From nobody Tue Feb 10 06:04:47 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=quarantine dis=quarantine) header.from=suse.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1638316347152618.9028916651504; Tue, 30 Nov 2021 15:52:27 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-498-3Ik1L3lTPoafssVCyiVp3Q-1; Tue, 30 Nov 2021 18:52:24 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 80AE281CCB4; Tue, 30 Nov 2021 23:52:19 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 351B45D740; Tue, 30 Nov 2021 23:52:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 02BDD1809CB9; Tue, 30 Nov 2021 23:52:19 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1AUNqGre013362 for ; Tue, 30 Nov 2021 18:52:16 -0500 Received: by smtp.corp.redhat.com (Postfix) id 3C84451E2; Tue, 30 Nov 2021 23:52:16 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 352E451E1 for ; Tue, 30 Nov 2021 23:52:11 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 87CD1801212 for ; Tue, 30 Nov 2021 23:52:11 +0000 (UTC) Received: from de-smtp-delivery-102.mimecast.com (de-smtp-delivery-102.mimecast.com [194.104.111.102]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-448-WOr3EO1CPfWdFMMIv_l7rQ-1; Tue, 30 Nov 2021 18:52:09 -0500 Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02lp2054.outbound.protection.outlook.com [104.47.4.54]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id de-mta-36-8yxi0jOtOGWUE0J0fEw9zA-1; Wed, 01 Dec 2021 00:52:07 +0100 Received: from AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16) by AM0PR04MB6275.eurprd04.prod.outlook.com (2603:10a6:208:147::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4734.23; Tue, 30 Nov 2021 23:52:06 +0000 Received: from AM0PR04MB4899.eurprd04.prod.outlook.com ([fe80::c58b:de4e:3ba7:9ef6]) by AM0PR04MB4899.eurprd04.prod.outlook.com ([fe80::c58b:de4e:3ba7:9ef6%4]) with mapi id 15.20.4734.027; Tue, 30 Nov 2021 23:52:06 +0000 Received: from localhost (75.169.35.15) by AM6P191CA0088.EURP191.PROD.OUTLOOK.COM (2603:10a6:209:8a::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4734.22 via Frontend Transport; Tue, 30 Nov 2021 23:52:06 +0000 X-MC-Unique: 3Ik1L3lTPoafssVCyiVp3Q-1 X-MC-Unique: WOr3EO1CPfWdFMMIv_l7rQ-1 X-MC-Unique: 8yxi0jOtOGWUE0J0fEw9zA-1 From: Jim Fehlig To: libvir-list@redhat.com Subject: [PATCH 1/3] libvirt: Introduce virDomainSetLaunchSecurityState public API Date: Tue, 30 Nov 2021 16:51:58 -0700 Message-ID: <20211130235200.11686-2-jfehlig@suse.com> In-Reply-To: <20211130235200.11686-1-jfehlig@suse.com> References: <20211130235200.11686-1-jfehlig@suse.com> X-ClientProxiedBy: AM6P191CA0088.EURP191.PROD.OUTLOOK.COM (2603:10a6:209:8a::29) To AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 11f631f8-2ea6-4230-1514-08d9b45c6a69 X-MS-TrafficTypeDiagnostic: AM0PR04MB6275: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0 X-Microsoft-Antispam-Message-Info: