The API can be used outside the libvirt to get the launch security
information. When SEV is enabled, the API can be used to get the
measurement of the launch process.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
include/libvirt/libvirt-domain.h | 17 ++++++++++++++
src/driver-hypervisor.h | 8 +++++++
src/libvirt-domain.c | 48 ++++++++++++++++++++++++++++++++++++++++
src/libvirt_public.syms | 1 +
4 files changed, 74 insertions(+)
diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
index da773b7..6a3d73f 100644
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
@@ -4767,4 +4767,21 @@ int virDomainSetLifecycleAction(virDomainPtr domain,
unsigned int action,
unsigned int flags);
+/**
+ * Launch Security API
+ */
+
+/**
+ * VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT:
+ *
+ * Macro represents the launch measurement of the SEV guest,
+ * as VIR_TYPED_PARAM_STRING.
+ */
+#define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement"
+
+int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
+ virTypedParameterPtr *params,
+ int *nparams,
+ unsigned int flags);
+
#endif /* __VIR_LIBVIRT_DOMAIN_H__ */
diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
index c50d2a0..eef31eb 100644
--- a/src/driver-hypervisor.h
+++ b/src/driver-hypervisor.h
@@ -1315,6 +1315,13 @@ typedef int
int *nparams,
unsigned int flags);
+typedef int
+(*virDrvDomainGetLaunchSecurityInfo)(virDomainPtr domain,
+ virTypedParameterPtr *params,
+ int *nparams,
+ unsigned int flags);
+
+
typedef struct _virHypervisorDriver virHypervisorDriver;
typedef virHypervisorDriver *virHypervisorDriverPtr;
@@ -1564,6 +1571,7 @@ struct _virHypervisorDriver {
virDrvConnectCompareHypervisorCPU connectCompareHypervisorCPU;
virDrvConnectBaselineHypervisorCPU connectBaselineHypervisorCPU;
virDrvNodeGetSEVInfo nodeGetSEVInfo;
+ virDrvDomainGetLaunchSecurityInfo domainGetLaunchSecurityInfo;
};
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index d44b553..dcfc7d4 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -12154,3 +12154,51 @@ int virDomainSetLifecycleAction(virDomainPtr domain,
virDispatchError(domain->conn);
return -1;
}
+
+/**
+ * virDomainGetLaunchSecurityInfo:
+ * @domain: a domain object
+ * @params: where to store security info
+ * @nparams: number of items in @params
+ * @flags: currently used, set to 0.
+ *
+ * Get the launch security info. In case of the SEV guest, this will
+ * return the launch measurement.
+ *
+ * Returns -1 in case of failure, 0 in case of success.
+ */
+int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
+ virTypedParameterPtr *params,
+ int *nparams,
+ unsigned int flags)
+{
+ virConnectPtr conn = domain->conn;
+
+ VIR_DOMAIN_DEBUG(domain, "params=%p, nparams=%p flags=0x%x",
+ params, nparams, flags);
+
+ virResetLastError();
+
+ virCheckDomainReturn(domain, -1);
+ virCheckNonNullArgGoto(params, error);
+ virCheckNonNullArgGoto(nparams, error);
+ virCheckReadOnlyGoto(conn->flags, error);
+
+ if (VIR_DRV_SUPPORTS_FEATURE(domain->conn->driver, domain->conn,
+ VIR_DRV_FEATURE_TYPED_PARAM_STRING))
+ flags |= VIR_TYPED_PARAM_STRING_OKAY;
+
+ if (conn->driver->domainGetLaunchSecurityInfo) {
+ int ret;
+ ret = conn->driver->domainGetLaunchSecurityInfo(domain, params,
+ nparams, flags);
+ if (ret < 0)
+ goto error;
+ return ret;
+ }
+ virReportUnsupportedError();
+
+ error:
+ virDispatchError(domain->conn);
+ return -1;
+}
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index 524d5fd..3bf3c3f 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -797,6 +797,7 @@ LIBVIRT_4.5.0 {
virGetLastErrorCode;
virGetLastErrorDomain;
virNodeGetSEVInfo;
+ virDomainGetLaunchSecurityInfo;
} LIBVIRT_4.4.0;
