From nobody Sun Feb 8 17:21:26 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639136332; cv=none; d=zohomail.com; s=zohoarc; b=gyZgX9VeG//tsF8Gd1mA61j6HUzTSgjtks57JXPmCoQDuUstA5lgPsOB9AC5vgT5mtrxurKobJpKI9gBMn0Ou8CjTBOjbFkzi2TITrbs1ZYvjMc/H2MEsEQ/uwEgth/myEnsBVFeSgKHBgjEOA6P1uFY2aW66hQ4kifg9HaoiG8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639136332; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=/fP87B0taPQIXPzBfv8DFQmd8OOcqhhuSx2iuSJZjHk=; b=fpdObEh35FYLQwp5Q78C5eyptetfqDMRRyUtS3LDWWYZWX60r4VJZKEBIp9JEMmgOOE/PYvkYW1wMtf8Tx2gTpT4GcR+Jm3uR7zYCP29pu/pT5/ll3aPIhLdMIGiyFet1wWb+luNCS2B+nUDdljFb5YIstIIOJxwyqz/R2wvVFU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1639136332033171.25169960579683; Fri, 10 Dec 2021 03:38:52 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-490-9tMB-Ae6MgWD8V2Ff96Kiw-1; Fri, 10 Dec 2021 06:38:47 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0D4A5100C61A; Fri, 10 Dec 2021 11:38:43 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E414622E04; Fri, 10 Dec 2021 11:38:42 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B9A321806D2B; Fri, 10 Dec 2021 11:38:42 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1BABcekb020725 for ; Fri, 10 Dec 2021 06:38:40 -0500 Received: by smtp.corp.redhat.com (Postfix) id 98EE05F4E7; Fri, 10 Dec 2021 11:38:40 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.39.193.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id BEF685BE18; Fri, 10 Dec 2021 11:38:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1639136331; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=/fP87B0taPQIXPzBfv8DFQmd8OOcqhhuSx2iuSJZjHk=; b=L+4ssyUQXiQBZVfwe8gSELyrFIszaOZgY6y8ZAI7+47bbzupyQ18d7IFAqTT1F7D59z0/4 ELhtX6BgdX8tPrhwU30VQearOR+pLn55RnSaJmVkr/mG3TN0EbIv4GWT9XAbuFmegyLN/T NFIwbKqQHFjuCEoyEbG2qZgnigAKwAA= X-MC-Unique: 9tMB-Ae6MgWD8V2Ff96Kiw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH v2 10/12] conf: add support for setting SEV kernel hashes Date: Fri, 10 Dec 2021 11:37:33 +0000 Message-Id: <20211210113735.2857076-11-berrange@redhat.com> In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com> References: <20211210113735.2857076-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1639136333529100007 Normally the SEV measurement only covers the firmware loader contents. When doing a direct kernel boot, however, with new enough OVMF it is possible to ask for the measurement to cover the kernel, ramdisk and command line. It can't be done automatically as that would break existing guests using direct kernel boot with old firmware, so there is a new XML setting allowing this behaviour to be toggled. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Peter Krempa --- docs/formatdomain.rst | 7 ++++++- docs/schemas/domaincommon.rng | 5 +++++ src/conf/domain_conf.c | 8 ++++++++ src/conf/domain_conf.h | 1 + 4 files changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index eb8c973cf1..c6e1f2226a 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -8191,7 +8191,7 @@ spec `__ =20 ... - + 0x0001 47 1 @@ -8201,6 +8201,11 @@ spec `__ ... =20 +``kernelHashes`` + The optional ``kernelHashes`` attribute indicates whether the + hashes of the kernel, ramdisk and command line should be included + in the measurement done by the firmware. This is only valid if + using direct kernel boot. :since:`Since 8.0.0` ``cbitpos`` The required ``cbitpos`` element provides the C-bit (aka encryption bit) location in guest page table entry. The value of ``cbitpos`` is hypervi= sor diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index f01b7a6470..8fe6134935 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -499,6 +499,11 @@ sev + + + + + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 107d2a4f5d..86cd124c4a 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -14793,6 +14793,10 @@ virDomainSEVDefParseXML(virDomainSEVDef *def, unsigned long policy; int rc; =20 + if (virXMLPropTristateBool(ctxt->node, "kernelHashes", VIR_XML_PROP_NO= NE, + &def->kernel_hashes) < 0) + return -1; + if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) { virReportError(VIR_ERR_XML_ERROR, "%s", _("failed to get launch security policy")); @@ -27056,6 +27060,10 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSec= Def *sec) case VIR_DOMAIN_LAUNCH_SECURITY_SEV: { virDomainSEVDef *sev =3D &sec->data.sev; =20 + if (sev->kernel_hashes !=3D VIR_TRISTATE_BOOL_ABSENT) + virBufferAsprintf(&attrBuf, " kernelHashes=3D'%s'", + virTristateBoolTypeToString(sev->kernel_hash= es)); + if (sev->haveCbitpos) virBufferAsprintf(&childBuf, "%d\n", sev->c= bitpos); =20 diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index c0c07ea6ba..8e576c00f8 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2692,6 +2692,7 @@ struct _virDomainSEVDef { unsigned int cbitpos; bool haveReducedPhysBits; unsigned int reduced_phys_bits; + virTristateBool kernel_hashes; }; =20 struct _virDomainSecDef { --=20 2.33.1