ZoCDEIJo+NZ7FxYetvjyGzZa4J+NO516zeIfhe3b+8wlGKfx80GNiV4+Ww2XCg73fo3W2bs4YcVp8d4tcPBsMizkcKhuXmWrGsVizpIs3ccqFxMVgZod5pBBswYfVwi44wkmFYUVWtX5Q4cUeA71TB8UH2oDDgmINsv/DXO9wlInw9gPV27GtI22RR6QFsYRwJfARyw6WsrNys54HVw3t5QiThiCA2YUgTFYUK/EQI/IL33IEW9vZZK9sX5Wh0BQrbFrFU76cqIPuAjg2WWLejuulth/Khdjg7vMMHLuO0kv60DzAe+tSB1/BdU7hkPoxGVtKc1EfIR1W4ZM87ALa8u3vBGWA5EYpFVJaKugDGZ91l+5NS0zcrKHGhB1r4pYqxfbzSYlaLCxv/wdtFuE/jgkb5LZmHRjP9cAXvOObDeryvZ7WYcKxqHcCoJj8TRV5GhRcDQ1M4jdvwxjgwrt2WwLsgM5CRpCKULdTyipPQ92IlkOHzLMcT7G0dKSz2BdRMHryGMZoXVo+8PGekTfVCR6v0BmSVFBKwJLb/CYyR1aNncK7Y3otKeJ+ULLWAAUBAryPdsu8GZf5R6SAdWloKbZX/1Ta0KXwlGts5YHatp91//1X0rW+sGA9SRWlVlkYvnh4ByV0DDOjSKkOVOCirIcRBgQtM1BGkB1c4DrilZHabs82mSYO+tKM1epYhzbTvfFAdo2ICf1w1nteKkQsouvQ5KI0u2qeAUHZQogXQVtV18w0zyql73fMUvf1DMw61Yj1Abpw8NOdcqBoiyBfE2laA3TT0Bf4zYxZs4x/PsAT3+vqRsgGMxdDFmdxfWM X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR04MB4899.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(956004)(8936002)(6916009)(1076003)(8676002)(36756003)(316002)(508600001)(83380400001)(2906002)(6486002)(5660300002)(6666004)(66556008)(966005)(6496006)(2616005)(38100700002)(66476007)(186003)(26005)(66946007)(86362001)(145543001)(213903007); DIR:OUT; SFP:1101 X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?PHZZ4uO8EqTdtCQixOhh/rMgk+UgZUx+P9PWCiLWbFClw6PmTn+/97YWt6+1?= =?us-ascii?Q?j0hqLHy12xSrAt642KQb9MATRDBevSBsKZ+FkV24v5v1eS/bFdeG3/3xurYR?= =?us-ascii?Q?a59L6nMmwpDo1vOz9gKMVhNo3dbiCbneG3s1+LGsh5Sdds+EuiHwSNSPlWsU?= =?us-ascii?Q?GlfyqbwRIOe0BqDlczWg+AQlMUxjulhgW1QZwokGZ4nvvNlrch6abcYsGY5K?= =?us-ascii?Q?4fEEMX9JJW6ub7KLgw80hAeX0p1FajibfK+cjxCnhWW/TwpcTiFytNMzzWcf?= =?us-ascii?Q?VoOzC/pEuMV/I1dXUkZnMPryRodhjqTu/ojT0WHSRXmk4IcHEIm3LWZoU9z/?= =?us-ascii?Q?XDsVJIzYf82UN9gWrIYNF3LIBOpc1KGjFvCu5MTGWIXk7JrrIiK4/sH7QAnc?= =?us-ascii?Q?JcuXXBpeCECCQtUIeUOUVomH6G6Uzjpi8xX5QLbB4YlzdlZjsuUDYyJgqhXm?= =?us-ascii?Q?/9NaSTR1pMDpOJoiD3b2bmeCH387ayAprGDb2QaZ0bWgV/RHpUqtxSIm8Ldw?= =?us-ascii?Q?st7CF3Jo9buwNKnDwBdG4eC7YeMtnQgdr+N6f4FkqbqQ7+oO42VjYVKhYKdy?= =?us-ascii?Q?9pDcBH2g49Al4vpTPIWeAxKKrS1udTeAEnhBQgqttnCB/k/aBMh+HHNH2WkJ?= =?us-ascii?Q?/F+DImX+8b/XDJjsUa8jlSbQnSyvrVAmu6ra/Ll/NkVKL4FS3Y7LFh1HRImX?= =?us-ascii?Q?lpF/8iLxIHCrQGHtazJZBmk6noS70tJEGkgic3tOTd/zLcyaWxrCKAHsFxCB?= =?us-ascii?Q?orHS16X6+kV/E7SLgjw1xaZmLaVsDsjJiz90yeFmD2JoUU6c/PnPlv3sQgKS?= =?us-ascii?Q?RtFU0vtEoOkYkscCMy/oghPvccBmogZoIRZdub4aAObax6Bs8M9ZRhPlEibw?= =?us-ascii?Q?/P3Emrbe2k6uAtw0fk4mumWNYnYaj7I0TTG2IfX4D06rdD0pn9dfvaiZK4FD?= =?us-ascii?Q?RqZq8+HRna2I4/L9/IVsrXpGLglWMEtmDQf4R0SOtU8l23QthIT4HcGQyIDK?= =?us-ascii?Q?TnvSvnKgmOQiZ2NcPwFmaLHMoIt3QYLdvipTiqs1crzSUfUCjEOw25KO6uUc?= =?us-ascii?Q?Ceq7/ess8YjOmIYRzuD3aLvMOBYt29zFkRC1JT/Okws07YZzBLhETyHW2Vxn?= =?us-ascii?Q?V/+fkNoiBXUzDD8to0rP1f9ALUjJFtzRJT0fKVN4r0otBFcHAjasPtxeuMc5?= =?us-ascii?Q?lztubO1HvCNweBrNn6oBUYWOoI3+ObSu1EINTh8/2i4exaSWGEDr/F9MHUt9?= =?us-ascii?Q?hjOcoIpmCT3Vo+6jhtj27oot+FKL0wr/RyNJK7Eou4UIRSCSZ5GPWKJaTMjg?= =?us-ascii?Q?eTDDh5Ugk9JCvx/z9vghoebRCShQE9yNQCi8yFU+fYHIdQX5VFogmt6VIKEd?= =?us-ascii?Q?BAsLSFCnyymbx1DHUTtcLEqEaFKswVVUnRGnSrgXIYVjQZpvTZ5e+26qKpJo?= =?us-ascii?Q?U5y6vuQal6eNmtUQtfiLH8wcgm1IQCz9HVwO034Cf4bF7Jb/Ci/z3Zlu5G58?= =?us-ascii?Q?Ao2lbSSjJ3ikcsE4refzkXb8bl+dc9ZoVlOHZ/TOJpmJBiS/n2q10uCJiFtD?= =?us-ascii?Q?TyycNP8EXGr9kCiC8Y+ukVv8NNnLP1iNJGCPw3TKnpHV2VjXD/psTyJBdBIH?= =?us-ascii?Q?KSqJX2QXmd80V8JuRMAt9A8=3D?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 11f631f8-2ea6-4230-1514-08d9b45c6a69 X-MS-Exchange-CrossTenant-AuthSource: AM0PR04MB4899.