This command reports the launch security parameters for
a guest, allowing an external tool to perform a launch
attestation.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
docs/manpages/virsh.rst | 17 +++++++++++++
tools/virsh-domain.c | 53 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 70 insertions(+)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 275f416090..1a74217625 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -2057,6 +2057,23 @@ destination hosts have synchronized time (i.e., NTP daemon is running
on both of them).
+domlaunchsecinfo
+----------------
+
+**Syntax:**
+
+::
+
+ domlaunchsecinfo domain
+
+Returns information about the launch security parameters associated
+with a running domain.
+
+The set of parameters reported will vary depending on which type of
+launch security protection is active. If none is active, no parameters
+will be reported.
+
+
dommemstat
----------
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 8379f9f135..1560a8ea0d 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -9525,6 +9525,53 @@ cmdNumatune(vshControl * ctl, const vshCmd * cmd)
goto cleanup;
}
+/*
+ * "domlaunchsecinfo" command
+ */
+static const vshCmdInfo info_domlaunchsecinfo[] = {
+ {.name = "help",
+ .data = N_("Get domain launch security info")
+ },
+ {.name = "desc",
+ .data = N_("Get the launch security parameters for a guest domain")
+ },
+ {.name = NULL}
+};
+
+static const vshCmdOptDef opts_domlaunchsecinfo[] = {
+ VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+ {.name = NULL}
+};
+
+static bool
+cmdDomLaunchSecInfo(vshControl * ctl, const vshCmd * cmd)
+{
+ g_autoptr(virshDomain) dom = NULL;
+ size_t i;
+ int nparams = 0;
+ virTypedParameterPtr params = NULL;
+ bool ret = false;
+
+ if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
+ return false;
+
+ if (virDomainGetLaunchSecurityInfo(dom, ¶ms, &nparams, 0) != 0) {
+ vshError(ctl, "%s", _("Unable to get launch security parameters"));
+ goto cleanup;
+ }
+
+ for (i = 0; i < nparams; i++) {
+ g_autofree char *str = vshGetTypedParamValue(ctl, ¶ms[i]);
+ vshPrint(ctl, "%-15s: %s\n", params[i].field, str);
+ }
+
+ ret = true;
+
+ cleanup:
+ virTypedParamsFree(params, nparams);
+ return ret;
+}
+
/*
* "qemu-monitor-command" command
*/
@@ -14544,6 +14591,12 @@ const vshCmdDef domManagementCmds[] = {
.info = info_domjobinfo,
.flags = 0
},
+ {.name = "domlaunchsecinfo",
+ .handler = cmdDomLaunchSecInfo,
+ .opts = opts_domlaunchsecinfo,
+ .info = info_domlaunchsecinfo,
+ .flags = 0
+ },
{.name = "domname",
.handler = cmdDomname,
.opts = opts_domname,
--
2.33.1