From nobody Sun Feb 8 16:30:54 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639136302; cv=none; d=zohomail.com; s=zohoarc; b=c04aCVVcz22bkCsTeb7TXUVD3YYqEpZujGW3e3kV8iAOnR06l9GYJuzGadHUvxdAWOOi6M20Chk0o/V01UqDQ4fTw0iWXffuCkoGWz+mJjb/uWdJQoabrKTNi6T88hd06e00wfIlz5OP857rtgIFclAOKmeUmoX8/PmV2FPDtEM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639136302; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=AP7NgkGtfW7Zlnd3t/2UlUUTTnP7kv/2sVNZJxdnLS4=; b=eJodju3c0lVih26a7PBMDRKx3GeQpXy3riWPpvXy2CAIlN2d4/VebtW7wHy7qU7EdGBzurYg0AhFlTFBL33H2mTyb803sbPWJtLlFJmHal8wMAOCnj9CNrDNmaQAJQcbgmI9Yt7mdEg/M+Z8ey6oEN0jeDoRtyqyADzcjOlMoJs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1639136302506726.5578654743808; Fri, 10 Dec 2021 03:38:22 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-132-RuCcdX8IN_KhXf_6V0uFpg-1; Fri, 10 Dec 2021 06:38:18 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9DF6F81CCC2; Fri, 10 Dec 2021 11:38:13 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7DBB910023AE; Fri, 10 Dec 2021 11:38:13 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 51D774A7CB; Fri, 10 Dec 2021 11:38:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1BABcAGU020561 for ; Fri, 10 Dec 2021 06:38:10 -0500 Received: by smtp.corp.redhat.com (Postfix) id B1BF65BE22; Fri, 10 Dec 2021 11:38:10 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.39.193.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id D4E725BE1C; Fri, 10 Dec 2021 11:38:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1639136301; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=AP7NgkGtfW7Zlnd3t/2UlUUTTnP7kv/2sVNZJxdnLS4=; b=ECNQuy3cV69AMBvDbTAZ0v4DM/hkCG7gbPdJIa82qG0QQZ5Gjk+cePDQlfPac2SR/A775w IxVXRIovGuf7tX48v5m8kj8PM8KJyYQXy+45X9IwbM6ZhyFJ18bFX7tY9y22N6Kngdh/UX qh6HcXDK8SAHb4eYgJUYUqoc6Sj03+k= X-MC-Unique: RuCcdX8IN_KhXf_6V0uFpg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH v2 03/12] qemu: add monitor APIs for query-sev Date: Fri, 10 Dec 2021 11:37:26 +0000 Message-Id: <20211210113735.2857076-4-berrange@redhat.com> In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com> References: <20211210113735.2857076-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1639136304576100001 We're only returning the set of fields needed to perform an attestation, per the SEV API docs. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/qemu/qemu_monitor.c | 13 ++++++++++ src/qemu/qemu_monitor.h | 9 +++++++ src/qemu/qemu_monitor_json.c | 46 ++++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 9 +++++++ tests/qemumonitorjsontest.c | 43 +++++++++++++++++++++++++++++++++ 5 files changed, 120 insertions(+) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 75e0e4ed92..dda6ae9796 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -4366,6 +4366,19 @@ qemuMonitorGetSEVMeasurement(qemuMonitor *mon) } =20 =20 +int +qemuMonitorGetSEVInfo(qemuMonitor *mon, + unsigned int *apiMajor, + unsigned int *apiMinor, + unsigned int *buildID, + unsigned int *policy) +{ + QEMU_CHECK_MONITOR(mon); + + return qemuMonitorJSONGetSEVInfo(mon, apiMajor, apiMinor, buildID, pol= icy); +} + + int qemuMonitorGetPRManagerInfo(qemuMonitor *mon, GHashTable **retinfo) diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index edc2b01a66..29746f0b8e 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -1445,6 +1445,15 @@ int qemuMonitorBlockdevMediumInsert(qemuMonitor *mon, char * qemuMonitorGetSEVMeasurement(qemuMonitor *mon); =20 +int +qemuMonitorGetSEVInfo(qemuMonitor *mon, + unsigned int *apiMajor, + unsigned int *apiMinor, + unsigned int *buildID, + unsigned int *policy) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) + ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5); + typedef struct _qemuMonitorPRManagerInfo