virNetServerPtr server ATTRIBUTE_UNU= SED, virNetServerClientPtr client ATTRIBU= TE_UNUSED, virNetMessagePtr msg ATTRIBUTE_UNUSE= D, diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index c22993c..8ac7264 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -6775,6 +6775,45 @@ remoteNodeGetMemoryParameters(virConnectPtr conn, return rv; } =20 + +static int +remoteNodeGetSEVInfo(virConnectPtr conn, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags) +{ + int rv =3D -1; + remote_node_get_sev_info_args args; + remote_node_get_sev_info_ret ret; + struct private_data *priv =3D conn->privateData; + + remoteDriverLock(priv); + + args.flags =3D flags; + + memset(&ret, 0, sizeof(ret)); + if (call(conn, priv, 0, REMOTE_PROC_NODE_GET_SEV_INFO, + (xdrproc_t) xdr_remote_node_get_sev_info_args, (char *) &args, + (xdrproc_t) xdr_remote_node_get_sev_info_ret, (char *) &ret) = =3D=3D -1) + goto done; + + if (virTypedParamsDeserialize((virTypedParameterRemotePtr) ret.params.= params_val, + ret.params.params_len, + REMOTE_NODE_SEV_INFO_MAX, + params, + nparams) < 0) + goto cleanup; + + rv =3D 0; + + cleanup: + xdr_free((xdrproc_t) xdr_remote_node_get_sev_info_ret, (char *) &ret); + done: + remoteDriverUnlock(priv); + return rv; +} + + static int remoteNodeGetCPUMap(virConnectPtr conn, unsigned char **cpumap, @@ -8451,6 +8490,7 @@ static virHypervisorDriver hypervisor_driver =3D { .domainSetLifecycleAction =3D remoteDomainSetLifecycleAction, /* 3.9.0= */ .connectCompareHypervisorCPU =3D remoteConnectCompareHypervisorCPU, /*= 4.4.0 */ .connectBaselineHypervisorCPU =3D remoteConnectBaselineHypervisorCPU, = /* 4.4.0 */ + .nodeGetSEVInfo =3D remoteNodeGetSEVInfo, /* 4.5.0 */ }; =20 static virNetworkDriver network_driver =3D { diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index a0ab7e9..ec72afa 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -253,6 +253,9 @@ const REMOTE_DOMAIN_IP_ADDR_MAX =3D 2048; /* Upper limit on number of guest vcpu information entries */ const REMOTE_DOMAIN_GUEST_VCPU_PARAMS_MAX =3D 64; =20 +/* Upper limit on number of SEV parameters */ +const REMOTE_NODE_SEV_INFO_MAX =3D 64; + /* UUID. VIR_UUID_BUFLEN definition comes from libvirt.h */ typedef opaque remote_uuid[VIR_UUID_BUFLEN]; =20 @@ -3480,6 +3483,17 @@ struct remote_connect_baseline_hypervisor_cpu_ret { remote_nonnull_string cpu; }; =20 +struct remote_node_get_sev_info_args { + int nparams; + unsigned int flags; +}; + +struct remote_node_get_sev_info_ret { + remote_typed_param params; + int nparams; +}; + + /*----- Protocol. -----*/ =20 /* Define the program number, protocol version and procedure numbers here.= */ @@ -6187,5 +6201,11 @@ enum remote_procedure { * @generate: both * @acl: connect:write */ - REMOTE_PROC_CONNECT_BASELINE_HYPERVISOR_CPU =3D 394 + REMOTE_PROC_CONNECT_BASELINE_HYPERVISOR_CPU =3D 394, + + /** + * @generate: none + * @acl: connect:read + */ + REMOTE_PROC_NODE_GET_SEV_INFO =3D 395 }; diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs index 0c4cfc6..dfc3624 100644 --- a/src/remote_protocol-structs +++ b/src/remote_protocol-structs @@ -2907,6 +2907,17 @@ struct remote_connect_baseline_hypervisor_cpu_args { struct remote_connect_baseline_hypervisor_cpu_ret { remote_nonnull_string cpu; }; +struct remote_node_get_sev_info_args { + int nparams; + u_int flags; +}; +struct remote_node_get_sev_info_ret { + struct { + u_int params_len; + remote_typed_param * params_val; + } params; + int nparams; +}; enum remote_procedure { REMOTE_PROC_CONNECT_OPEN =3D 1, REMOTE_PROC_CONNECT_CLOSE =3D 2, @@ -3302,4 +3313,5 @@ enum remote_procedure { REMOTE_PROC_DOMAIN_DETACH_DEVICE_ALIAS =3D 392, REMOTE_PROC_CONNECT_COMPARE_HYPERVISOR_CPU =3D 393, REMOTE_PROC_CONNECT_BASELINE_HYPERVISOR_CPU =3D 394, + REMOTE_PROC_NODE_GET_SEV_INFO =3D 395, }; --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri Apr 19 08:33:22 