From nobody Mon Feb  9 06:48:37 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=quarantine dis=quarantine)  header.from=suse.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1637116180593641.0526652660683;
 Tue, 16 Nov 2021 18:29:40 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-593-WPSMaZR5OFOs6ogSzW1mjw-1; Tue, 16 Nov 2021 21:29:38 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 21E848042F0;
	Wed, 17 Nov 2021 02:29:33 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id EC5A85C25D;
	Wed, 17 Nov 2021 02:29:32 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id C48BC1832DD4;
	Wed, 17 Nov 2021 02:29:32 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1AH2ODmg002005 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 16 Nov 2021 21:24:13 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 971181121319; Wed, 17 Nov 2021 02:24:13 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 91E901121315
	for <libvir-list@redhat.com>; Wed, 17 Nov 2021 02:24:12 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 803CD8011A5
	for <libvir-list@redhat.com>; Wed, 17 Nov 2021 02:24:12 +0000 (UTC)
Received: from de-smtp-delivery-102.mimecast.com
	(de-smtp-delivery-102.mimecast.com [194.104.109.102]) (Using TLS) by
	relay.mimecast.com with ESMTP id us-mta-424-Gzjgy4maNjWZa3kv3B5rFg-1;
	Tue, 16 Nov 2021 21:24:10 -0500
Received: from EUR02-AM5-obe.outbound.protection.outlook.com
	(mail-am5eur02lp2056.outbound.protection.outlook.com [104.47.4.56])
	(Using TLS) by relay.mimecast.com with ESMTP id
	de-mta-29-UxtELwP3NMW5YuGZPkaRug-1; Wed, 17 Nov 2021 03:24:08 +0100
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16)
	by AM9PR04MB7554.eurprd04.prod.outlook.com (2603:10a6:20b:2da::23)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.16;
	Wed, 17 Nov 2021 02:24:07 +0000
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::c58b:de4e:3ba7:9ef6]) by
	AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::c58b:de4e:3ba7:9ef6%4]) with mapi id 15.20.4690.027;
	Wed, 17 Nov 2021 02:24:07 +0000
Received: from localhost (75.169.35.15) by
	AM6PR08CA0003.eurprd08.prod.outlook.com (2603:10a6:20b:b2::15)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.19
	via Frontend Transport; Wed, 17 Nov 2021 02:24:07 +0000
X-MC-Unique: WPSMaZR5OFOs6ogSzW1mjw-1
X-MC-Unique: Gzjgy4maNjWZa3kv3B5rFg-1
X-MC-Unique: UxtELwP3NMW5YuGZPkaRug-1
From: Jim Fehlig <jfehlig@suse.com>
To: libvir-list@redhat.com
Subject: [RFC PATCH 3/3] qemu: Implement the virDomainInjectLaunchSecret API
Date: Tue, 16 Nov 2021 19:23:54 -0700
Message-ID: <20211117022354.16174-4-jfehlig@suse.com>
In-Reply-To: <20211117022354.16174-1-jfehlig@suse.com>
References: <20211117022354.16174-1-jfehlig@suse.com>
X-ClientProxiedBy: AM6PR08CA0003.eurprd08.prod.outlook.com
	(2603:10a6:20b:b2::15) To AM0PR04MB4899.eurprd04.prod.outlook.com
	(2603:10a6:208:c5::16)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 2a54accf-7dee-4329-e616-08d9a9715527
X-MS-TrafficTypeDiagnostic: AM9PR04MB7554:
X-Microsoft-Antispam-PRVS: 
 <AM9PR04MB75540FABBC221EF462E110F0C69A9@AM9PR04MB7554.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:43
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 