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Nov 2021 23:52:06.7386 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EbeenZRI7uUfy95k9hsjrepoPckZQ1/Obba/BJbLU38nstKPU76MlVE4F8nIMMKEqgp0LWk/vcuzyr0q0j+YZA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6275 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 1AUNqGre013362 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1638316348488100003 Content-Type: text/plain; charset="utf-8" This API allows setting a launch secret within a guests's memory. The launch secret is created by the guest owner after retrieving and verifying the launch measurement with virDomainGetLaunchSecurityInfo. The API uses virTypedParameter for input, allowing it to be expanded to support other confidential computing technologies. In the case of SEV, a basic guest launch workflow is described in the SEV API spec in section "1.3.1 Launch" https://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf Signed-off-by: Jim Fehlig --- include/libvirt/libvirt-domain.h | 35 +++++++++++++++++++++ src/driver-hypervisor.h | 7 +++++ src/libvirt-domain.c | 52 ++++++++++++++++++++++++++++++++ src/libvirt_public.syms | 5 +++ 4 files changed, 99 insertions(+) diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-dom= ain.h index 2f017c5b68..7af634cfb2 100644 --- a/include/libvirt/libvirt-domain.h +++ b/include/libvirt/libvirt-domain.h @@ -5086,11 +5086,46 @@ int virDomainSetLifecycleAction(virDomainPtr domain, */ # define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement" =20 +/** + * VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_HEADER: + * + * A macro used to represent the SEV launch secret header. The secret head= er + * is a base64-encoded VIR_TYPED_PARAM_STRING containing artifacts needed = by + * the SEV firmware to recover the plain text of the launch secret. See + * section "6.6 LAUNCH_SECRET" in the SEV API specification for a detailed + * description of the secret header. + */ +# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_HEADER "sev-secret-header" + +/** + * VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET: + * + * A macro used to represent the SEV launch secret. The secret is a + * base64-encoded VIR_TYPED_PARAM_STRING containing an encrypted launch + * secret. The secret is created by the domain owner after the SEV launch + * measurement is retrieved and verified. + */ +# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET "sev-secret" + +/** + * VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_SET_ADDRESS: + * + * A macro used to represent the physical address within the guest's memory + * where the secret will be set, as VIR_TYPED_PARAM_LLONG. If not specifie= d, + * the address will be determined by the hypervisor. + */ +# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_SET_ADDRESS "sev-secret-set= -address" + int virDomainGetLaunchSecurityInfo(virDomainPtr domain, virTypedParameterPtr *params, int *nparams, unsigned int flags); =20 +int virDomainSetLaunchSecurityState(virDomainPtr domain, + virTypedParameterPtr params, + int nparams, + unsigned int flags); + typedef enum { VIR_DOMAIN_GUEST_INFO_USERS =3D (1 << 0), /* return active users */ VIR_DOMAIN_GUEST_INFO_OS =3D (1 << 1), /* return OS information */ diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h index d642af8a37..c83fb648a2 100644 --- a/src/driver-hypervisor.h +++ b/src/driver-hypervisor.h @@ -1333,6 +1333,12 @@ typedef int int *nparams, unsigned int flags); =20 +typedef int +(*virDrvDomainSetLaunchSecurityState)(virDomainPtr domain, + virTypedParameterPtr params, + int nparams, + unsigned int flags); + typedef virDomainCheckpointPtr (*virDrvDomainCheckpointCreateXML)(virDomainPtr domain, const char *xmlDesc, @@ -1661,6 +1667,7 @@ struct _virHypervisorDriver { virDrvConnectBaselineHypervisorCPU connectBaselineHypervisorCPU; virDrvNodeGetSEVInfo nodeGetSEVInfo; virDrvDomainGetLaunchSecurityInfo domainGetLaunchSecurityInfo; + virDrvDomainSetLaunchSecurityState domainSetLaunchSecurityState; virDrvDomainCheckpointCreateXML domainCheckpointCreateXML; virDrvDomainCheckpointGetXMLDesc domainCheckpointGetXMLDesc; virDrvDomainListAllCheckpoints domainListAllCheckpoints; diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index ce7cafde36..e62f0efa1a 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -12818,6 +12818,58 @@ int virDomainGetLaunchSecurityInfo(virDomainPtr do= main, } =20 =20 +/** + * virDomainSetLaunchSecurityState: + * @domain: a domain object + * @params: pointer to launch security parameter objects + * @nparams: number of launch security parameters + * @flags: currently used, set to 0. + * + * Set a launch security secret in the guests's memory. The secret is crea= ted + * by the guest owner after retrieving and verifying the launch measurement + * with virDomainGetLaunchSecurityInfo. + * + * See VIR_DOMAIN_LAUNCH_SECURITY_* for a detailed description of accepted + * launch security parameters. + * + * Returns -1 in case of failure, 0 in case of success. + */ +int virDomainSetLaunchSecurityState(virDomainPtr domain, + virTypedParameterPtr params, + int nparams, + unsigned int flags) +{ + virConnectPtr conn =3D domain->conn; + + VIR_DOMAIN_DEBUG(domain, "params=3D%p, nparams=3D%d flags=3D0x%x", + params, nparams, flags); + VIR_TYPED_PARAMS_DEBUG(params, nparams); + + virResetLastError(); + + virCheckDomainReturn(domain, -1); + virCheckNonNullArgGoto(params, error); + virCheckPositiveArgGoto(nparams, error); + + if (virTypedParameterValidateSet(conn, params, nparams) < 0) + goto error; + + if (conn->driver->domainSetLaunchSecurityState) { + int ret; + ret =3D conn->driver->domainSetLaunchSecurityState(domain, params, + nparams, flags); + if (ret < 0) + goto error; + return ret; + } + virReportUnsupportedError(); + + error: + virDispatchError(domain->conn); + return -1; +} + + /** * virDomainAgentSetResponseTimeout: * @domain: a domain object diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index 788a967df7..f93692c427 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -911,4 +911,9 @@ LIBVIRT_7.8.0 { virNetworkCreateXMLFlags; } LIBVIRT_7.7.0; =20 +LIBVIRT_8.0.0 { + global: + virDomainSetLaunchSecurityState; +} LIBVIRT_7.8.0; + # .... define new API here using predicted next version number .... --=20 2.33.0