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1528468934511401.82841782448793; Fri, 8 Jun 2018 07:42:14 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7334637E7B; Fri, 8 Jun 2018 14:42:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 25F2D6F812; Fri, 8 Jun 2018 14:42:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9A6DD1800FC1; Fri, 8 Jun 2018 14:42:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w58EfdvU026256 for ; Fri, 8 Jun 2018 10:41:39 -0400 Received: by smtp.corp.redhat.com (Postfix) id AC00816BF6; Fri, 8 Jun 2018 14:41:39 +0000 (UTC) Received: from mx1.redhat.com (ext-mx10.extmail.prod.ext.phx2.redhat.com [10.5.110.39]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A149B4529 for ; Fri, 8 Jun 2018 14:41:39 +0000 (UTC) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0047.outbound.protection.outlook.com [104.47.40.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 27B195F73A for ; Fri, 8 Jun 2018 14:41:38 +0000 (UTC) Received: from localhost-010236106000.amd.com (165.204.78.1) by SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.841.13; Fri, 8 Jun 2018 14:41:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aZiaPg3TMG/EFvSt9uI0Iyh5+VYtmzj4AItUErz7k8Q=; b=Je34ntrKP5+eqS6Oz7k2BBTvw/QoJFHdWC1E0O0SVo5rAQcUuJix6RQqs5B7uwASVhtQAmDrVeW5IcBoc5yMn1aDecSgWEYwkrr5HqFDPa30srh5lqgB/W72DIA+QWgGBSxcc9UF1PhS3UXTa58w/dvm+69w+ro3ROLa/bO8bC0= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Fri, 8 Jun 2018 09:40:55 -0500 Message-Id: <20180608144101.34228-6-brijesh.singh@amd.com> In-Reply-To: <20180608144101.34228-1-brijesh.singh@amd.com> References: <20180608144101.34228-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0133.namprd05.prod.outlook.com (2603:10b6:803:2c::11) To SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN1PR12MB2461; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 3:s3iyMbc+TwdMxE3sj7X08Azw0PUBvMB1nuGoBk+w4dmw9h92bnctKXxJLvm0YTdHgPLV1NsFxUHX96vnL8wqCkjnR9S/gIKH6eMeYi4OxorbLNMpcpIV9M3JiNyQF3hEnF7gYcASRAL1GvfzSZw6wMkv5RJSCDS5CEi9OgjgLfNchqZFkp7T2mWaFveP3fw2Ro/vpAPOqGqLQULqXizFkliqch+rsP5LcuT1yYZI5JKTOYppER3k9sqJsoDATTKX; 25:e7xrvr7sZpenBiD++Tj0ItdJWAWYapSP9Wt40urDOSEif/K8XExWhlq3DoPhb04vnzhQGHPjmyzgBijSjd3D4x1B3vQrUdWCmSJRIvs6YmNM/fh0WkuYqY/4DkBiENx5nZgu7UCOoshXN/K3BM97CsvePgldfQUEnlpSMukjoahjx4TtthxLUIqN/UR0P/1PCl2fBY9cgEwxYhh0BDOYHNxDa+qGETXlTmsJNoyEwujmfgYH8tR51lhu9Izq4oq7nUvdzodsT3Eoin5SJN460NCPVagyd6Q/gQTgtMcFmYs3ovMPZpwXQCkZPtU4xsds+e3Gbr5QrYyj/6Vuhls9MQ==; 31:4D2qmuBeRSOFVjA7+TaU6Kzka9qQAsBEoaSUPsi4WIGHPAtvJvpbm2vi2iD3o+sSbd610NVScQDePMHZni/fKqMrRomFx8ikRGtzOXgsvkziFGxc7RSNIlGE1Hr624GwFKc/lNbSqIXnnKA1j2cRdkE75zrHD0uKYw2qW4Ru0wLy6moG62jSEVMpz9gLlp4rlKEScDoanJwjZu1vWDc1p5+0mG2IR/q/GPtC3eYYwUw= X-MS-TrafficTypeDiagnostic: SN1PR12MB2461: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 20:E+boC04zPAmD/4phsGIV+05cXubm/hzyecojGjqeUStZUxsMIj0NGaY6HGLbf7d4N4Rp1Yabk5QDkm4M43mVVozy32mVteWsugjhnivx9aNNDEAbbXqolL75WkAE25MG0uFvfmBE6bEUsdjqMvZJEvs8Hq/Vr6aua2nUDLGEz7iR6BOiErOWh1JXj4jsCjNj9Gx5CUkAiGaZvlILhip22WdqSKX96PeXOsG4o8sbbJ91DOzPQafYR2bHHJ5WBqy2bhO+8QIcryJEVRRvQbokOIiMXVrLmigqkDIHvoOWmfU4EgBP5GxFMLyx2YAJyLWuOx1IgZrjexiyMkPRLILauplwlTTJabUQk9bFRkfjOOIKvnphBj/qmQ46M2ZJg9ZuyBvndc7G3syEDToQU37JtesUtA4fWEmcS+2et7laA6W9TzR9WOjnkwQTQR5MTkL2YIvcbO8SN1S68YlrnFioPHJHO6xhBWOhlOf/ImeuA934ST7xxp+l80Yd2ZyetGBQ; 4:XKvQ1Om8iTRZNmTJmCVfRSJxMAbMnO1kP0fMEFrDkEkwLAjV+N5mXRJsPa+1+WWpxcB28xYBQoVNbs3QYpnkLba6YKd0fBOCrHNnlLa68G8J+OnpjBKdl9IYWJAT/7pG9KxecK7BW6eXT2/l5twWeIDVIofgi2+1P475hUtQPTO7lL7uYzITMTkHMrOjGffnT25A7Ca5qHRlqwlJFh5T8GR7Q9Kayq11HOyLdzIicbFHpqFKJDskLCsEchhj7gdQMrxFmQPBgbrnUZOkM9jqhdbCWErp1pTXXMxCPuaN/713M7GcAzefF8okgbv/+QDs X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:SN1PR12MB2461; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB2461; X-Forefront-PRVS: 06973FFAD3 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6069001)(376002)(39860400002)(39380400002)(346002)(396003)(366004)(189003)(199004)(106356001)(68736007)(2361001)(105586002)(305945005)(7736002)(4326008)(2351001)(53416004)(86362001)(76506005)(5660300001)(50466002)(47776003)(6666003)(48376002)(81166006)(81156014)(66066001)(478600001)(6486002)(25786009)(8676002)(6916009)(6116002)(3846002)(8936002)(1076002)(97736004)(50226002)(386003)(54906003)(51416003)(76176011)(36756003)(52116002)(7696005)(53936002)(316002)(16586007)(476003)(956004)(2616005)(11346002)(446003)(44832011)(486006)(2906002)(16526019)(186003)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB2461; H:localhost-010236106000.