# .... define new API here using predicted next version number ....
--
2.7.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Better commit subject would be: libvirt: Introduce virDomainGetLaunchSecurityInfo public API On Wed, Jun 06, 2018 at 12:50:15PM -0500, Brijesh Singh wrote: > The API can be used outside the libvirt to get the launch security > information. When SEV is enabled, the API can be used to get the > measurement of the launch process. > > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > --- > include/libvirt/libvirt-domain.h | 17 ++++++++++++++ > src/driver-hypervisor.h | 8 +++++++ > src/libvirt-domain.c | 48 ++++++++++++++++++++++++++++++++++++++++ > src/libvirt_public.syms | 1 + > 4 files changed, 74 insertions(+) > > diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h > index da773b7..6a3d73f 100644 > --- a/include/libvirt/libvirt-domain.h > +++ b/include/libvirt/libvirt-domain.h > @@ -4767,4 +4767,21 @@ int virDomainSetLifecycleAction(virDomainPtr domain, > unsigned int action, > unsigned int flags); > > +/** > + * Launch Security API > + */ > + > +/** > + * VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT: > + * > + * Macro represents the launch measurement of the SEV guest, > + * as VIR_TYPED_PARAM_STRING. > + */ > +#define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement" ^recurring, s/#define/# define/ otherwise fails the syntax-check... With that: Reviewed-by: Erik Skultety <eskultet@redhat.com> -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On 06/07/2018 11:46 AM, Erik Skultety wrote: > Better commit subject would be: > libvirt: Introduce virDomainGetLaunchSecurityInfo public API > > On Wed, Jun 06, 2018 at 12:50:15PM -0500, Brijesh Singh wrote: >> The API can be used outside the libvirt to get the launch security >> information. When SEV is enabled, the API can be used to get the >> measurement of the launch process. >> >> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> >> --- >> include/libvirt/libvirt-domain.h | 17 ++++++++++++++ >> src/driver-hypervisor.h | 8 +++++++ >> src/libvirt-domain.c | 48 ++++++++++++++++++++++++++++++++++++++++ >> src/libvirt_public.syms | 1 + >> 4 files changed, 74 insertions(+) >> >> diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h >> index da773b7..6a3d73f 100644 >> --- a/include/libvirt/libvirt-domain.h >> +++ b/include/libvirt/libvirt-domain.h >> @@ -4767,4 +4767,21 @@ int virDomainSetLifecycleAction(virDomainPtr domain, >> unsigned int action, >> unsigned int flags); >> >> +/** >> + * Launch Security API >> + */ >> + >> +/** >> + * VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT: >> + * >> + * Macro represents the launch measurement of the SEV guest, >> + * as VIR_TYPED_PARAM_STRING. >> + */ >> +#define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement" > > ^recurring, s/#define/# define/ otherwise fails the syntax-check... I did ran through syntax-check but don't remember getting complain. I will fix in next rev. > > With that: > Reviewed-by: Erik Skultety <eskultet@redhat.com> > -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Thu, Jun 07, 2018 at 11:54:30AM -0500, Brijesh Singh wrote: > > >On 06/07/2018 11:46 AM, Erik Skultety wrote: >> Better commit subject would be: >> libvirt: Introduce virDomainGetLaunchSecurityInfo public API >> >> On Wed, Jun 06, 2018 at 12:50:15PM -0500, Brijesh Singh wrote: >>> The API can be used outside the libvirt to get the launch security >>> information. When SEV is enabled, the API can be used to get the >>> measurement of the launch process. >>> >>> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> >>> --- >>> include/libvirt/libvirt-domain.h | 17 ++++++++++++++ >>> src/driver-hypervisor.h | 8 +++++++ >>> src/libvirt-domain.c | 48 ++++++++++++++++++++++++++++++++++++++++ >>> src/libvirt_public.syms | 1 + >>> 4 files changed, 74 insertions(+) >>> >>> diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h >>> index da773b7..6a3d73f 100644 >>> --- a/include/libvirt/libvirt-domain.h >>> +++ b/include/libvirt/libvirt-domain.h >>> @@ -4767,4 +4767,21 @@ int virDomainSetLifecycleAction(virDomainPtr domain, >>> unsigned int action, >>> unsigned int flags); >>> >>> +/** >>> + * Launch Security API >>> + */ >>> + >>> +/** >>> + * VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT: >>> + * >>> + * Macro represents the launch measurement of the SEV guest, >>> + * as VIR_TYPED_PARAM_STRING. >>> + */ >>> +#define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement" >> >> ^recurring, s/#define/# define/ otherwise fails the syntax-check... > > >I did ran through syntax-check but don't remember getting complain. I >will fix in next rev. > cppi is the tool that needs to be installed for that part of syntax check to work But for API additions, having the 'pdwtags' tool (sometimes in the 'dwarves' package) is useful - the check for API stability uses it. (Also, some of the patches have double << >> around your e-mail, how did that happen?) Jano > >> >> With that: >> Reviewed-by: Erik Skultety <eskultet@redhat.com> >> > >-- >libvir-list mailing list >libvir-list@redhat.com >https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2026 Red Hat, Inc.