 i6VX56GJxdTFN2PFXRnLfVfOszldLMTzrZMzWjkY/tZlfklHzSWzMKqWJUgizcYEC2QUiUm8aIT2rFKOPTCx24LXrBBu0zJypDqeyRcdRXvhmUNAV1z1CGR5lm9mGAzETgYcZbIxbAkRsgftxWSDQmKMmGjKZ7KgzqiACs64Zps7Tc5iYgy8aEsr3V+xv78ZJxzy/jTABBBwPcFlaZxklndRKXqxvDO38e2OUnF+N/7oxOoZtp01mBNOippQBUoJbdbIIKg3GVSUGpzZMwbMKz2yKTqoVsmLKiG2xBbpJnrWpUdJZcjIM0OQo699QxQ62E/ppynuS2bMb8AnXkpPIxL5w09Yxz+uOIBRnVVly1ua0rw8HYEVhAm1xFdlO9JEwqe9CDi+5HFc+jvKOSqMuVlTBTIWICdcdHziXlcxXt7Skef7zz/8xqNY1wbQ1LBFL3v4CliSkfhO/JFQkHZxyYkk6gz4RpCER0G2nO+Ml9jawBBGLI4k8d9WCGi3IObcdj2IoVCKVCRdFaWkmwbq1m+HaEZJUe0o0CfYNpULLvtHVFvH2MXdkEZN1oQnzpbkM2t8Fen9lYOB7LeVjaasqWZ6sqbCfbIlvrdnPQloQQwFfR/Twkq0mMW4tPbDgrDiMTtFP+09JG4EKknjQkI9NK8Dq12Fz3LgFOQ1DE1mwilgTOhvBny5uc/tzVRaSKd3
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:AM0PR04MB4899.eurprd04.prod.outlook.com;
	PTR:; CAT:NONE;
	SFS:(366004)(8936002)(508600001)(66476007)(66946007)(86362001)(956004)(2616005)(6916009)(1076003)(6486002)(83380400001)(316002)(6666004)(2906002)(66556008)(38100700002)(8676002)(36756003)(26005)(186003)(5660300002)(6496006)(145543001);
	DIR:OUT; SFP:1101
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?6Aob1FjsuDI38By+Ll1kXJ/utSEDSCACfo2JryQtzG+2yP0/AfFh01qpk6Su?=
	=?us-ascii?Q?FqZ+DyEdKCrFBCNI+JzzzWlunGcQ5LrxAKmmY+r+W2czbfEOYpgPZUpr2Kpi?=
	=?us-ascii?Q?yzkVTdwE+Npoaiai9wE2bloa3UhbX9ycQCE909UafUH0TnH9xaAya7uOwP+u?=
	=?us-ascii?Q?SEJxpfGbIUxBnPKbv8EO5Ymb7Y+jw+2pc/59MNGJNOiiTRGU0XePUP8uAAYZ?=
	=?us-ascii?Q?cTtF1pLOUTGuE2q+aFvo3qXq7hUEqoSRW1jiH54v4R44xjQEB01/ZE6hT3Rb?=
	=?us-ascii?Q?QwCAmUZV913RsiZCJs1jPVgEnRFRr/ldMk5m7BOn5GgHM+DCdKI/q6Qak3Bc?=
	=?us-ascii?Q?Fr4p3X45oRvC2Q8pK9eTxuPJjNnIL/Y7KuPBK5ykKZ8U662PuI/l9omtlnFs?=
	=?us-ascii?Q?Ith9+ryYsR8CYfvx2q5fX1eMOABWxKYNLHRIG458rPZr+SnDfdH4HQCSY0cL?=
	=?us-ascii?Q?lO1Pob65i5/iBbkfzhx813N0kdWEadV67VK1DWSl3OetqSaQK9/hxpCkcv4y?=
	=?us-ascii?Q?C1h42bKQWKLfNGYEgOJ9g6LKScu7X+iwB9ndkmsAPiX7w6llFoW3dMDlyP6q?=
	=?us-ascii?Q?lVUWS4rzzMUujsktUdpXM3DF8aCjBImO/XYI19VvkCimdD3cR+/delgUp0nh?=
	=?us-ascii?Q?dB4lABxmYIRkFWAc98X/2Q/bMFmbedYdikCWB8O39oDpDLstW9ArkgVTgWDU?=
	=?us-ascii?Q?qmVYTpOTG3/ZzvmNEFRs4QF9dkLPSLZaPYLbwkA0UQUz29Bt9B9U2kG1UcRl?=
	=?us-ascii?Q?S5qF9MAieSuekTSTAaWwfsgMKQJLhLT+813caciqHtmvfLY2w2q2FkonBvXE?=
	=?us-ascii?Q?N48+ezPEHJAn8JMznYTDtyDQPmKcODmElaYsr7Fv9MvOpQ+84gegyjg5UNVG?=
	=?us-ascii?Q?JIUO3qXPBFp9E5TCHzxCHakHuPE9dzBPFTkNqOnJgoIY++8cqzjyV4fNf2hR?=
	=?us-ascii?Q?2kOqL3Vg5QpudGFArzrGf0okISKU9tevnQWJC60hwrM8O3Ob2y9lAV+r3nQj?=
	=?us-ascii?Q?+AvasAe6JSmfMWRtL4FANQ0/47cBcylWiwORiLHOno7b+fHdbPRRwxCG5ON9?=
	=?us-ascii?Q?eUzFddk1E3h5gcWG7Tu9VnBJgnYMUlmkDrlkb4MT6n+/LQU5TwRvdbt4iCI7?=
	=?us-ascii?Q?5SiJBJnbirXXYZHHUUBbRtmnN4AJvS8OSIOvXLzzZNMC3zLipV8g5UtriXUa?=
	=?us-ascii?Q?YOkDRJunXDK0wYZWZIskD3ImnnjzEEUbzTJJ/TsiL0Z3fgwQKTHJns/40/D9?=
	=?us-ascii?Q?BsmPC+cL5wp30dj+XBwxbJJIVmGcp5W7yTmB37rKHqe1Qejp9OI6tfXmACd3?=
	=?us-ascii?Q?EmxFXG5ORZhQAygHH67eaihcmHHqhQQLSjarPwcvGIoMdVzUFWgjcmBwPRrU?=
	=?us-ascii?Q?3PKyrxSlfqx67PPEW48H+ZkBzkRll96uQRZJtcPQ8kH7V5i+dO/tsnuCicvc?=
	=?us-ascii?Q?8xd37lCBGj0seI3THWHCfeh1Qhx6YAUXSQSUkMLYLwHEL0vvBS+9NkCmQG8Q?=
	=?us-ascii?Q?9cE7+8tFlIPcE3Oaq6qmwRlESnirsBdshk8u0AIr62sUnnHVrarSGx9VTfau?=
	=?us-ascii?Q?EnfFFhWygg/Mx5DSnS5mS20+4bNz99FbHZ1/wcl0/FR04KnRJpcKV+V3S+aw?=
	=?us-ascii?Q?FB3AAkqstWkCrSNWZH2mp6k=3D?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 2a54accf-7dee-4329-e616-08d9a9715527