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB2461; 23:jGtgvRYaXZDx6JTDBRNQKdPPVEVoiuM2sAG4k7UvB?= =?us-ascii?Q?eDU3GMylHJgWZCLAKCn9FGgR4XmRFIKmFYLtWN3g2ufElWRAmR4DO2FLSfCg?= =?us-ascii?Q?4fbQjhXR9uQwmET0kfJKgrQMeHsyGbu/1ZvHTAah/sFYRTHZ4JTmGWbkH9T/?= =?us-ascii?Q?8E1xmRTigH0CuqKEpSndpQ1MqfsspQ2ICHfGGywQblC+h60716BVjvYxopfB?= =?us-ascii?Q?B3qQRXkEb2dlRzkzOzIXMaWh8KVqFN8lj2jbhaA9apdaEbjpoj3OlRqk4EpA?= =?us-ascii?Q?DoECCoKj7/6O1HOHe7xmcNaE8mU/b6c3F+44VjSyb9Sv6MpRL5qZ265tmxPJ?= =?us-ascii?Q?0SkOHPnmPKFH1bXxsA3ZT7v9cH23saNI3KYLZCmumZvrDW7kHWRFJZfLsmte?= =?us-ascii?Q?/LMFuTJyUjOEiVrjlSq3V4lKkQhoX3bCrUrW+5XR/al0YY2s8DBTygFbrDXO?= =?us-ascii?Q?XqmC5jTg6bAX4JTep7wzbuuIKsK5EvXXzlEwB/GmoX8LYcVEY4IkCR23766P?= =?us-ascii?Q?to8xP6IhkyD7kLxmRhyF9JTl4XGe/F6uGz/5ptEEKKo/HychjXtauwrS47m0?= =?us-ascii?Q?cUb4ywnQv0l7VNf4eRHXdYiEuukN+Wi2fDara8D4rM5AktD3PIhdHZLAYm/j?= =?us-ascii?Q?SWa21zunBzYGd2gxDD/Ax83gk+J9zuM83D8xCZp118LezdcSsfOH3QUQdNNN?= =?us-ascii?Q?92wiAfkUziBgY/4H9N3HhXunHes6CFkuptQmmJyCKv5zKtx5iKAhnSAKAMXA?= =?us-ascii?Q?DMKmsUv0CqDpPskArk5qM4QQs3eSktwjvuvINkR2fjNBX7iRARimpAKzMMWz?= =?us-ascii?Q?586IfHM+TGAyj4X+I8dZCk7eXBDKIZNmENTnwx8d29IrCH119W4PR0Gpv7jN?= =?us-ascii?Q?K1qAsMVYyiRAc0FzpeGs0iClHQLyLYlBWDXXbqibjMlJWQWOM2hgj57AKVIj?= =?us-ascii?Q?wu/8qsFppBayFpwT/Pfw9Yosg65sgnmkMgHeL8vIeoWzegowa5uqsqfFwEJ6?= =?us-ascii?Q?QrjauNtFDr4OlgxyrQn2tAqXc5odHxqOddLTjIKK7rfpCxkOFMJmXbW2GgXg?= =?us-ascii?Q?l/aJ7MTZCQUWxY0uGw7djGJZfj7jKl7zIY533WnERZ0OgI0OVeGATJzMcRAq?= =?us-ascii?Q?TPwSPaqq3McmtVk+oYY182BrA3yw0UpKXmmNmktQxY9ZxzjyY+eLJeW9siL2?= =?us-ascii?Q?65vHCcPe/XU2nGiRCKBm+l05JNNXCUdPY0HN4MPcTCU8l7QoxD1hS5y869ry?= =?us-ascii?Q?YWPJubZ2/9TPukv0yw3JC4HC6AqSq62DDD6C6LDSkMz3AMN0+2JZP2O8qaj2?= =?us-ascii?Q?2DRRK4+hy1jYwYDmTdIAGo=3D?= X-Microsoft-Antispam-Message-Info: cBvNwv4vTvxCD1C+Sc96ycot+rggdxP77yToPG29lbC4I0RO6QyQLzhQIDGPgt8C/EW2kor2+R7VnBobf5w0mVviLFIwsuc7YdGOIwpA3IV8MRejA0Lq9Y0cXsuj2P3+tGZ2Y/x8Cg41xN6pJLN0qjFBUtGYwTlCqypwcoAyat+NmJ0PYMpPRfM9XRYafa8G X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 6:Wwkh4bQytLGqCttlEu/35FUAvik3R6UcLIeYI7teoieeM+6dRisv45mGpVqhRyQC/O/mpFJX379TLLGZBUBJ9BeRKUN3U2Ch/x6FWVDVrCvtoHxCFCokmxTSVPFbwiJ5SEaGhsKHgpWKiPH03zbV1fR78Le8BeffPV+5BrYguIjxUbtuY2YsQ5u0zYRKg0+K5GcJxVnq6Z4eD+XXd2OdrMahOUQmNl1+LRAz+FWa8kj7UXycKt2FWE6Np3LyQX8QovnQcOAz28t0eKTxVzJQV3xrpuSw6tZCmBaSym8RnY5eJdGWuKlpe0n1MIq29IZAQWYzznLCQ8l6MHayzkJXHDjXHO7icA57ywZy/THLzbRnv+RYCmAN6w4+wd2QiY/lp6M/qpjJkBzqm/iMEi6zbSP2O+SMVj+LLLVEuHU1UWKEKNz0TyxbK5JPUfcIOiCI/li38jpXERl/f5H/b+VvOQ==; 5:/Zyg2bAi3HJKLQ+iXMUh2T5eUaoe16Dy7fcmOytebdEVBXEg4+HpEzTW6Ay5XNwRXwLaaATaOsNuUqQHoNx3lh/+/72Oi0s0dJg0rRhSpdoxaUf8EWCKm1GMlLu09TD7c5eXDy/eX7B2hepLCSE6/ZQOM9zDfoX5sGOJJ6ka7M4=; 24:zlrnv67zESFt98jfSf9S7PPEqZsQEE24kZbINRkvWnMLBXOoU5OLxYJZywvWoS9+Tl/4VZmUL5CB6Z1lI8Iop5T1AL9imakRExSecOuV4tU= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 7:u4h08jNeAMQMRTYvlJKab0QQzCK/NjhDBMZJoSlFT/bqWTRvzzDA4V3Veke/uYzT8PpM8u49g0Qzh9wQJL+Yex2P3O6C57168KMAGwcSvlS8lv4PB6H4lVc+7Bup+JtmdoZUvlgsiG3OQHTv3K/TiMj79ujxzByuNdcDRJJhqlPXOg3sTmOXDxNn+HKiaHlYtKl52RTs45L6ogWuZGcWuaC73q1A6FaPe1K3ql1Rwjd4UkVFezhmOdrk6h6g6UI7; 20:gDolB5il+2JXV8aqTmzlFX/qt/N5TpY/pZeFD50+nTb+Et3GbUS0DaW1aBUuSRDpL4ECxQwC9YiaokW7dH+N9FemlvTk+XYmz6ZXJFTHyksdUdYPLHEF9gDyJdMFNxGENNkG5T2vxWiJ2lWQbDfMwjWwNl2P13daVmvtkAcdNefz8H2KUn18ZuWh6X2ex+4sNJN06evE1lpJxoxOw+4XfOLlNGgj7qhN7Tj/wXaep72h1XFBiZiN8Ta24sr0269S