[RFC PATCH 0/3] Add virDomainInjectLaunchSecret API

Jim Fehlig posted 3 patches 3 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20211117022354.16174-1-jfehlig@suse.com
include/libvirt/libvirt-domain.h    |  6 ++++
src/driver-hypervisor.h             |  8 +++++
src/libvirt-domain.c                | 50 +++++++++++++++++++++++++++
src/libvirt_public.syms             |  5 +++
src/qemu/qemu_driver.c              | 53 +++++++++++++++++++++++++++++
src/qemu/qemu_monitor.c             | 12 +++++++
src/qemu/qemu_monitor.h             |  6 ++++
src/qemu/qemu_monitor_json.c        | 34 ++++++++++++++++++
src/qemu/qemu_monitor_json.h        |  5 +++
src/remote/remote_daemon_dispatch.c | 27 +++++++++++++++
src/remote/remote_driver.c          | 32 +++++++++++++++++
src/remote/remote_protocol.x        | 16 ++++++++-
src/remote_protocol-structs         |  8 +++++
13 files changed, 261 insertions(+), 1 deletion(-)

[RFC PATCH 0/3] Add virDomainInjectLaunchSecret API

Posted by Jim Fehlig 3 weeks ago
Hi All!

This series is an RFC impl for the missing API needed for SEV attestation as
discussed here

https://listman.redhat.com/archives/libvir-list/2021-May/msg00196.html

I pinged about the status a few weeks back, found it had stalled, and agreed
to work on an impl after returning from vacation

https://listman.redhat.com/archives/libvir-list/2021-October/msg01052.html

Although the series is only compile tested, I wanted to share it early in
case others are considering the task.

While discussing the missing API, Daniel suggested virDomainSetLaunchSecurityInfo

https://listman.redhat.com/archives/libvir-list/2021-October/msg01074.html

but noted the asymmetry with virDomainGetLaunchSecurityInfo. I decided to go
with virDomainInjectLaunchSecret, which better describes the function IMO.
I also decided to go with an explicit set of parameters, following in the
footsteps of virDrvDomainAuthorizedSSHKeys*. It wasn't until patch 3 that I
realized virTypedParameter is definitely a better approach for an API that
may need future support for other types of secrets. I'll make that change in
a V1 after collecting feedback on this RFC.

Regards,
Jim

Jim Fehlig (3):
  libvirt: Introduce virDomainInjectLaunchSecret public API
  remote: Implement domain inject launch secret API
  qemu: Implement the virDomainInjectLaunchSecret API

 include/libvirt/libvirt-domain.h    |  6 ++++
 src/driver-hypervisor.h             |  8 +++++
 src/libvirt-domain.c                | 50 +++++++++++++++++++++++++++
 src/libvirt_public.syms             |  5 +++
 src/qemu/qemu_driver.c              | 53 +++++++++++++++++++++++++++++
 src/qemu/qemu_monitor.c             | 12 +++++++
 src/qemu/qemu_monitor.h             |  6 ++++
 src/qemu/qemu_monitor_json.c        | 34 ++++++++++++++++++
 src/qemu/qemu_monitor_json.h        |  5 +++
 src/remote/remote_daemon_dispatch.c | 27 +++++++++++++++
 src/remote/remote_driver.c          | 32 +++++++++++++++++
 src/remote/remote_protocol.x        | 16 ++++++++-
 src/remote_protocol-structs         |  8 +++++
 13 files changed, 261 insertions(+), 1 deletion(-)

-- 
2.33.0