X-MS-Exchange-CrossTenant-AuthSource: AM0PR04MB4899.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2021 02:24:07.7860 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 P54PnPH7lof+FtFlva1/usniNGzNmYHvXRav9vh0zd8z2N4lvUUVou77oPAAgAhqee0QldAB+QwQ4woEMfjSAA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7554
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 1AH2ODmg002005
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1637116181554100001
Content-Type: text/plain; charset="utf-8"

Inject a launch secret in domain memory using the sev-inject-launch-secret
QMP API. Only supported for SEV-enabed domains.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
 src/qemu/qemu_driver.c       | 53 ++++++++++++++++++++++++++++++++++++
 src/qemu/qemu_monitor.c      | 12 ++++++++
 src/qemu/qemu_monitor.h      |  6 ++++
 src/qemu/qemu_monitor_json.c | 34 +++++++++++++++++++++++
 src/qemu/qemu_monitor_json.h |  5 ++++
 5 files changed, 110 insertions(+)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index d954635dde..58e3f08afe 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -20104,6 +20104,58 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr domai=
n,
     return ret;
 }
=20
+
+static int
+qemuDomainInjectLaunchSecret(virDomainPtr domain,
+                             const char *secrethdr,
+                             const char *secret,
+                             unsigned long long injectaddr,
+                             unsigned int flags)
+{
+    virQEMUDriver *driver =3D domain->conn->privateData;
+    virDomainObj *vm;
+    int ret =3D -1;
+
+    virCheckFlags(0, -1);
+
+    if (!(vm =3D qemuDomainObjFromDomain(domain)))
+        goto cleanup;
+
+    if (virDomainInjectLaunchSecretEnsureACL(domain->conn, vm->def) < 0)
+        goto cleanup;
+
+    /* Currently only SEV is supported */
+    if (!vm->def->sec ||
+        vm->def->sec->sectype !=3D VIR_DOMAIN_LAUNCH_SECURITY_SEV) {
+        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+                       _("injecting a launch secret is only supported in S=
EV-enabled domains"));
+        goto cleanup;
+    }
+
+    if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
+        goto cleanup;
+
+    if (qemuDomainObjEnterMonitorAsync(driver, vm, QEMU_ASYNC_JOB_NONE) < =
0)
+        goto endjob;
+
+    if (qemuMonitorInjectLaunchSecret(QEMU_DOMAIN_PRIVATE(vm)->mon,
+                                      secrethdr, secret, injectaddr) < 0)
+        goto endjob;
+
+    if (qemuDomainObjExitMonitor(driver, vm) < 0)
+        goto endjob;
+
+    ret =3D 0;
+
+ endjob:
+    qemuDomainObjEndJob(driver, vm);
+
+ cleanup:
+    virDomainObjEndAPI(&vm);
+    return ret;
+}
+
+
 static const unsigned int qemuDomainGetGuestInfoSupportedTypes =3D
     VIR_DOMAIN_GUEST_INFO_USERS |
     VIR_DOMAIN_GUEST_INFO_OS |
@@ -20981,6 +21033,7 @@ static virHypervisorDriver qemuHypervisorDriver =3D=
 {
     .domainAuthorizedSSHKeysSet =3D qemuDomainAuthorizedSSHKeysSet, /* 6.1=
0.0 */
     .domainGetMessages =3D qemuDomainGetMessages, /* 7.1.0 */
     .domainStartDirtyRateCalc =3D qemuDomainStartDirtyRateCalc, /* 7.2.0 */
+    .domainInjectLaunchSecret =3D qemuDomainInjectLaunchSecret, /* 7.10.0 =
*/
 };
=20
=20