X-MS-Office365-Filtering-Correlation-Id: d3225bdd-ee08-4e45-3e86-08d5cd4dec84 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jun 2018 14:41:30.5217 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d3225bdd-ee08-4e45-3e86-08d5cd4dec84 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2461 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 08 Jun 2018 14:41:38 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 08 Jun 2018 14:41:38 +0000 (UTC) for IP:'104.47.40.47' DOMAIN:'mail-co1nam03on0047.outbound.protection.outlook.com' HELO:'NAM03-CO1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.021 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.40.47 mail-co1nam03on0047.outbound.protection.outlook.com 104.47.40.47 mail-co1nam03on0047.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.39 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Jon Grimm , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v9 05/11] qemu: Implement the driver backend for virNodeGetSEVInfo() X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Fri, 08 Jun 2018 14:42:14 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Signed-off-by: Brijesh Singh <> Reviewed-by: Erik Skultety --- src/qemu/qemu_capabilities.c | 7 ++++ src/qemu/qemu_capabilities.h | 4 +++ src/qemu/qemu_driver.c | 82 ++++++++++++++++++++++++++++++++++++++++= ++++ 3 files changed, 93 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 1803ed9..7a245a5 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -2094,6 +2094,13 @@ virQEMUCapsSetSEVCapabilities(virQEMUCapsPtr qemuCap= s, } =20 =20 +virSEVCapabilityPtr +virQEMUCapsGetSEVCapabilities(virQEMUCapsPtr qemuCaps) +{ + return qemuCaps->sevCapabilities; +} + + static int virQEMUCapsProbeQMPCommands(virQEMUCapsPtr qemuCaps, qemuMonitorPtr mon) diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index f80da91..3519a19 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -618,4 +618,8 @@ bool virQEMUCapsGuestIsNative(virArch host, =20 bool virQEMUCapsCPUFilterFeatures(const char *name, void *opaque); + +virSEVCapabilityPtr +virQEMUCapsGetSEVCapabilities(virQEMUCapsPtr qemuCaps); + #endif /* __QEMU_CAPABILITIES_H__*/ diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 2876987..264c47d 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -21424,6 +21424,87 @@ qemuDomainSetLifecycleAction(virDomainPtr dom, } =20 =20 +static int +qemuGetSEVInfoToParams(virQEMUCapsPtr qemuCaps, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags) +{ + int maxpar =3D 0; + int n =3D 0; + virSEVCapabilityPtr sev =3D virQEMUCapsGetSEVCapabilities(qemuCaps); + virTypedParameterPtr sevParams =3D NULL; + + virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1); + + if (virTypedParamsAddString(&sevParams, &n, &maxpar, + VIR_NODE_SEV_PDH, sev->pdh) < 0) + return -1; + + if (virTypedParamsAddString(&sevParams, &n, &maxpar, + VIR_NODE_SEV_CERT_CHAIN, sev->cert_chain) < 0) + goto cleanup; + + if (virTypedParamsAddUInt(&sevParams, &n, &maxpar, + VIR_NODE_SEV_CBITPOS, sev->cbitpos) < 0) + goto cleanup; + + if (virTypedParamsAddUInt(&sevParams, &n, &maxpar, + VIR_NODE_SEV_REDUCED_PHYS_BITS, + sev->reduced_phys_bits) < 0) + goto cleanup; + + VIR_STEAL_PTR(*params, sevParams); + *nparams =3D n; + return 0; + + cleanup: + virTypedParamsFree(sevParams, n); + return -1; +} + + +static int +qemuNodeGetSEVInfo(virConnectPtr conn, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags) +{ + virQEMUDriverPtr driver =3D conn->privateData; + virCapsPtr caps =3D NULL; + virQEMUCapsPtr qemucaps =3D NULL; + int ret =3D -1; + + if (virNodeGetSevInfoEnsureACL(conn) < 0) + return ret; + + if (!