From nobody Sun Feb 8 19:39:49 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639136364; cv=none; d=zohomail.com; s=zohoarc; b=T18NtuGVu/yr4PgCvwTWHilceeezONRv6Z9NZAjC5JRfgxf/oXauKOmhtNVCeZOUU1vgNkP0psIgoZ4mM6/e4ZoiShrS5bFUdrUHi4RBnZzY9DSaweXcTUU2vFC+tu1vv2NNNHISH5NYS2xT8MsMRQtAa7hHoZ/lRWynn7VtT0A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639136364; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ESCs0p1YthqP9Vqu/WNX1kZExYnL5gTaZN8OHBZJXjI=; b=aVLYAzZul8gx9xETd5iH7OMsuR43Sw52FtJ6U0YrRjfHjaF+Qqy3TmSDEzq+DONjs4hJpcPyBL8Q2Gk0gYq1sCKRozbVs71t6zxQRnGzHyq2Pz53huuOq7LILUJdg9Q+toyiWs3hoE7Ey9iRCb9mqRDlBnbrw+Mf4dDLpetdd2A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 16391363646801007.0949342220655; Fri, 10 Dec 2021 03:39:24 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-363-78bI0wmfP1mTrTmIQwMwaQ-1; Fri, 10 Dec 2021 06:39:21 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9D22D801B0C; Fri, 10 Dec 2021 11:39:15 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 827856A023; Fri, 10 Dec 2021 11:39:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 562991803390; Fri, 10 Dec 2021 11:39:15 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1BABcYOv020668 for ; Fri, 10 Dec 2021 06:38:34 -0500 Received: by smtp.corp.redhat.com (Postfix) id 432455F4E7; Fri, 10 Dec 2021 11:38:34 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.39.193.153]) by smtp.corp.redhat.com (Postfix) with ESMTP id 81AB75BE3F; Fri, 10 Dec 2021 11:38:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1639136363; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ESCs0p1YthqP9Vqu/WNX1kZExYnL5gTaZN8OHBZJXjI=; b=i50rQDI2E7ZsybfYLLWhjR2rr1+jRKGYly0uCNTMKo8ixYQJw+D2/2yi5wP3QI7cS9aSTw nvpIAQYdc9B8W+svvdmajCDNCY19WVgFLm+OJrGknkNcHJVs1ohuHop6qDdm5/+YaGsuXi 7seSJJTHIJy9yP9kqdVVtUDL7GcxVFI= X-MC-Unique: 78bI0wmfP1mTrTmIQwMwaQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH v2 05/12] tools: add 'domlaunchsecinfo' virsh command Date: Fri, 10 Dec 2021 11:37:28 +0000 Message-Id: <20211210113735.2857076-6-berrange@redhat.com> In-Reply-To: <20211210113735.2857076-1-berrange@redhat.com> References: <20211210113735.2857076-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1639136366058100001 This command reports the launch security parameters for a guest, allowing an external tool to perform a launch attestation. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Peter Krempa --- docs/manpages/virsh.rst | 17 +++++++++++++ tools/virsh-domain.c | 53 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index 275f416090..1a74217625 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -2057,6 +2057,23 @@ destination hosts have synchronized time (i.e., NTP = daemon is running on both of them). =20 =20 +domlaunchsecinfo +---------------- + +**Syntax:** + +:: + + domlaunchsecinfo domain + +Returns information about the launch security parameters associated +with a running domain. + +The set of parameters reported will vary depending on which type of +launch security protection is active. If none is active, no parameters +will be reported. + + dommemstat ---------- =20 diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 8379f9f135..1560a8ea0d 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -9525,6 +9525,53 @@ cmdNumatune(vshControl * ctl, const vshCmd * cmd) goto cleanup; } =20 +/* + * "domlaunchsecinfo" command + */ +static const vshCmdInfo info_domlaunchsecinfo[] =3D { + {.name =3D "help", + .data =3D N_("Get domain launch security info") + }, + {.name =3D "desc", + .data =3D N_("Get the launch security parameters for a guest domain") + }, + {.name =3D NULL} +}; + +static const vshCmdOptDef opts_domlaunchsecinfo[] =3D { + VIRSH_COMMON_OPT_DOMAIN_FULL(0), + {.name =3D NULL} +}; + +static bool +cmdDomLaunchSecInfo(vshControl * ctl, const vshCmd * cmd) +{ + g_autoptr(virshDomain) dom =3D NULL; + size_t i; + int nparams =3D 0; + virTypedParameterPtr params =3D NULL; + bool ret =3D false; + + if (!(dom =3D virshCommandOptDomain(ctl, cmd, NULL))) + return false; + + if (virDomainGetLaunchSecurityInfo(dom, ¶ms, &nparams, 0) !=3D 0) { + vshError(ctl, "%s", _("Unable to get launch security parameters")); + goto cleanup; + } + + for (i =3D 0; i < nparams; i++) { + g_autofree char *str =3D vshGetTypedParamValue(ctl, ¶ms[i]); + vshPrint(ctl, "%-15s: %s\n", params[i].field, str); + } + + ret =3D true; + + cleanup: + virTypedParamsFree(params, nparams); + return ret; +} + /* * "qemu-monitor-command" command */ @@ -14544,6 +14591,12 @@ const vshCmdDef domManagementCmds[] =3D { .info =3D info_domjobinfo, .flags =3D 0 }, + {.name =3D "domlaunchsecinfo", + .handler =3D cmdDomLaunchSecInfo, + .opts =3D opts_domlaunchsecinfo, + .info =3D info_domlaunchsecinfo, + .flags =3D 0 + }, {.name =3D "domname", .handler =3D cmdDomname, .opts =3D opts_domname, --=20 2.33.1