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 810dac209d..c64469a03b 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -4383,6 +4383,18 @@ qemuMonitorGetSEVMeasurement(qemuMonitor *mon)
 }
=20
=20
+int
+qemuMonitorInjectLaunchSecret(qemuMonitor *mon,
+                              const char *secrethdr,
+                              const char *secret,
+                              unsigned long long injectaddr)
+{
+    QEMU_CHECK_MONITOR(mon);
+
+    return qemuMonitorJSONInjectLaunchSecret(mon, secrethdr, secret, injec=
taddr);
+}
+
+
 int
 qemuMonitorGetPRManagerInfo(qemuMonitor *mon,
                             GHashTable **retinfo)
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 0dd7b1c4e2..2dec2b57bb 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -1445,6 +1445,12 @@ int qemuMonitorBlockdevMediumInsert(qemuMonitor *mon,
 char *
 qemuMonitorGetSEVMeasurement(qemuMonitor *mon);
=20
+int
+qemuMonitorInjectLaunchSecret(qemuMonitor *mon,
+                              const char *secrethdr,
+                              const char *secret,
+                              unsigned long long injectaddr);
+
 typedef struct _qemuMonitorPRManagerInfo qemuMonitorPRManagerInfo;
 struct _qemuMonitorPRManagerInfo {
     bool connected;
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 4669b9135d..69aef078ec 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -8124,6 +8124,40 @@ qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon)
 }
=20
=20
+/**
+ * The function is used to inject a launch secret in an SEV guest.
+ *
+ * Example JSON:
+ *
+ * { "execute" : "sev-inject-launch-secret",
+ *   "data": { "packet-header": "str", "secret": "str", "gpa": "uint64" } }
+ */
+int
+qemuMonitorJSONInjectLaunchSecret(qemuMonitor *mon,
+                                  const char *secrethdr,
+                                  const char *secret,
+                                  unsigned long long injectaddr)
+{
+    g_autoptr(virJSONValue) cmd =3D NULL;
+    g_autoptr(virJSONValue) reply =3D NULL;
+
+    if (!(cmd =3D qemuMonitorJSONMakeCommand("sev-inject-launch-secret",
+                                           "s:packet-header", secrethdr,
+                                           "s:secret", secret,
+                                           "U:gpa", injectaddr,
+                                           NULL)))
+        return -1;
+
+    if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+        return -1;
+
+    if (qemuMonitorJSONCheckError(cmd, reply) < 0)
+        return -1;
+
+    return 0;
+}
+
+
 /*
  * Example return data
  *
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index f7fb13f56c..95758cdc6e 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -368,6 +368,11 @@ int qemuMonitorJSONSystemWakeup(qemuMonitor *mon);
=20
 char *qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon);
=20
+int qemuMonitorJSONInjectLaunchSecret(qemuMonitor *mon,
+                                      const char *secrethdr,
+                                      const char *secret,
+                                      unsigned long long injectaddr);
+
 int qemuMonitorJSONGetVersion(qemuMonitor *mon,
                               int *major,
                               int *minor,
--=20
2.33.0