(caps =3D virQEMUDriverGetCapabilities(driver, true))) + return ret; + + qemucaps =3D virQEMUCapsCacheLookupByArch(driver->qemuCapsCache, + virArchFromHost()); + if (!qemucaps) + goto cleanup; + + if (!virQEMUCapsGet(qemucaps, QEMU_CAPS_SEV_GUEST)) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("QEMU does not support SEV guest")); + goto cleanup; + } + + if (qemuGetSEVInfoToParams(qemucaps, params, nparams, flags) < 0) + goto cleanup; + + ret =3D 0; + + cleanup: + virObjectUnref(qemucaps); + virObjectUnref(caps); + + return ret; +} + + static virHypervisorDriver qemuHypervisorDriver =3D { .name =3D QEMU_DRIVER_NAME, .connectURIProbe =3D qemuConnectURIProbe, @@ -21647,6 +21728,7 @@ static virHypervisorDriver qemuHypervisorDriver =3D= { .domainSetLifecycleAction =3D qemuDomainSetLifecycleAction, /* 3.9.0 */ .connectCompareHypervisorCPU =3D qemuConnectCompareHypervisorCPU, /* 4= .4.0 */ .connectBaselineHypervisorCPU =3D qemuConnectBaselineHypervisorCPU, /*= 4.4.0 */ + .nodeGetSEVInfo =3D qemuNodeGetSEVInfo, /* 4.5.0 */ }; =20 =20 --=20 2.7.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Fri Apr 19 08:33:22 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1528468938417161.41130906460342; Fri, 8 Jun 2018 07:42:18 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 78F3485363; Fri, 8 Jun 2018 14:42:15 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2A15864429; Fri, 8 Jun 2018 14:42:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B19454CA82; Fri, 8 Jun 2018 14:42:14 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w58Efeks026276 for ; Fri, 8 Jun 2018 10:41:40 -0400 Received: by smtp.corp.redhat.com (Postfix) id E9CA316BF6; Fri, 8 Jun 2018 14:41:40 +0000 (UTC) Received: from mx1.redhat.com (ext-mx12.extmail.prod.ext.phx2.redhat.com [10.5.110.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E03004529 for ; Fri, 8 Jun 2018 14:41:40 +0000 (UTC) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0052.outbound.protection.outlook.com [104.47.40.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1992F308A945 for ; Fri, 8 Jun 2018 14:41:39 +0000 (UTC) Received: from localhost-010236106000.amd.com (165.204.78.1) by SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.841.13; Fri, 8 Jun 2018 14:41:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a7Yjo5zx3Gr1Ki8YACzDzuNEf6s6jfhs4M48Y6GIIhQ=; b=B718VeGiTshswij/N2R9r5/HYcbKmhIx4VywGWonXw7g8w3fF8T6CwfQC5hXCNRTGTIos9OSJoosY++izoqgrQs/Vv8zeEAqqXOH7n3Seblz7lScd5l5EShuZ6u5IGVmhb8lE4+ovKjtUqadf6HeOBX9ax0eF3cXVU7ZZcBohfo= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: libvir-list@redhat.com Date: Fri, 8 Jun 2018 09:40:56 -0500 Message-Id: <20180608144101.34228-7-brijesh.singh@amd.com> In-Reply-To: <20180608144101.34228-1-brijesh.singh@amd.com> References: <20180608144101.34228-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0501CA0133.namprd05.prod.outlook.com (2603:10b6:803:2c::11) To SN1PR12MB2461.namprd12.prod.outlook.com (2603:10b6:802:27::24) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN1PR12MB2461; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 3:u7FNVD/KcVcg22BFSn2kS7bc4/lKMLRftPbnBH42IvaWsLLaSlHooXGBYBtMxWd3P40uu7JAHPrs6WM/mces5hidyGlauYzUHFFJNQu3jNTO1cAzXLHj93lzyQ1aY7UYj+m1WZAHdHtoQPGj1W3TYDg01cDV37JKmEUTBKCUeVmhy6QSbLdMsuMEXVOr6yesCd9vAo7CfCPaAmx6X3V2YfJbPg1DpwaBV7TkhvUBulI1FlbY5/z0xVOjAiIfW3gE; 25:Ae+6ZFyrexEGpPasRNQVtDhu55DY6vNOsdGXCIBl+3MmsinJLuDWVw6glfA3NIx+Jf2zKwSC4IQPq4HW8L7PW1PHCko6vKy2T5G1QgoRwRNhEp24aSnXiid7jaEIs0MtBSpSWdcK7QzkE7aYXn4cyJyHQ75Vu92uF71P0e54kytO1RVXKjbW1Hsa86pdPc8neL53mppWTkcCmD/f6NTsdTYczhyEXBeWLRYrUc52g6sWeNOtar0wk4jk7AlJbOx4/tZK5aBnA6c0Qbz0FEntBubsnR8LJ5ktXffWc9dmiBssou877CF8dqTmBkJ8Usq2+wAq7ROaeSqanLmbps7b/Q==; 31:gDPmOzMIFhykWQsyD7ClqSCCSsZCgg3R7CrWdgWCkEZgVdmyzeTAywjIbQzPhsY3ClxC2VMBN9eFTl6LAnSXidi3W4CRBtgTi2oS6TKWaBRRSzQjA7Vtcy5MZ1RryqL2lIlRJyThYZI7txJzFVVJdJh4btjqUmahRGcz313RjbLfjR+Xbt2A0cOF4GSiqjk6oTYX4gKpVKVYLMZTHYIcyQ95gzmu/68z+R2ZHrQk7Jg= X-MS-TrafficTypeDiagnostic: SN1PR12MB2461: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 