qemuMonitorPRManagerInfo; struct _qemuMonitorPRManagerInfo { bool connected; diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index e00d785c20..a3d6eca569 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -8216,6 +8216,52 @@ qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon) } =20 =20 +/** + * Retrive info about the SEV setup, returning those fields that + * are required to do a launch attestation, as per + * + * HMAC(0x04 || API_MAJOR || API_MINOR || BUILD || GCTX.POLICY || GCTX.LD = || MNONCE; GCTX.TIK) + * + * specified in section 6.5.1 of AMD Secure Encrypted + * Virtualization API. + * + * { "execute": "query-sev" } + * { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, + * "build-id" : 0, "policy" : 0, "state" : "running", + * "handle" : 1 } } + */ +int +qemuMonitorJSONGetSEVInfo(qemuMonitor *mon, + unsigned int *apiMajor, + unsigned int *apiMinor, + unsigned int *buildID, + unsigned int *policy) +{ + g_autoptr(virJSONValue) cmd =3D NULL; + g_autoptr(virJSONValue) reply =3D NULL; + virJSONValue *data; + + if (!(cmd =3D qemuMonitorJSONMakeCommand("query-sev", NULL))) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + return -1; + + if (qemuMonitorJSONCheckReply(cmd, reply, VIR_JSON_TYPE_OBJECT) < 0) + return -1; + + data =3D virJSONValueObjectGetObject(reply, "return"); + + if (virJSONValueObjectGetNumberUint(data, "api-major", apiMajor) < 0 || + virJSONValueObjectGetNumberUint(data, "api-minor", apiMinor) < 0 || + virJSONValueObjectGetNumberUint(data, "build-id", buildID) < 0 || + virJSONValueObjectGetNumberUint(data, "policy", policy) < 0) + return -1; + + return 0; +} + + /* * Example return data * diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index 64064b0519..e88dfc9d50 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -459,6 +459,15 @@ qemuMonitorJSONSystemWakeup(qemuMonitor *mon); char * qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon); =20 +int +qemuMonitorJSONGetSEVInfo(qemuMonitor *mon, + unsigned int *apiMajor, + unsigned int *apiMinor, + unsigned int *buildID, + unsigned int *policy) + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) + ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5); + int qemuMonitorJSONGetVersion(qemuMonitor *mon, int *major, diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c index 1ad2912b08..1b0bd0870d 100644 --- a/tests/qemumonitorjsontest.c +++ b/tests/qemumonitorjsontest.c @@ -2884,6 +2884,48 @@ testQemuMonitorJSONqemuMonitorJSONGetCPUModelBaselin= e(const void *opaque) } =20 =20 +static int +testQemuMonitorJSONGetSEVInfo(const void *opaque) +{ + const testGenericData *data =3D opaque; + virDomainXMLOption *xmlopt =3D data->xmlopt; + g_autoptr(qemuMonitorTest) test =3D NULL; + unsigned int apiMajor =3D 0; + unsigned int apiMinor =3D 0; + unsigned int buildID =3D 0; + unsigned int policy =3D 0; + + if (!(test =3D qemuMonitorTestNewSchema(xmlopt, data->schema))) + return -1; + + if (qemuMonitorTestAddItem(test, "query-sev", + "{" + " \"return\": {" + " \"enabled\": false," + " \"api-minor\": 8," + " \"handle\": 0," + " \"state\": \"uninit\"," + " \"api-major\": 1," + " \"build-id\": 834," + " \"policy\": 3" + " }," + " \"id\": \"libvirt-15\"" + "}") < 0) + return -1; + + if (qemuMonitorGetSEVInfo(qemuMonitorTestGetMonitor(test), + &apiMajor, &apiMinor, &buildID, &policy) < 0) + return -1; + + if (apiMajor !=3D 1 || apiMinor !=3D 8 || buildID !=3D 834 || policy != =3D 3) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + "Unexpected SEV info values"); + return -1; + } + + return 0; +} + static int mymain(void) { @@ -2979,6 +3021,7 @@ mymain(void) DO_TEST(CPU); DO_TEST(GetNonExistingCPUData); DO_TEST(GetIOThreads); + DO_TEST(GetSEVInfo); DO_TEST(Transaction); DO_TEST(BlockExportAdd); DO_TEST(BlockdevReopen); --=20 2.33.1