20:A93Tna/Qbf29xMGTpaSJvwfFqMqy42sI8lFQi06XUAshN8wjb0xkM/KXF0mI59e4ESgW/ESMg/1cLa8QAgSTTduVfHBcfmK1jRcUHpL13d4ZZ7lhpoN3GNAntJln0BJby83uI6I0PoJx8AXlzrTRg9fezxQblVy3CZhZaPf4EBHNcsVteeJU1w/C/R3zUztANqllAYMKhMkPMIldn5YcI3A5EURxLQE0q5avBajbY99KUTe20qJ9KApK4hZ1ikCS48po7HrIL4t56sBQ+1omMbzt3+wED/2CltjrvnWV/ucI6oQJsDHraYgLXiuPwXTQ1ZBv/DiKBOGLIfSaAyuYP2V3iubPKqsWPvAUXKTkeIPU4ttuWBGa18jZOz6S3XbPoJj2xqQTlkfmBbFT7LBi8/loZyde52v+7a1iWWO81oEHDG9D9IxoOu8zw4GcRbaKzpDNLkFp+sfgs5memGn84fkwlQbCpuIuyC4EXLdaUxeSuDVuxULEJKBgX+Pr//4x; 4:+7PD+yyvBsuxSTeZwbde6MXrIHlhj3fWjDwrrRKsCUzh+jCLoY9NjUBQLuIpc/lS4MK9WhUWZovVzofdOQ5qQQUcDvRPRCAGiE5CDQhgX9Di+vWF4J/TfXNPr8qpDjglTrnrty0j49idvl0xJiXRhT1VR8Z98BlETRk5FWJl7MbXuj6qtW85QMnk+bbiPsR17aBhRfu9uee1+QIGIwfs553z5/UDhaVZ6neqy27qGg+Cc5kJHRmje7t/tdq2RpCr7/EG7TfbxKsEkq+uNLLYiKZ7r/ZkqcTjTw8dFtZxEakcP/YltWrytlrN4JqIxxmGrpgjfdyKGZAbiVwLzQrw4w== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(767451399110); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231254)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:SN1PR12MB2461; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB2461; X-Forefront-PRVS: 06973FFAD3 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6069001)(376002)(39860400002)(39380400002)(346002)(396003)(366004)(15404003)(189003)(199004)(106356001)(68736007)(2361001)(105586002)(305945005)(7736002)(4326008)(2351001)(53416004)(86362001)(76506005)(5660300001)(606006)(966005)(50466002)(47776003)(6666003)(48376002)(81166006)(81156014)(66066001)(478600001)(6486002)(6306002)(25786009)(8676002)(6916009)(6116002)(3846002)(8936002)(1076002)(97736004)(50226002)(236005)(386003)(59450400001)(54906003)(51416003)(76176011)(36756003)(52116002)(7696005)(53936002)(316002)(16586007)(476003)(956004)(2616005)(11346002)(446003)(44832011)(486006)(15650500001)(2906002)(16526019)(186003)(26005)(44824005)(19607625011); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB2461; H:localhost-010236106000.amd.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; SN1PR12MB2461; 23:RTM3GC5F16yVhorW3cIwIjAXjCiXLg30Pxfi+dm7i?= =?us-ascii?Q?L0xxUpB22+9680DMJFM5cCcaHxGJO8/h5FKV8gU3X1UUabRwlkv96+wdpv8d?= =?us-ascii?Q?kGnYsD+/EGZZTkdA82ER2AlAIUY/pB4MkskZrbTtuBpZZisR+l8BGmFO+3PV?= =?us-ascii?Q?6msxaHM6AT57JdEnASTkoykITb41zvqTwrALZpaKYA8GqsW5t5bgk94hhUhD?= =?us-ascii?Q?t47zDWkH2OaHarcBz4vr6kzBhhJROf7BaqrWVVhzl2ffwXRD12jm7OSI4rFL?= =?us-ascii?Q?Iw62lghbzA4SoxXpvpwNV/OF3uqH4GnN/XXZwjgICdYHdyIS72vjjlcolM/L?= =?us-ascii?Q?GyY0BAonZcc/iANOFy/YLLjo6kp7unLVW/7zva/ZuPj4bevA16i/TNBhT4H4?= =?us-ascii?Q?iNxYgBtE66Su0+PoQ5pAuyTA+7anI5W7yPo7kUayHBJ6zs6LxGJnPyy75F5G?= =?us-ascii?Q?Th8LEQ2+nGRLcCNf3Q1AKmEWiu+7lBl3UO29TcFohdPHotD1HjxPharR5ny7?= =?us-ascii?Q?aP4YfdrXZro3Ws/9Wuu3Vecai1u8tL4cTRgIsnXvL8T5pEDBvOdKAi5At49n?= =?us-ascii?Q?RcaP5zkLxFtkOepAE7+/TteLWLwvPG30W6V7B2eq2KCFTj2yCr2A9y/F+Kox?= =?us-ascii?Q?g/eswsXYf/38KxqNO3zk7occm6A8NKj9efs40mThD7c15Yty7fsWz5zrYGwT?= =?us-ascii?Q?X5I10/rKJhCRp+jTE6KYxbL4g+OcN/iOn4+DlLRvJpfV8UsxFVEZ1uQeyY8f?= =?us-ascii?Q?GvVPEWmFb50NHJyRLq7muBwF0Zz7mANaKTS3ZObNBeJYRbSkuCakQgKssXkz?= =?us-ascii?Q?WXv3B1UuoMgbQns5mRAThjv95XmpkxXCPdXD2H45y53tXNl/Lsren9xkyVaz?= =?us-ascii?Q?5aQ95vIhobfUFH1eTK+vPpG458D7gLu+ODQVMcpeC2zIsqmKJ/3/H+F9v4R7?= =?us-ascii?Q?f/IgeXqjfpBkeYlCt0g+6G3Kv+p5HAb4uKIHmgPzLrHgGf145+rIFUrH9VVb?= =?us-ascii?Q?UIgZvGJKk5Xkdm4uzlfgh/LL3B0N1LliyN+Xf5DeqJZ26HjvCNfuW8GnHCQg?= =?us-ascii?Q?zQJSONyoR3q0WKwS+M43zY/M2CDzEGzXsJVFsQoEPCKphnld+yZ1dcw4t+7P?= =?us-ascii?Q?zLy0zVttGweA5wFbnT34s9r0Cra6zCsNUgDS8OFac9JMNdQLmGYifmdHuhcw?= =?us-ascii?Q?re4S5nxIapSszybf/l1qhGZUI/AxVfJY7E8QCApg/wgjaPidqYqFiIlbzpsD?= =?us-ascii?Q?p7E0YJ53A3kLw7vZnaKEvgNx49QI5xa/hVs1sO8JqZuQMBUuvKIuGez6N96g?= =?us-ascii?Q?KwvKgis1/QqNbtdFNv504JJJCRn6mReg622SDrJIScnaPBTV9me4HD7exx7A?= =?us-ascii?Q?91CTiJOkIJ+OpjSsImmyoffoPuDfKuPR8YhlmwQDGUwjsHYWEyB5egwCo00A?= =?us-ascii?Q?UJpbJ059Y4eISDpEEq8syhAqCXXSXzvuw/xT7rmgi6FWrszQZnOK9/SbJG2J?= =?us-ascii?Q?p+jkvw3KBOJeehef2A8hrlygzmq+OHSiU4=3D?= X-Microsoft-Antispam-Message-Info: I5NvpWs1QcqjKfPPdGLvB/VtIWQoPQaO7jEXlcLDQ0u9l9waseezHkxkb6fgIKdk0DietqbuTRR7Jj2o2C/rX1hZc4gkvug5QbvBhF+iJiqE/omvi/XMkCx/O3V14+nkaKZdSHGqzn03zAbS7LO4cy4TRxnO2k7fdz1vntRteTzRDHX23eQGraw7ubXyWSdA X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 6:C554mbeYnjwRyBTPZqTWFgCg4V25SeaRaYV67UGX9dAqUwzZtX4RsqrmZl5K2mHqfd72he8puOauwvTNPhwsba674mjMltzuuweR1abzWX+kXgSKn6vmLCk3wzvOONOFBQ4SRELXjWmPxAHZYEQP38yEFwqLAGSNN7/+nMmNbBAJZrxy50u9TIazQJnmGscJoNXun/d71MQZA/SBbhvuHmKI5teRTkiNLnyQBxtn2afrO7KPER6jvbcDmoncJad+AuDG2scujTmP6qcRjaj52IdcuEOhk0o4Tf+AyKeQw4VrMW2wmSaYs+D9RwcINI/rqgTPjwIHDBYLyMbq37BmDUyVd8ujgAl4VrmHTb+Nzy7ZUSngqrfEmkUj5sAn6IBn/SY51oPxLbN1hP3l4Y90KbWFbLYSewch8GuyonIo1SGahrbqly08tpMN3NlQRR6P7xlSZZRQRzjy/bT1YDzZvg==; 5:zY/Nkn8RzbYtFJBcmRSX5vcSb6sOCzQcfqRuPUFrSMypM3TmFCDTwdm6ohPD6704D8CpMg8iIIp1IS5AwSk652CdK5jpTLQ+e4XsUjikNwj8eX0ksc596xnn5IIUl5DSNT5G0DX7LkpNM9iyg5wbYLV3C/w+DYuOX6Dl83htCT0=; 24:ol8Im9ezBFMvMJtUzQ9uAxQy2jB/Zx960l4LbORf6m0qBH4I9P5741LumAhUo0LA6569kFQXoK1VL8NK3NMM5fljF50h+xvqvko+APaekJE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB2461; 7:oi+3dUOoKZCtldB1EZeBXpF+09WpjGC98cKaY+jwl17cyOzWA2oWcwUXqU2NLyBH8vA+xZa7YoaynrtN5jzVWD+pDR2qf9r7Cty9XJ9+8DopUqi7HRduLcMMKxFBLryIvOPXYRAIzklavGnfLdaMIaRULDw4jZUc7vVbG7Je8I2D8v84QQOWyknsQmWcc+xt2CIt4ge8qNwBMBSZYMXIvpoJDItorXkT7Yon/KssmM0fHgEjm5XDtZBSCNwx/sdg; 20:SRkx5FrA87IHQ+K2wZdNFa5HdF2gAVvGPphVvopq5Zrh9QR2di7df17XuF3QC9eFxQdumgBppNwkGm2JgCiyeSc0XPJ9ki4/p7JVFl6l2/J1t/el1iJdVG9X6Vh/C7/hUCRcr6OyJNkAP8yDXSu8OZf+EUcUXnmlerOMBLswcSgbvYBJWjFCUwRgan460TjFUo14oGuhyZQnUXGGLFAYZq46iAufsDQpnDpzT0tJSMVwlU8jRPRSWDxhUEvJGD65 X-MS-Office365-Filtering-Correlation-Id: 80adfa07-66f2-4e67-0299-08d5cd4deccc X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jun 2018 14:41:30.9890 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 80adfa07-66f2-4e67-0299-08d5cd4deccc X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2461 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 08 Jun 2018 14:41:39 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 08 Jun 2018 14:41:39 +0000 (UTC) for IP:'104.47.40.52' DOMAIN:'mail-co1nam03on0052.outbound.protection.outlook.com' HELO:'NAM03-CO1-obe.outbound.protection.outlook.com' FROM:'brijesh.singh@amd.com' RCPT:'' X-RedHat-Spam-Score: -0.021 (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, T_DKIMWL_WL_MED) 104.47.40.52 mail-co1nam03on0052.outbound.protection.outlook.com 104.47.40.52 mail-co1nam03on0052.outbound.protection.outlook.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.41 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com Cc: Tom Lendacky , Jon Grimm , Brijesh Singh , Borislav Petkov Subject: [libvirt] [PATCH v9 06/11] conf: introduce launch-security element in domain X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Fri, 08 Jun 2018 14:42:17 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The launch-security element can be used to define the security model to use when launching a domain. Currently we support 'sev'. When 'sev' is used, the VM will be launched with AMD SEV feature enabled. SEV feature supports running encrypted VM under the control of KVM. Encrypted VMs have their pages (code and data) secured such that only the guest itself has access to the unencrypted version. Each encrypted VM is associated with a unique encryption key; if its data is accessed to a different entity using a different key the encrypted guests data will be incorrectly decrypted, leading to unintelligible data. Signed-off-by: Brijesh Singh Reviewed-by: Erik Skultety --- docs/formatdomain.html.in | 115 ++++++++++++++++++ docs/schemas/domaincommon.rng | 37 ++++++ src/conf/domain_conf.c | 133 +++++++++++++++++= ++++ src/conf/domain_conf.h | 27 +++++ tests/genericxml2xmlindata/launch-security-sev.xml | 24 ++++ tests/genericxml2xmltest.c | 2 + 6 files changed, 338 insertions(+) create mode 100644 tests/genericxml2xmlindata/launch-security-sev.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 6912762..77845fe 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -8458,6 +8458,121 @@ qemu-kvm -net nic,model=3D? /dev/null =20

Note: DEA/TDEA is synonymous with DES/TDES.

=20 +

Secure Encrypted Virtualization (SEV)

+ +

+ The contents of the <launch-security type=3D'sev'> element + is used to provide the guest owners input used for creating an encr= ypted + VM using the AMD SEV feature. + + SEV is an extension to the AMD-V architecture which supports running + encrypted virtual machine (VMs) under the control of KVM. Encrypted + VMs have their pages (code and data) secured such that only the gue= st + itself has access to the unencrypted version. Each encrypted VM is + associated with a unique encryption key; if its data is accessed to= a + different entity using a different key the encrypted guests data wi= ll + be incorrectly decrypted, leading to unintelligible data. + + For more information see various input parameters and its format se= e the SEV API spec + https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specifi= cation.pdf + Since 4.4.0 +

+ 
+<domain>
+  ...
+  <launch-security type=3D'sev'>
+    <policy> 0x0001 </policy>
+    <cbitpos> 47 </cbitpos>
+    <reduced-phys-bits> 1 </reduced-phys-bits>
+    <session> AAACCCDD=3DFFFCCCDSDS </session>
+    <dh-cert> RBBBSDDD=3DFDDCCCDDDG </dh>
+  </sev>
+  ...
+</domain>
+
+ +
+
cbitpos
+
The required cbitpos element provides the C-bit (ak= a encryption bit) + location in guest page table entry. The value of cbitpos is + hypervisor dependent and can be obtained through the sev element + from the domain capabilities. +
+
reduced-phys-bits
+
The required reduced-phys-bits element provides the= physical + address bit reducation. Similar to cbitpos the value of= + reduced-phys-bit is hypervisor dependent and can be obtained + through the sev element from the domain capabilities. +
+
policy
+
The required policy element provides the guest poli= cy + which must be maintained by the SEV firmware. This policy is enforce= d by + the firmware and restricts what configuration and operational comman= ds + can be performed on this guest by the hypervisor. The guest policy + provided during guest launch is bound to the guest and cannot be cha= nged + throughout the lifetime of the guest. The policy is also transmitted + during snapshot and migration flows and enforced on the destination = platform. + + The guest policy is a 4 unsigned byte with the fields shown in Table: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Bit(s) Description
0 Debugging of the guest is disallowed when set
1 Sharing keys with other guests is disallowed when set
2 SEV-ES is required when set
3 Sending the guest to another platform is disallowed when se= t
4 The guest must not be transmitted to another platform that = is + not in the domain when set.
5 The guest must not be transmitted to another platform that = is + not SEV capable when set.
6:15 reserved
16:32 The guest must not be transmitted to another platform with a + lower firmware version.
+ +
+
dh-cert
+
The optional dh-cert element provides the guest own= ers + base64 encoded Diffie-Hellman (DH) key. The key is used to negotiate= a + master secret key between the SEV firmware and guest owner. This mas= ter + secret key is then used to establish a trusted channel between SEV + firmware and guest owner. +
+
session
+
The optional session element provides the guest own= ers + base64 encoded session blob defined in the SEV API spec. + + See SEV spec LAUNCH_START section for the session blob format. +
+
+

Example configs

=20

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 550fb10..1d06a5e 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -77,6 +77,9 @@ + + + @@ -436,6 +439,40 @@ =20 + + + + sev + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +