From nobody Mon May  6 22:41:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639154860; cv=none;
	d=zohomail.com; s=zohoarc;
	b=IsldvBWhoO8OgBBZFRKqFWJPBbt+zVVCZhY6lJrB2Ov8cng/W6H0N3CMLuQcMZBP9G0CcQt6I55Vc2kH4HH3LY1jqDAJP33oRMhtIn3CGg0AqJvOe5PSFeGWmlIsqF2KPqQA+sjUrUz2VINgHZIncJJU6PWHvyhdYljwM1rOji8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639154860;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=ASAqW17ciIT1TjmDcn/fbjYj0AAFsyPtAAp0LsWVtDI=;
	b=lGiRm1vEpxxvwPcBIaY3e6sPg/W6JGOpRFsMlJTSFDE0ZH2b5eM2hg0nC2HTgJMpM5XpCS3K+Rr2zU8NBjJf60aqvN8Y99FzSTFGcN4T0m6AWFJ9Qfyn1YJMqAzY/PFECwpHl487/shX4mUNTIz0FdL5n1836ZCGRe9a8Y48Iro=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1639154860541934.6087492517627;
 Fri, 10 Dec 2021 08:47:40 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-452-OLz87mDEOjKHt09Gi0lhEw-1; Fri, 10 Dec 2021 11:47:36 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0B1D22F24;
	Fri, 10 Dec 2021 16:47:31 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id DB9D95BE19;
	Fri, 10 Dec 2021 16:47:30 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id DB3F41809C88;
	Fri, 10 Dec 2021 16:47:29 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BAGlQQq019653 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 11:47:26 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 9121910074FD; Fri, 10 Dec 2021 16:47:26 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id B7AD71000180;
	Fri, 10 Dec 2021 16:47:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639154859;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=ASAqW17ciIT1TjmDcn/fbjYj0AAFsyPtAAp0LsWVtDI=;
	b=aTA6qzjj1+7VFcZ4mxtnKmiM7nPrr8XsRQjXKWb9MErS3gnJqMHkHAA4nrOQN8VwQyCWe5
	WoBAhCJuULBG9GqZ5Bg8JLT0jE/R7brsuEuza57t6msTG+ix/QyirV7ApxsgDxYH38SqNU
	HaZJiDDtF9qgY5r2/t/1KGZcYwU/ehE=
X-MC-Unique: OLz87mDEOjKHt09Gi0lhEw-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v3 01/13] include: add new launch security parameters
Date: Fri, 10 Dec 2021 16:47:01 +0000
Message-Id: <20211210164713.3024012-2-berrange@redhat.com>
In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com>
References: <20211210164713.3024012-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639155764292100001

Three more parameters are required in order that clients can
perform a launch attestation on the SEV guest.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 include/libvirt/libvirt-domain.h | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-dom=
ain.h
index d0dd11ab01..5d3e15766e 100644
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
@@ -5101,6 +5101,38 @@ int virDomainSetLifecycleAction(virDomainPtr domain,
  */
 # define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement"
=20
+/**
+ * VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MAJOR:
+ *
+ * Macro represents the API major version of the SEV host,
+ * as VIR_TYPED_PARAM_UINT.
+ */
+# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MAJOR "sev-api-major"
+
+/**
+ * VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MINOR:
+ *
+ * Macro represents the API minor version of the SEV guest,
+ * as VIR_TYPED_PARAM_UINT.
+ */
+# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MINOR "sev-api-minor"
+
+/**
+ * VIR_DOMAIN_LAUNCH_SECURITY_SEV_BUILD_ID:
+ *
+ * Macro represents the build ID of the SEV host,
+ * as VIR_TYPED_PARAM_UINT.
+ */
+# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_BUILD_ID "sev-build-id"
+
+/**
+ * VIR_DOMAIN_LAUNCH_SECURITY_SEV_POLICY:
+ *
+ * Macro represents the policy of the SEV guest,
+ * as VIR_TYPED_PARAM_UINT.
+ */
+# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_POLICY "sev-policy"
+
 int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
                                    virTypedParameterPtr *params,
                                    int *nparams,
--=20
2.33.1

From nobody Mon May  6 22:41:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639154861; cv=none;
	d=zohomail.com; s=zohoarc;
	b=gUlNNRyV9cLeO8rEWeF//y3s+ujps+g5JsNt2+teIID3Z6bVF3Q9haxMaFxPv3NUdzgXJRlbDr7SyaWudKO8lgv1gWE4tr4jBxc2hbnPovSMWoT8hV2tfCk7cFVwSZ/W0JujBnkXaEVy7xnw/B1R5DJ8GbXIS0ZIKhSOUtAwU94=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639154861;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=kXP6VYj/31I4VlQ9FRQFr4DKJHBzRzoVrh6xH2R7rzU=;
	b=Ivl0NjQPUprp82Td8ecOpptdNrE6eFHYF8MWAV8J6M0qhFeWWqvmOeOAdZ1UdVhb2VE0IrMIpU97OQw5BLxhORKhQ13XIiW9W9f+jcJ9tgi4iu2UYZMbmVYUBm2K7txZBRKot9fSBFxYgr0qgrgSWAaqZGTaf9ye29Q794sZ7eM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1639154861579907.6300690058484;
 Fri, 10 Dec 2021 08:47:41 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-370-BjSPKKXPOUSCCMJO6hy0cg-1; Fri, 10 Dec 2021 11:47:36 -0500
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D5E151023F4F;
	Fri, 10 Dec 2021 16:47:31 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9964A17DBA;
	Fri, 10 Dec 2021 16:47:31 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id E9B9C1809CBA;
	Fri, 10 Dec 2021 16:47:29 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BAGlRdk019661 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 11:47:27 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id B9BC210016FE; Fri, 10 Dec 2021 16:47:27 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id E22BF1000180;
	Fri, 10 Dec 2021 16:47:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639154860;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=kXP6VYj/31I4VlQ9FRQFr4DKJHBzRzoVrh6xH2R7rzU=;
	b=PpR+KAWtOSdEItPVe3G16T7C1+gV0lv2Md85B+lCGOfulMOkTpKIu8xHTFJ3RjFTJR734k
	oO5iycWnXoW+FOoBR3gZoXLFaRI+TBQ0xoZGqr8BuVwRjarQJOTkFdQvK0LYOelrUVy2kO
	hJMImRFcnKjYGDr7nRs+PNeR9ZRiGHM=
X-MC-Unique: BjSPKKXPOUSCCMJO6hy0cg-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v3 02/13] qemu: report error querying launch params
	for inactive guest
Date: Fri, 10 Dec 2021 16:47:02 +0000
Message-Id: <20211210164713.3024012-3-berrange@redhat.com>
In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com>
References: <20211210164713.3024012-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639154862181100004

Querying launch params on a inactive guest currently triggers
a warning about the monitor being NULL.

https://bugzilla.redhat.com/show_bug.cgi?id=3D2030437

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/qemu/qemu_driver.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index e444ad2d45..f28d703512 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -19976,6 +19976,12 @@ qemuDomainGetSEVMeasurement(virQEMUDriver *driver,
     if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
         return -1;
=20
+    if (!virDomainObjIsActive(vm)) {
+        virReportError(VIR_ERR_OPERATION_INVALID,
+                       "%s", _("domain is not running"));
+        goto endjob;
+    }
+
     qemuDomainObjEnterMonitor(driver, vm);
     tmp =3D qemuMonitorGetSEVMeasurement(QEMU_DOMAIN_PRIVATE(vm)->mon);
=20
--=20
2.33.1

From nobody Mon May  6 22:41:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639154912; cv=none;
	d=zohomail.com; s=zohoarc;
	b=NrVkSkYzwac67f/bvV3XjX3Asu23O0V5GFqSf+Ar5OgcBw6OZbX1tTYsnzKj+JfkEpXviLV/dp2p4prG4SFYuTlytvvy4CHI8dBwQ0y0YHMscH03FjjSGM/XJihYpQOcSbMLFMoITAi93gElVPtaeEMMJoMcQs6DH6aPS1I5Lwc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639154912;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=QGKtbcjWvmMZ8GtxQ/17nbHOF1d6IKEmRS53myu36MU=;
	b=LUdvhQv2n6/TPe9PgkIWO+9UGZbe6MYiyx+eqcO/W4WujS8C2mYncbfc9oGkttV01Irczc738HeiV1dy6O97S4m9lnWKQdbjKBBwcO2i3K722vkVV5gPK1ck+mpJawCTm6H06qanyiIwpyY4OetUIlrq/0HI+mbgfIP01Mr7ix8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1639154912225965.2493717845473;
 Fri, 10 Dec 2021 08:48:32 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-357-YRDFY77_OF-WexuA6C6X_w-1; Fri, 10 Dec 2021 11:47:45 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 221CF185302D;
	Fri, 10 Dec 2021 16:47:39 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 01ED422E02;
	Fri, 10 Dec 2021 16:47:39 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id C8069180B654;
	Fri, 10 Dec 2021 16:47:38 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BAGlSJV019668 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 11:47:28 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id EBCBD10016FE; Fri, 10 Dec 2021 16:47:28 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 1C6D11002EFB;
	Fri, 10 Dec 2021 16:47:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639154911;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=QGKtbcjWvmMZ8GtxQ/17nbHOF1d6IKEmRS53myu36MU=;
	b=cCTj8sqBdvQYdi6KAWWLQt0bWV9CL0F3rPA3+pokLC341CHtrH3o54OYP/oOlcf+CqC7Nn
	VGG1h5FZCK9RnpV4CvkMuqM5o92BcHMkkx4WH3NOTADIHVnhY9v851oTAbctS7JdRH78oH
	bLxqw5Uq4Ki6a37bLnYswH2ir0uZa+Q=
X-MC-Unique: YRDFY77_OF-WexuA6C6X_w-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v3 03/13] qemu: add monitor APIs for query-sev
Date: Fri, 10 Dec 2021 16:47:03 +0000
Message-Id: <20211210164713.3024012-4-berrange@redhat.com>
In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com>
References: <20211210164713.3024012-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639154913538100001

We're only returning the set of fields needed to perform an
attestation, per the SEV API docs.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/qemu/qemu_monitor.c      | 13 ++++++++++
 src/qemu/qemu_monitor.h      |  9 +++++++
 src/qemu/qemu_monitor_json.c | 46 ++++++++++++++++++++++++++++++++++++
 src/qemu/qemu_monitor_json.h |  9 +++++++
 tests/qemumonitorjsontest.c  | 43 +++++++++++++++++++++++++++++++++
 5 files changed, 120 insertions(+)

diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 75e0e4ed92..dda6ae9796 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -4366,6 +4366,19 @@ qemuMonitorGetSEVMeasurement(qemuMonitor *mon)
 }
=20
=20
+int
+qemuMonitorGetSEVInfo(qemuMonitor *mon,
+                      unsigned int *apiMajor,
+                      unsigned int *apiMinor,
+                      unsigned int *buildID,
+                      unsigned int *policy)
+{
+    QEMU_CHECK_MONITOR(mon);
+
+    return qemuMonitorJSONGetSEVInfo(mon, apiMajor, apiMinor, buildID, pol=
icy);
+}
+
+
 int
 qemuMonitorGetPRManagerInfo(qemuMonitor *mon,
                             GHashTable **retinfo)
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index edc2b01a66..29746f0b8e 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -1445,6 +1445,15 @@ int qemuMonitorBlockdevMediumInsert(qemuMonitor *mon,
 char *
 qemuMonitorGetSEVMeasurement(qemuMonitor *mon);
=20
+int
+qemuMonitorGetSEVInfo(qemuMonitor *mon,
+                      unsigned int *apiMajor,
+                      unsigned int *apiMinor,
+                      unsigned int *buildID,
+                      unsigned int *policy)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+    ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
+
 typedef struct _qemuMonitorPRManagerInfo qemuMonitorPRManagerInfo;
 struct _qemuMonitorPRManagerInfo {
     bool connected;
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index e00d785c20..a3d6eca569 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -8216,6 +8216,52 @@ qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon)
 }
=20
=20
+/**
+ * Retrive info about the SEV setup, returning those fields that
+ * are required to do a launch attestation, as per
+ *
+ * HMAC(0x04 || API_MAJOR || API_MINOR || BUILD || GCTX.POLICY || GCTX.LD =
|| MNONCE; GCTX.TIK)
+ *
+ * specified in section 6.5.1 of AMD Secure Encrypted
+ * Virtualization API.
+ *
+ *  { "execute": "query-sev" }
+ *  { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0,
+ *                "build-id" : 0, "policy" : 0, "state" : "running",
+ *                "handle" : 1 } }
+ */
+int
+qemuMonitorJSONGetSEVInfo(qemuMonitor *mon,
+                          unsigned int *apiMajor,
+                          unsigned int *apiMinor,
+                          unsigned int *buildID,
+                          unsigned int *policy)
+{
+    g_autoptr(virJSONValue) cmd =3D NULL;
+    g_autoptr(virJSONValue) reply =3D NULL;
+    virJSONValue *data;
+
+    if (!(cmd =3D qemuMonitorJSONMakeCommand("query-sev", NULL)))
+        return -1;
+
+    if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+        return -1;
+
+    if (qemuMonitorJSONCheckReply(cmd, reply, VIR_JSON_TYPE_OBJECT) < 0)
+        return -1;
+
+    data =3D virJSONValueObjectGetObject(reply, "return");
+
+    if (virJSONValueObjectGetNumberUint(data, "api-major", apiMajor) < 0 ||
+        virJSONValueObjectGetNumberUint(data, "api-minor", apiMinor) < 0 ||
+        virJSONValueObjectGetNumberUint(data, "build-id", buildID) < 0 ||
+        virJSONValueObjectGetNumberUint(data, "policy", policy) < 0)
+        return -1;
+
+    return 0;
+}
+
+
 /*
  * Example return data
  *
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 64064b0519..e88dfc9d50 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -459,6 +459,15 @@ qemuMonitorJSONSystemWakeup(qemuMonitor *mon);
 char *
 qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon);
=20
+int
+qemuMonitorJSONGetSEVInfo(qemuMonitor *mon,
+                          unsigned int *apiMajor,
+                          unsigned int *apiMinor,
+                          unsigned int *buildID,
+                          unsigned int *policy)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+    ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
+
 int
 qemuMonitorJSONGetVersion(qemuMonitor *mon,
                           int *major,
diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c
index 1ad2912b08..1b0bd0870d 100644
--- a/tests/qemumonitorjsontest.c
+++ b/tests/qemumonitorjsontest.c
@@ -2884,6 +2884,48 @@ testQemuMonitorJSONqemuMonitorJSONGetCPUModelBaselin=
e(const void *opaque)
 }
=20
=20
+static int
+testQemuMonitorJSONGetSEVInfo(const void *opaque)
+{
+    const testGenericData *data =3D opaque;
+    virDomainXMLOption *xmlopt =3D data->xmlopt;
+    g_autoptr(qemuMonitorTest) test =3D NULL;
+    unsigned int apiMajor =3D 0;
+    unsigned int apiMinor =3D 0;
+    unsigned int buildID =3D 0;
+    unsigned int policy =3D 0;
+
+    if (!(test =3D qemuMonitorTestNewSchema(xmlopt, data->schema)))
+        return -1;
+
+    if (qemuMonitorTestAddItem(test, "query-sev",
+                               "{"
+                               "    \"return\": {"
+                               "        \"enabled\": false,"
+                               "        \"api-minor\": 8,"
+                               "        \"handle\": 0,"
+                               "        \"state\": \"uninit\","
+                               "        \"api-major\": 1,"
+                               "        \"build-id\": 834,"
+                               "        \"policy\": 3"
+                               "    },"
+                               "    \"id\": \"libvirt-15\""
+                               "}") < 0)
+        return -1;
+
+    if (qemuMonitorGetSEVInfo(qemuMonitorTestGetMonitor(test),
+                              &apiMajor, &apiMinor, &buildID, &policy) < 0)
+        return -1;
+
+    if (apiMajor !=3D 1 || apiMinor !=3D 8 || buildID !=3D 834 || policy !=
=3D 3) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       "Unexpected SEV info values");
+        return -1;
+    }
+
+    return 0;
+}
+
 static int
 mymain(void)
 {
@@ -2979,6 +3021,7 @@ mymain(void)
     DO_TEST(CPU);
     DO_TEST(GetNonExistingCPUData);
     DO_TEST(GetIOThreads);
+    DO_TEST(GetSEVInfo);
     DO_TEST(Transaction);
     DO_TEST(BlockExportAdd);
     DO_TEST(BlockdevReopen);
--=20
2.33.1

From nobody Mon May  6 22:41:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639154874; cv=none;
	d=zohomail.com; s=zohoarc;
	b=J/NklxrP0WkJP27DLn/ISPVvCrV/V/Z2/jc4CFofg6wSQwlocbCcXZQ/lhQjcsjfd05tziP3pamKuv7vXK4BwllkUobl9Du/86Y45hzMq+xQU3VuDNCL8YhfD3FXOGbdmIYT9WdQL3WKGepjo8SaocUsLvLCHt8eQ9+n6+aBjxQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639154874;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=gN8WmwLoxljoNpwijXJA1JRCc5cfsEINlpwr8GZMqc8=;
	b=fRNoEJCAjhTk7eAEielUhDsGnJvGv4zJk333SC128KjzuLNr7XVbMoVr/A8SwdCn2K+g2w/2oMZV81dIWmlsYfGNA/GSP1xf7iDZ7i1Nm+shH5fEjNhI7Z1D0gi4fwlnwdvTGc5VAOsAF5jkwwE/6BN9VR9A1SlHN+7bzNvhsJA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1639154874132750.5675363771951;
 Fri, 10 Dec 2021 08:47:54 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-167-dhCjXJGrPISNzOIJZbCqdA-1; Fri, 10 Dec 2021 11:47:50 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C5B7F1475C;
	Fri, 10 Dec 2021 16:47:42 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A6E2260C04;
	Fri, 10 Dec 2021 16:47:42 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7B7604A7CB;
	Fri, 10 Dec 2021 16:47:42 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BAGlU10019675 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 11:47:30 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 232451000180; Fri, 10 Dec 2021 16:47:30 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 498D81002EFB;
	Fri, 10 Dec 2021 16:47:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639154872;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=gN8WmwLoxljoNpwijXJA1JRCc5cfsEINlpwr8GZMqc8=;
	b=VyJzWiiAjieZ1paWwd5eoFwF8MDJO0e+3mbLhX5eEFlmhiqkHyOd1X3r7p+vHjkW5f9vVd
	AFQkWnlxciZezdl0afuB77fX8sCvIdw89Zx/frZk2f7PRgcpCedSa2wDgj+2MXohPzI51X
	DI5XaDciApe6NfSO3PHastPDwvw8qZ0=
X-MC-Unique: dhCjXJGrPISNzOIJZbCqdA-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v3 04/13] qemu: report new launch security parameters
Date: Fri, 10 Dec 2021 16:47:04 +0000
Message-Id: <20211210164713.3024012-5-berrange@redhat.com>
In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com>
References: <20211210164713.3024012-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639154874480100005

Report extra info about the SEV setup, returning those fields
that are required to calculate the expected launch measurement

 HMAC(0x04 || API_MAJOR || API_MINOR || BUILD ||
      GCTX.POLICY || GCTX.LD || MNONCE; GCTX.TIK)

specified in section 6.5.1 of AMD Secure Encrypted
Virtualization API.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/qemu/qemu_driver.c | 43 +++++++++++++++++++++++++++++++++++-------
 1 file changed, 36 insertions(+), 7 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index f28d703512..ee23e10543 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -19961,14 +19961,19 @@ qemuNodeGetSEVInfo(virConnectPtr conn,
=20
=20
 static int
-qemuDomainGetSEVMeasurement(virQEMUDriver *driver,
-                            virDomainObj *vm,
-                            virTypedParameterPtr *params,
-                            int *nparams,
-                            unsigned int flags)
+qemuDomainGetSEVInfo(virQEMUDriver *driver,
+                     virDomainObj *vm,
+                     virTypedParameterPtr *params,
+                     int *nparams,
+                     unsigned int flags)
 {
     int ret =3D -1;
+    int rv;
     g_autofree char *tmp =3D NULL;
+    unsigned int apiMajor =3D 0;
+    unsigned int apiMinor =3D 0;
+    unsigned int buildID =3D 0;
+    unsigned int policy =3D 0;
     int maxpar =3D 0;
=20
     virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1);
@@ -19985,15 +19990,39 @@ qemuDomainGetSEVMeasurement(virQEMUDriver *driver,
     qemuDomainObjEnterMonitor(driver, vm);
     tmp =3D qemuMonitorGetSEVMeasurement(QEMU_DOMAIN_PRIVATE(vm)->mon);
=20
+
+    if (!tmp) {
+        qemuDomainObjExitMonitor(driver, vm);
+        goto endjob;
+    }
+
+    rv =3D qemuMonitorGetSEVInfo(QEMU_DOMAIN_PRIVATE(vm)->mon,
+                               &apiMajor, &apiMinor, &buildID, &policy);
     qemuDomainObjExitMonitor(driver, vm);
=20
-    if (!tmp)
+    if (rv < 0)
         goto endjob;
=20
     if (virTypedParamsAddString(params, nparams, &maxpar,
                                 VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT,
                                 tmp) < 0)
         goto endjob;
+    if (virTypedParamsAddUInt(params, nparams, &maxpar,
+                              VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MAJOR,
+                              apiMajor) < 0)
+        goto endjob;
+    if (virTypedParamsAddUInt(params, nparams, &maxpar,
+                              VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MINOR,
+                              apiMinor) < 0)
+        goto endjob;
+    if (virTypedParamsAddUInt(params, nparams, &maxpar,
+                              VIR_DOMAIN_LAUNCH_SECURITY_SEV_BUILD_ID,
+                              buildID) < 0)
+        goto endjob;
+    if (virTypedParamsAddUInt(params, nparams, &maxpar,
+                              VIR_DOMAIN_LAUNCH_SECURITY_SEV_POLICY,
+                              policy) < 0)
+        goto endjob;
=20
     ret =3D 0;
=20
@@ -20021,7 +20050,7 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr domain,
=20
     if (vm->def->sec &&
         vm->def->sec->sectype =3D=3D VIR_DOMAIN_LAUNCH_SECURITY_SEV) {
-        if (qemuDomainGetSEVMeasurement(driver, vm, params, nparams, flags=
) < 0)
+        if (qemuDomainGetSEVInfo(driver, vm, params, nparams, flags) < 0)
             goto cleanup;
     }
=20
--=20
2.33.1

From nobody Mon May  6 22:41:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639154867; cv=none;
	d=zohomail.com; s=zohoarc;
	b=NRZpFkMqvj/aMnMyUw8sBnBf2hTsNHXSqeA6Vy8kRxHvwk4gZE6BsvJjv8wlgtrZnRTwAu0K7N94zGsKR+7UuE8msxxu4kHnXitSgYANt6qla8+6Q5ENj3Z88JofgVIliMZc7N5ZIsOF9Ii1YfvP07Nlo3QVNlOI/Ko1BBAVe80=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639154867;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=e1OgiGiW7sAeQaMLYKzrJR/Rya22ApfGqqQLTBbsjf4=;
	b=c2GhB+mUd3RaPeGSvN3mSm8P18DgPb6egzY76n8SzAegEIiSycQSx7OCjkFJOuSSYfBJsK9qtCQud9n2nBQRfgEFvhtoYCl41kHd7KIcR4Flgb3SNwaREg7Jlv3yrawSqQjWfFLRj7Aad+tepyFv1HDhpXpP/qau0FWeCqrNHz8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1639154867408711.1904308229061;
 Fri, 10 Dec 2021 08:47:47 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-150-Uf_rWBOqNbaz1kZYKsiFSA-1; Fri, 10 Dec 2021 11:47:43 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 06DAC185302C;
	Fri, 10 Dec 2021 16:47:39 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id DF1CB22E03;
	Fri, 10 Dec 2021 16:47:38 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id B27CC18077BC;
	Fri, 10 Dec 2021 16:47:38 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BAGlV71019692 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 11:47:31 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 4B1EA1000180; Fri, 10 Dec 2021 16:47:31 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 74DFA10016FE;
	Fri, 10 Dec 2021 16:47:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639154866;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=e1OgiGiW7sAeQaMLYKzrJR/Rya22ApfGqqQLTBbsjf4=;
	b=O/RsQnTcRNPmNqE/MZoOI6myqb5BwYb6mNhyKmOdWmjzHZVDkO/sqh6Hsei6vKhSR5uYmZ
	n5aKWJ+wjrGm6RcFvzclo3sX05iJ1mrWqtNzVtHVnAX5vK7ujr6vwx23wX0UD6sXG7BmkR
	7kU5/CKvSH02Xo1pWymzYcqS6JNPhqw=
X-MC-Unique: Uf_rWBOqNbaz1kZYKsiFSA-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v3 05/13] tools: add 'domlaunchsecinfo' virsh command
Date: Fri, 10 Dec 2021 16:47:05 +0000
Message-Id: <20211210164713.3024012-6-berrange@redhat.com>
In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com>
References: <20211210164713.3024012-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639154869166100001

This command reports the launch security parameters for
a guest, allowing an external tool to perform a launch
attestation.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 docs/manpages/virsh.rst | 17 +++++++++++++
 tools/virsh-domain.c    | 53 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)

diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 275f416090..1a74217625 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -2057,6 +2057,23 @@ destination hosts have synchronized time (i.e., NTP =
daemon is running
 on both of them).
=20
=20
+domlaunchsecinfo
+----------------
+
+**Syntax:**
+
+::
+
+   domlaunchsecinfo domain
+
+Returns information about the launch security parameters associated
+with a running domain.
+
+The set of parameters reported will vary depending on which type of
+launch security protection is active. If none is active, no parameters
+will be reported.
+
+
 dommemstat
 ----------
=20
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 2338d6522a..c748fe2ba9 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -9523,6 +9523,53 @@ cmdNumatune(vshControl * ctl, const vshCmd * cmd)
     goto cleanup;
 }
=20
+/*
+ * "domlaunchsecinfo" command
+ */
+static const vshCmdInfo info_domlaunchsecinfo[] =3D {
+    {.name =3D "help",
+     .data =3D N_("Get domain launch security info")
+    },
+    {.name =3D "desc",
+     .data =3D N_("Get the launch security parameters for a guest domain")
+    },
+    {.name =3D NULL}
+};
+
+static const vshCmdOptDef opts_domlaunchsecinfo[] =3D {
+    VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+    {.name =3D NULL}
+};
+
+static bool
+cmdDomLaunchSecInfo(vshControl * ctl, const vshCmd * cmd)
+{
+    g_autoptr(virshDomain) dom =3D NULL;
+    size_t i;
+    int nparams =3D 0;
+    virTypedParameterPtr params =3D NULL;
+    bool ret =3D false;
+
+    if (!(dom =3D virshCommandOptDomain(ctl, cmd, NULL)))
+        return false;
+
+    if (virDomainGetLaunchSecurityInfo(dom, &params, &nparams, 0) !=3D 0) {
+        vshError(ctl, "%s", _("Unable to get launch security parameters"));
+        goto cleanup;
+    }
+
+    for (i =3D 0; i < nparams; i++) {
+        g_autofree char *str =3D vshGetTypedParamValue(ctl, &params[i]);
+        vshPrint(ctl, "%-15s: %s\n", params[i].field, str);
+    }
+
+    ret =3D true;
+
+ cleanup:
+    virTypedParamsFree(params, nparams);
+    return ret;
+}
+
 /*
  * "qemu-monitor-command" command
  */
@@ -14542,6 +14589,12 @@ const vshCmdDef domManagementCmds[] =3D {
      .info =3D info_domjobinfo,
      .flags =3D 0
     },
+    {.name =3D "domlaunchsecinfo",
+     .handler =3D cmdDomLaunchSecInfo,
+     .opts =3D opts_domlaunchsecinfo,
+     .info =3D info_domlaunchsecinfo,
+     .flags =3D 0
+    },
     {.name =3D "domname",
      .handler =3D cmdDomname,
      .opts =3D opts_domname,
--=20
2.33.1

From nobody Mon May  6 22:41:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639154890; cv=none;
	d=zohomail.com; s=zohoarc;
	b=J8EWxzy/NqsUGWjp5+1CE4C9LSzpk4byYPSIOJOBUGpUi7El+Gvd0qLFy4lIM0t3hmFyZQ+jZ/iNhEe3l+QCfWlo+NUKD92LNf9LAnsuqL/PjbwmO8mGleif+Pwu1YDx5ddDm5GTKWfKT7WyZVnvqtqFGkDDzyfEcmdxomyS4Dg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639154890;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=ab7kY1jnGxmyeA/OuvPGzwv9fYee0BRLpbt0NED1zQ4=;
	b=k4KpNnmrkMymbUwKHkUKmElZHQ/F5et5+x66eZhqu+Bmfty8zGidEqhz1ZmXeew3E1y3W95ve5HVSJKvsrHUKOx8aDmuaz9CuXpLv/0KBm7fNj3lgwTStnxbwTHO8CkHFHaw4WVbMkaMPBXRtatJl3B6yDAQX57fXW8K1emHREM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1639154890824550.8516086094141;
 Fri, 10 Dec 2021 08:48:10 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-203-ZZyvmhwVMBK8G_ptv9QryA-1; Fri, 10 Dec 2021 11:47:52 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4B5B51DDED;
	Fri, 10 Dec 2021 16:47:46 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 1F8E71000180;
	Fri, 10 Dec 2021 16:47:46 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id D3C5D1806D2C;
	Fri, 10 Dec 2021 16:47:45 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BAGlWfr019706 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 11:47:32 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 78901100AE22; Fri, 10 Dec 2021 16:47:32 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 9DBEC1000180;
	Fri, 10 Dec 2021 16:47:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639154889;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=ab7kY1jnGxmyeA/OuvPGzwv9fYee0BRLpbt0NED1zQ4=;
	b=RWfcv+a7tSx4rkzt61TExD5QV5+aTwugHWhbxKsCeOqUY6kHHSO1bsPrI3NmSsQCFmYYuH
	yjp4c6T2CMAmlwuMgzYv2z5Qh1LYnrRuULwa0EpnGZW2Q+hyROgFFWPZeXcU1/TLhnpVKu
	iZYeEanf8LjQfSqLJ773UAFbFVOlQs4=
X-MC-Unique: ZZyvmhwVMBK8G_ptv9QryA-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v3 06/13] tools: add 'nodesevinfo' virsh command
Date: Fri, 10 Dec 2021 16:47:06 +0000
Message-Id: <20211210164713.3024012-7-berrange@redhat.com>
In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com>
References: <20211210164713.3024012-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639154891808100003

While some SEV info is reported in the domain capabilities,
for reasons of size, this excludes the certificates. The
nodesevinfo command provides the full set of information.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 docs/manpages/virsh.rst | 14 +++++++++++++
 tools/virsh-host.c      | 45 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)

diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 1a74217625..e828f7ef68 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -479,6 +479,20 @@ Returns memory stats of the node.
 If *cell* is specified, this will print the specified cell statistics only.
=20
=20
+nodesevinfo
+-----------
+
+**Syntax:**
+
+::
+
+   nodesevinfo
+
+Reports information about the AMD SEV launch security features for
+the node, if any. Some of this information is also reported in the
+domain capabilities XML document.
+
+
 nodesuspend
 -----------
=20
diff --git a/tools/virsh-host.c b/tools/virsh-host.c
index 5da1346a9c..5ee3834de2 100644
--- a/tools/virsh-host.c
+++ b/tools/virsh-host.c
@@ -888,6 +888,45 @@ cmdNodeMemStats(vshControl *ctl, const vshCmd *cmd)
     return true;
 }
=20
+/*
+ * "nodesevinfo" command
+ */
+static const vshCmdInfo info_nodesevinfo[] =3D {
+    {.name =3D "help",
+     .data =3D N_("node SEV information")
+    },
+    {.name =3D "desc",
+     .data =3D N_("Returns basic SEV information about the node.")
+    },
+    {.name =3D NULL}
+};
+
+static bool
+cmdNodeSEVInfo(vshControl *ctl, const vshCmd *cmd G_GNUC_UNUSED)
+{
+    virshControl *priv =3D ctl->privData;
+    size_t i;
+    int nparams =3D 0;
+    virTypedParameterPtr params =3D NULL;
+    bool ret =3D false;
+
+    if (virNodeGetSEVInfo(priv->conn, &params, &nparams, 0) !=3D 0) {
+        vshError(ctl, "%s", _("Unable to get host SEV information"));
+        goto cleanup;
+    }
+
+    for (i =3D 0; i < nparams; i++) {
+        g_autofree char *str =3D vshGetTypedParamValue(ctl, &params[i]);
+        vshPrint(ctl, "%-18s: %s\n", params[i].field, str);
+    }
+
+    ret =3D true;
+
+ cleanup:
+    virTypedParamsFree(params, nparams);
+    return ret;
+}
+
 /*
  * "nodesuspend" command
  */
@@ -1828,6 +1867,12 @@ const vshCmdDef hostAndHypervisorCmds[] =3D {
      .info =3D info_nodememstats,
      .flags =3D 0
     },
+    {.name =3D "nodesevinfo",
+     .handler =3D cmdNodeSEVInfo,
+     .opts =3D NULL,
+     .info =3D info_nodesevinfo,
+     .flags =3D 0
+    },
     {.name =3D "nodesuspend",
      .handler =3D cmdNodeSuspend,
      .opts =3D opts_node_suspend,
--=20
2.33.1

From nobody Mon May  6 22:41:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639154878; cv=none;
	d=zohomail.com; s=zohoarc;
	b=CxOKk/4qcmWkCl8zpRGG6JxG0VrAGjU/U+9Uj8lhBweFOtnJ94Bs8yh1memR1sZY5VBiNdYtaILeNqWeAyTnsUNqIf0J+JWSc7H+5Xo9Wd3Ey05PY+aOtqaGvDqaXe02deV2ACWCXO36TYBHxz1O0/cH3kQoFFkCqTHt/YxFs4I=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639154878;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=A+ujSV4+tDzqRnjyYNEV35uyEjL8JI3hNIc9C1HFsDw=;
	b=T7VAZHpya/DCGJwA4tOGK1tkJWIpihOz7YLyyO9iM5kIMr8UezSfz9Gcu16U1czu0KgC2232BV2hSTGH187NvCBOiv/f5TPdwdq+C3jXsrMGTHGFKepBpHtWLh1ASypKjUPxZIZDnYhiq7kJ/aLNNhFcdbtxX9KV7B1HjrK3gMk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1639154878663727.4738143570355;
 Fri, 10 Dec 2021 08:47:58 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-401-XSV7vG2KMvydTzarfwpbjQ-1; Fri, 10 Dec 2021 11:47:54 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A8948802C91;
	Fri, 10 Dec 2021 16:47:48 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 892F91000180;
	Fri, 10 Dec 2021 16:47:48 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5AFF44A706;
	Fri, 10 Dec 2021 16:47:48 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BAGlXJv019725 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 11:47:33 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id A2C3510016FE; Fri, 10 Dec 2021 16:47:33 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id CA8291002EFB;
	Fri, 10 Dec 2021 16:47:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639154876;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=A+ujSV4+tDzqRnjyYNEV35uyEjL8JI3hNIc9C1HFsDw=;
	b=FuO1tzOVoT9nrvlLo8/MjUj6ZlSi5P+Y0l1qRBt4IidA2Q6MnUv72ioPjQ3vyEPxz7TBGs
	PN7IkyDX73PqOeEc6VDi38mU9RsRrOzcpqx/NFqy++X/fbzg8+genEdQ4sBB5rLdzv/aSF
	9eHGWZ1JWgFKVDbhoE+DLG3CASmYbQw=
X-MC-Unique: XSV7vG2KMvydTzarfwpbjQ-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v3 07/13] conf: extend domain capabilities for max SEV
	guest count
Date: Fri, 10 Dec 2021 16:47:07 +0000
Message-Id: <20211210164713.3024012-8-berrange@redhat.com>
In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com>
References: <20211210164713.3024012-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639154879566100001

There are limits on the number of SEV/SEV-ES guests that can
be run on machines, which may be influenced by firmware
settings. This is important to expose to users.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 docs/formatdomaincaps.html.in                   | 6 ++++++
 docs/schemas/domaincaps.rng                     | 6 ++++++
 src/conf/domain_capabilities.c                  | 4 ++++
 src/conf/domain_capabilities.h                  | 2 ++
 tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml | 2 ++
 tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml | 2 ++
 tests/domaincapsdata/qemu_2.12.0.x86_64.xml     | 2 ++
 tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml  | 2 ++
 tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  | 2 ++
 tests/domaincapsdata/qemu_6.0.0.x86_64.xml      | 2 ++
 10 files changed, 30 insertions(+)

diff --git a/docs/formatdomaincaps.html.in b/docs/formatdomaincaps.html.in
index 915ece8e3e..35b8bf3def 100644
--- a/docs/formatdomaincaps.html.in
+++ b/docs/formatdomaincaps.html.in
@@ -681,6 +681,12 @@
       <dt><code>reducedPhysBits</code></dt>
       <dd>When memory encryption is enabled, we lose certain bits in physi=
cal
       address space. The number of bits we lose is hypervisor dependent.</=
dd>
+      <dt><code>maxGuests</code></dt>
+      <dd>The maximum number of SEV guests that can be launched on the hos=
t.
+      This value may be configurable in the firmware for some hosts.</dd>
+      <dt><code>maxESGuests</code></dt>
+      <dd>The maximum number of SEV-ES guests that can be launched on the =
host.
+      This value may be configurable in the firmware for some hosts.</dd>
     </dl>
=20
   </body>
diff --git a/docs/schemas/domaincaps.rng b/docs/schemas/domaincaps.rng
index 1b6122507f..b40ee0f35a 100644
--- a/docs/schemas/domaincaps.rng
+++ b/docs/schemas/domaincaps.rng
@@ -323,6 +323,12 @@
         <element name=3D"reducedPhysBits">
           <data type=3D"unsignedInt"/>
         </element>
+        <element name=3D"maxGuests">
+          <data type=3D"unsignedInt"/>
+        </element>
+        <element name=3D"maxESGuests">
+          <data type=3D"unsignedInt"/>
+        </element>
       </optional>
     </element>
   </define>
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index fef1326190..c394a7a390 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -597,6 +597,10 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf,
         virBufferAsprintf(buf, "<cbitpos>%d</cbitpos>\n", sev->cbitpos);
         virBufferAsprintf(buf, "<reducedPhysBits>%d</reducedPhysBits>\n",
                           sev->reduced_phys_bits);
+        virBufferAsprintf(buf, "<maxGuests>%d</maxGuests>\n",
+                          sev->max_guests);
+        virBufferAsprintf(buf, "<maxESGuests>%d</maxESGuests>\n",
+                          sev->max_es_guests);
         virBufferAdjustIndent(buf, -2);
         virBufferAddLit(buf, "</sev>\n");
     }
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index 2fcad87fd8..1d2f4ac7a5 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -187,6 +187,8 @@ struct _virSEVCapability {
     char *cert_chain;
     unsigned int cbitpos;
     unsigned int reduced_phys_bits;
+    unsigned int max_guests;
+    unsigned int max_es_guests;
 };
=20
 typedef enum {
diff --git a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml b/tests/domain=
capsdata/qemu_2.12.0-q35.x86_64.xml
index 9f41dfaf2b..26816ff066 100644
--- a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml
@@ -205,6 +205,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>0</maxGuests>
+      <maxESGuests>0</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml b/tests/domain=
capsdata/qemu_2.12.0-tcg.x86_64.xml
index d5f9d8ebe3..5840a8b921 100644
--- a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml
@@ -215,6 +215,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>0</maxGuests>
+      <maxESGuests>0</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml b/tests/domaincaps=
data/qemu_2.12.0.x86_64.xml
index dc2c3ec4dd..21d1b6946e 100644
--- a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml
@@ -205,6 +205,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>0</maxGuests>
+      <maxESGuests>0</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_6.0.0-q35.x86_64.xml
index 90acb29775..3415d44019 100644
--- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
@@ -227,6 +227,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>0</maxGuests>
+      <maxESGuests>0</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_6.0.0-tcg.x86_64.xml
index 768cba5a41..f58be3af6c 100644
--- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
@@ -233,6 +233,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>0</maxGuests>
+      <maxESGuests>0</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_6.0.0.x86_64.xml
index 7a95c530f9..0a2615c519 100644
--- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
@@ -227,6 +227,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>0</maxGuests>
+      <maxESGuests>0</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
--=20
2.33.1

From nobody Mon May  6 22:41:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639154873; cv=none;
	d=zohomail.com; s=zohoarc;
	b=hq9oRKhZauCrD+nifn1HY5zHsujCxhUe4tkjQF+q6KFW0+jyDNp7oeC6HXwmud23gLKiaRpNghVOv1VPZONwYyX32kpk9C+GaGebFzPv/XM2vxpeg64R3NVPAWmbK19P40CFQY4Ricyw/RTnoqxZfIyYGOg5JQ+WLHkh7cIZO0Y=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639154873;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=CNTvpF7ymnnsflH1PCsNrG0VhZUSVjkO+DSaC/UHrmU=;
	b=n1SeCWhljyE6zRFKmptusWe1FKIljGPlYgZ2D8ajcD7bGnoI6OdlDS3/yfPwfaCP8pI+7tmfY/aA13/dVL3CD6vehVkFCh74POulpceF6179pIHakSmejIpla88YwjCF5gsZsvWrtkQ+gXPqD1wM7YJlmE9FEVJ3SVmNvtlfHZY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1639154873036242.88244121297942;
 Fri, 10 Dec 2021 08:47:53 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-184-O7PTpA78O1G-xl03ISbgvA-1; Fri, 10 Dec 2021 11:47:48 -0500
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B3A32100C638;
	Fri, 10 Dec 2021 16:47:42 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 94D3C5ED27;
	Fri, 10 Dec 2021 16:47:42 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 671A64A7CA;
	Fri, 10 Dec 2021 16:47:42 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BAGlYnn019735 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 11:47:34 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id CE9691000180; Fri, 10 Dec 2021 16:47:34 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id F3ADD1002EFB;
	Fri, 10 Dec 2021 16:47:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639154872;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=CNTvpF7ymnnsflH1PCsNrG0VhZUSVjkO+DSaC/UHrmU=;
	b=Lv+lVCLO7wLi4iNwToYQ5erz8ojYAEvQo1pJG0NcX79iYEGes5Bluat/qwGBCCrPg/RBdN
	rpsG882pjRtFslH91YUBre91gD83SC4WzkH3PW9vTwM8t7TN0CSDlA5k9BUxGXg7OvAJC2
	lcf5qjhYE6ArrkESiwmjhEAdhXAwcdM=
X-MC-Unique: O7PTpA78O1G-xl03ISbgvA-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v3 08/13] include: define parameters for reporting SEV
	guest limits
Date: Fri, 10 Dec 2021 16:47:08 +0000
Message-Id: <20211210164713.3024012-9-berrange@redhat.com>
In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com>
References: <20211210164713.3024012-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639154874016100003

There are limits on the number of SEV/SEV-ES guests that can
be run on machines, which may be influenced by firmware
settings. This is important to expose to users.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 include/libvirt/libvirt-host.h | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
index 4caed94a77..1dc4b8a147 100644
--- a/include/libvirt/libvirt-host.h
+++ b/include/libvirt/libvirt-host.h
@@ -472,6 +472,22 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
  */
 # define VIR_NODE_SEV_REDUCED_PHYS_BITS "reduced-phys-bits"
=20
+/**
+ * VIR_NODE_SEV_MAX_GUESTS:
+ *
+ * Macro represents the number of SEV guests that can
+ * be run on the host, as a VIR_TYPED_PARAM_UINT.
+ */
+# define VIR_NODE_SEV_MAX_GUESTS "max-guests"
+
+/**
+ * VIR_NODE_SEV_MAX_ES_GUESTS:
+ *
+ * Macro represents the number of SEV-ES guests that can
+ * be run on the host, as a VIR_TYPED_PARAM_UINT.
+ */
+# define VIR_NODE_SEV_MAX_ES_GUESTS "max-es-guests"
+
 int virNodeGetSEVInfo (virConnectPtr conn,
                        virTypedParameterPtr *params,
                        int *nparams,
--=20
2.33.1

From nobody Mon May  6 22:41:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639154875; cv=none;
	d=zohomail.com; s=zohoarc;
	b=g4leR8Rb3i/2WtXVQDVoES5+5EhKcdCp2j1jn3+UOLaiSbfqnJ6kSheVmgvRy7H1ehB2i4l9bN2LA+ziH52sEXG8skRhIxBoqPuyrZyGcwNH2JE7X3Jip81ftN6T+QtF53/xxItcrO+iB0uodQsfaw5tB8eI69tyvyrCcSqTbss=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639154875;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=2dneZKpCYJAZfxshBN9RGQ+Qn+HZW/tAqRI81a8qAXk=;
	b=QrH9Rt6fayviNyEb1h5wJj/HbdzcsLa9QBXwYK2kQ+H603kMiRxW3wMr5QpDhJ2chDMtp3Gr+4G/qdiZbHEbBsi2bubNf3zkqt+5bg8rLflpsblC5R7EW7oAF/tcfuoJuvpBdsom7WU/kbLVTeUf36aZJzc0Sxoqe3Tsb9ElAFo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1639154875874449.8972298879985;
 Fri, 10 Dec 2021 08:47:55 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-203-kojxI8NbPCWpdWOCLIxZtg-1; Fri, 10 Dec 2021 11:47:52 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 55486100C612;
	Fri, 10 Dec 2021 16:47:46 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 26ACD7AB4D;
	Fri, 10 Dec 2021 16:47:46 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id E11981806D2B;
	Fri, 10 Dec 2021 16:47:45 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BAGliHR019771 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 11:47:44 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id DF60E100AE2C; Fri, 10 Dec 2021 16:47:44 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 2D32710016FE;
	Fri, 10 Dec 2021 16:47:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639154874;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=2dneZKpCYJAZfxshBN9RGQ+Qn+HZW/tAqRI81a8qAXk=;
	b=jRVkBtTNsZuDalMOzVE75MYC7ayPXxTXIDAL88RyfzvBcNGxRoII6/QMNMUpn8yRySDbJz
	awSwc6ko7OL15vPWjCqkS1bs+iQantz1n4s6pFtIF+r5EAuxpqOERSTTvdjwWf4HIlripu
	Dzq7PRuGoru7NN5y5OEp/O0gpdzVTbc=
X-MC-Unique: kojxI8NbPCWpdWOCLIxZtg-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v3 09/13] util: pull CPUID helper function out of CPU
	driver
Date: Fri, 10 Dec 2021 16:47:09 +0000
Message-Id: <20211210164713.3024012-10-berrange@redhat.com>
In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com>
References: <20211210164713.3024012-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639154876937100001

This will be needed directly in the QEMU driver in a later patch.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/cpu/cpu_x86.c        | 34 +++++------------------
 src/libvirt_private.syms |  1 +
 src/util/virhostcpu.c    | 58 ++++++++++++++++++++++++++++++++++++++++
 src/util/virhostcpu.h    |  7 +++++
 4 files changed, 72 insertions(+), 28 deletions(-)

diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index 0b2ff82d40..5cb9caef8a 100644
--- a/src/cpu/cpu_x86.c
+++ b/src/cpu/cpu_x86.c
@@ -2377,34 +2377,12 @@ virCPUx86DataCheckFeature(const virCPUData *data,
 static inline void
 cpuidCall(virCPUx86CPUID *cpuid)
 {
-# if __x86_64__
-    asm("xor %%ebx, %%ebx;" /* clear the other registers as some cpuid */
-        "xor %%edx, %%edx;" /* functions may use them as additional argume=
nts */
-        "cpuid;"
-        : "=3Da" (cpuid->eax),
-          "=3Db" (cpuid->ebx),
-          "=3Dc" (cpuid->ecx),
-          "=3Dd" (cpuid->edx)
-        : "a" (cpuid->eax_in),
-          "c" (cpuid->ecx_in));
-# else
-    /* we need to avoid direct use of ebx for CPUID output as it is used
-     * for global offset table on i386 with -fPIC
-     */
-    asm("push %%ebx;"
-        "xor %%ebx, %%ebx;" /* clear the other registers as some cpuid */
-        "xor %%edx, %%edx;" /* functions may use them as additional argume=
nts */
-        "cpuid;"
-        "mov %%ebx, %1;"
-        "pop %%ebx;"
-        : "=3Da" (cpuid->eax),
-          "=3Dr" (cpuid->ebx),
-          "=3Dc" (cpuid->ecx),
-          "=3Dd" (cpuid->edx)
-        : "a" (cpuid->eax_in),
-          "c" (cpuid->ecx_in)
-        : "cc");
-# endif
+    virHostCPUX86GetCPUID(cpuid->eax_in,
+                          cpuid->ecx_in,
+                          &cpuid->eax,
+                          &cpuid->ebx,
+                          &cpuid->ecx,
+                          &cpuid->edx);
 }
=20
=20
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index da27ee7b53..53262e25b7 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2417,6 +2417,7 @@ virHostCPUGetThreadsPerSubcore;
 virHostCPUHasBitmap;
 virHostCPUReadSignature;
 virHostCPUStatsAssign;
+virHostCPUX86GetCPUID;
=20
=20
 # util/virhostmem.h
diff --git a/src/util/virhostcpu.c b/src/util/virhostcpu.c
index 54e2462a95..a07c00a0e9 100644
--- a/src/util/virhostcpu.c
+++ b/src/util/virhostcpu.c
@@ -1583,3 +1583,61 @@ virHostCPUGetHaltPollTime(pid_t pid,
=20
     return 0;
 }
+
+void
+virHostCPUX86GetCPUID(uint32_t leaf G_GNUC_UNUSED,
+                      uint32_t extended G_GNUC_UNUSED,
+                      uint32_t *eax,
+                      uint32_t *ebx,
+                      uint32_t *ecx,
+                      uint32_t *edx)
+{
+#if defined(__i386__) || defined(__x86_64__)
+    uint32_t out[4];
+# if __x86_64__
+    asm("xor %%ebx, %%ebx;" /* clear the other registers as some cpuid */
+        "xor %%edx, %%edx;" /* functions may use them as additional argume=
nts */
+        "cpuid;"
+        : "=3Da" (out[0]),
+          "=3Db" (out[1]),
+          "=3Dc" (out[2]),
+          "=3Dd" (out[3])
+        : "a" (leaf),
+          "c" (extended));
+# else
+    /* we need to avoid direct use of ebx for CPUID output as it is used
+     * for global offset table on i386 with -fPIC
+     */
+    asm("push %%ebx;"
+        "xor %%ebx, %%ebx;" /* clear the other registers as some cpuid */
+        "xor %%edx, %%edx;" /* functions may use them as additional argume=
nts */
+        "cpuid;"
+        "mov %%ebx, %1;"
+        "pop %%ebx;"
+        : "=3Da" (out[0]),
+          "=3Dr" (out[1]),
+          "=3Dc" (out[2]),
+          "=3Dd" (out[3])
+        : "a" (leaf),
+          "c" (extended)
+        : "cc");
+# endif
+    if (eax)
+        *eax =3D out[0];
+    if (ebx)
+        *ebx =3D out[1];
+    if (ecx)
+        *ecx =3D out[2];
+    if (edx)
+        *edx =3D out[3];
+#else
+    if (eax)
+        *eax =3D 0;
+    if (ebx)
+        *ebx =3D 0;
+    if (ecx)
+        *ecx =3D 0;
+    if (edx)
+        *edx =3D 0;
+#endif
+}
diff --git a/src/util/virhostcpu.h b/src/util/virhostcpu.h
index a96dd5afba..86a231daa2 100644
--- a/src/util/virhostcpu.h
+++ b/src/util/virhostcpu.h
@@ -89,3 +89,10 @@ int virHostCPUGetSignature(char **signature);
 int virHostCPUGetHaltPollTime(pid_t pid,
                               unsigned long long *haltPollSuccess,
                               unsigned long long *haltPollFail);
+
+void virHostCPUX86GetCPUID(uint32_t leaf,
+                           uint32_t extended,
+                           uint32_t *eax,
+                           uint32_t *ebx,
+                           uint32_t *ecx,
+                           uint32_t *edx);
--=20
2.33.1

From nobody Mon May  6 22:41:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639154919; cv=none;
	d=zohomail.com; s=zohoarc;
	b=W+BXjtU66t2NqFrEMuMvJR3hRN5kZfUou7jelofsn/vxxS6+fHPyB2HqBwanK5sMoPyzqkaGIhVz3ERCWopE6f3b8MQYFQwpIMN0uL1Ts/+gMs5P+IHhQbP1aqZOFvFJhaE3C1zpwv96Kuf2L+/Mde9Pz4rmy/xD8S60EdDt6VY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639154919;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=ePj7wwJqYB9Lo9YL885Vb3E/k/F1zYUSWpsIhmNRv3k=;
	b=nmIxZbxcP1pzdanI8ow0nLTssDB6LHwD1CqGm2+QLqJFIr81dlqW8+TaBg7zZD7Sv2DTVrxMXpp1J4Y3pc43Dv1RwBBkN5yApJj9ipT+OuLNOjCZPVz+OXVAcp26xDGky8LerjQR01D7csUceVEK3mrWAIj6aMrVYrjvyaGlrwI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1639154919614796.6378139925458;
 Fri, 10 Dec 2021 08:48:39 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-369-kSPM0fS4OlenzbhlniNTiQ-1; Fri, 10 Dec 2021 11:48:34 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EC7B581CCFF;
	Fri, 10 Dec 2021 16:48:28 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 2903F100EBAD;
	Fri, 10 Dec 2021 16:48:28 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3963718048A7;
	Fri, 10 Dec 2021 16:48:27 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BAGmQWn020214 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 11:48:26 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 01FDD1017CF5; Fri, 10 Dec 2021 16:48:26 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 32B1F10114AE;
	Fri, 10 Dec 2021 16:47:45 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639154918;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=ePj7wwJqYB9Lo9YL885Vb3E/k/F1zYUSWpsIhmNRv3k=;
	b=Lruoz8T6mvqd30n0j2g5dhDFwvw+LcbD+ZnnGcvVuNx2B6T59GLtW2xPTe8+iES1Ffk3qz
	FRGdCM3+Bl6GBmlP8POckvglSjVelps8Ib+nNPYGACTkFooznYBuN0iv6o2pbflo0V792h
	LX40a7P+s4C32+agJf/E2BrRPLuPXZ0=
X-MC-Unique: kSPM0fS4OlenzbhlniNTiQ-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v3 10/13] qemu: report max number of SEV guests
Date: Fri, 10 Dec 2021 16:47:10 +0000
Message-Id: <20211210164713.3024012-11-berrange@redhat.com>
In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com>
References: <20211210164713.3024012-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639154920661100001

Different CPU generations have different limits on the number
of SEV/SEV-ES guests that can be run. Since both limits come
from the same overall set, there is typically also BIOS config
to set the tradeoff betweeen SEV and SEV-ES guest limits.

This is important information to expose for a mgmt application
scheduling guests to hosts.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_capabilities.c                  | 39 +++++++++++++++++++
 src/qemu/qemu_driver.c                        | 10 +++++
 .../domaincapsdata/qemu_2.12.0-q35.x86_64.xml |  4 +-
 .../domaincapsdata/qemu_2.12.0-tcg.x86_64.xml |  4 +-
 tests/domaincapsdata/qemu_2.12.0.x86_64.xml   |  4 +-
 .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml  |  4 +-
 .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml  |  4 +-
 tests/domaincapsdata/qemu_6.0.0.x86_64.xml    |  4 +-
 tests/testutilsqemu.c                         | 21 ++++++++++
 9 files changed, 82 insertions(+), 12 deletions(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 4ffd0a98a2..ddd61ecfc9 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -1897,6 +1897,8 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst,
=20
     tmp->cbitpos =3D src->cbitpos;
     tmp->reduced_phys_bits =3D src->reduced_phys_bits;
+    tmp->max_guests =3D src->max_guests;
+    tmp->max_es_guests =3D src->max_es_guests;
=20
     *dst =3D g_steal_pointer(&tmp);
     return 0;
@@ -3286,6 +3288,31 @@ virQEMUCapsProbeQMPGICCapabilities(virQEMUCaps *qemu=
Caps,
 }
=20
=20
+static void
+virQEMUCapsGetSEVMaxGuests(virSEVCapability *caps)
+{
+    /*
+     * From Secure Encrypted Virtualization API v0.24, section 6.19.1
+     *
+     * If the guest is SEV-ES enabled, then the ASID must be at least
+     * 1h and at most (MIN_SEV_ASID-1). If the guest is not SEV-ES
+     * enabled, then the ASID must be at least MIN_SEV_ASID and at
+     * most the maximum SEV ASID available. The MIN_SEV_ASID value
+     * is discovered by CPUID Fn8000_001F[EDX]. The maximum SEV ASID
+     * available is discovered by CPUID Fn8000_001F[ECX].
+     */
+    uint32_t min_asid, max_asid;
+    virHostCPUX86GetCPUID(0x8000001F, 0, NULL, NULL,
+                          &max_asid, &min_asid);
+
+    if (max_asid !=3D 0 && min_asid !=3D 0) {
+        caps->max_guests =3D max_asid - min_asid + 1;
+        caps->max_es_guests =3D min_asid - 1;
+    } else {
+        caps->max_guests =3D caps->max_es_guests =3D 0;
+    }
+}
+
 static int
 virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemuCaps,
                                    qemuMonitor *mon)
@@ -3305,6 +3332,8 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCaps *qemuC=
aps,
         return 0;
     }
=20
+    virQEMUCapsGetSEVMaxGuests(caps);
+
     virSEVCapabilitiesFree(qemuCaps->sevCapabilities);
     qemuCaps->sevCapabilities =3D caps;
     return 0;
@@ -4084,6 +4113,14 @@ virQEMUCapsParseSEVInfo(virQEMUCaps *qemuCaps, xmlXP=
athContextPtr ctxt)
         return -1;
     }
=20
+
+    /* We probe this every time because the values
+     * can change on every reboot via firmware
+     * config tunables. It is cheap to query so
+     * lack of caching is a non-issue
+     */
+    virQEMUCapsGetSEVMaxGuests(sev);
+
     qemuCaps->sevCapabilities =3D g_steal_pointer(&sev);
     return 0;
 }
@@ -6344,6 +6381,8 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCaps *qemu=
Caps,
     domCaps->sev->cert_chain =3D g_strdup(cap->cert_chain);
     domCaps->sev->cbitpos =3D cap->cbitpos;
     domCaps->sev->reduced_phys_bits =3D cap->reduced_phys_bits;
+    domCaps->sev->max_guests =3D cap->max_guests;
+    domCaps->sev->max_es_guests =3D cap->max_es_guests;
 }
=20
=20
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index ee23e10543..8ee0939295 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -19918,6 +19918,16 @@ qemuGetSEVInfoToParams(virQEMUCaps *qemuCaps,
                     sev->reduced_phys_bits) < 0)
         goto cleanup;
=20
+    if (virTypedParamsAddUInt(&sevParams, &n, &maxpar,
+                    VIR_NODE_SEV_MAX_GUESTS,
+                    sev->max_guests) < 0)
+        goto cleanup;
+
+    if (virTypedParamsAddUInt(&sevParams, &n, &maxpar,
+                    VIR_NODE_SEV_MAX_ES_GUESTS,
+                    sev->max_es_guests) < 0)
+        goto cleanup;
+
     *params =3D g_steal_pointer(&sevParams);
     *nparams =3D n;
     return 0;
diff --git a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml b/tests/domain=
capsdata/qemu_2.12.0-q35.x86_64.xml
index 26816ff066..0dc5995c09 100644
--- a/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0-q35.x86_64.xml
@@ -205,8 +205,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
-      <maxGuests>0</maxGuests>
-      <maxESGuests>0</maxESGuests>
+      <maxGuests>59</maxGuests>
+      <maxESGuests>450</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml b/tests/domain=
capsdata/qemu_2.12.0-tcg.x86_64.xml
index 5840a8b921..575506d852 100644
--- a/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0-tcg.x86_64.xml
@@ -215,8 +215,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
-      <maxGuests>0</maxGuests>
-      <maxESGuests>0</maxESGuests>
+      <maxGuests>59</maxGuests>
+      <maxESGuests>450</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml b/tests/domaincaps=
data/qemu_2.12.0.x86_64.xml
index 21d1b6946e..c8a5558536 100644
--- a/tests/domaincapsdata/qemu_2.12.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_2.12.0.x86_64.xml
@@ -205,8 +205,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
-      <maxGuests>0</maxGuests>
-      <maxESGuests>0</maxESGuests>
+      <maxGuests>59</maxGuests>
+      <maxESGuests>450</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_6.0.0-q35.x86_64.xml
index 3415d44019..4595e70f61 100644
--- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml
@@ -227,8 +227,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
-      <maxGuests>0</maxGuests>
-      <maxESGuests>0</maxESGuests>
+      <maxGuests>59</maxGuests>
+      <maxESGuests>450</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_6.0.0-tcg.x86_64.xml
index f58be3af6c..6b85c9c45a 100644
--- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml
@@ -233,8 +233,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
-      <maxGuests>0</maxGuests>
-      <maxESGuests>0</maxESGuests>
+      <maxGuests>59</maxGuests>
+      <maxESGuests>450</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_6.0.0.x86_64.xml
index 0a2615c519..a6fa374211 100644
--- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml
@@ -227,8 +227,8 @@
     <sev supported=3D'yes'>
       <cbitpos>47</cbitpos>
       <reducedPhysBits>1</reducedPhysBits>
-      <maxGuests>0</maxGuests>
-      <maxESGuests>0</maxESGuests>
+      <maxGuests>59</maxGuests>
+      <maxESGuests>450</maxESGuests>
     </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index 5bd1d40ad4..7f848f158e 100644
--- a/tests/testutilsqemu.c
+++ b/tests/testutilsqemu.c
@@ -143,6 +143,27 @@ virCapabilitiesHostNUMANewHost(void)
     return virTestCapsBuildNUMATopology(3);
 }
=20
+void
+virHostCPUX86GetCPUID(uint32_t leaf,
+                      uint32_t extended,
+                      uint32_t *eax,
+                      uint32_t *ebx,
+                      uint32_t *ecx,
+                      uint32_t *edx)
+{
+    if (eax)
+        *eax =3D 0;
+    if (ebx)
+        *ebx =3D 0;
+    if (ecx)
+        *ecx =3D 0;
+    if (edx)
+        *edx =3D 0;
+    if (leaf =3D=3D 0x8000001F && extended =3D=3D 0) {
+        *ecx =3D 509;
+        *edx =3D 451;
+    }
+}
=20
 static int
 testQemuAddGuest(virCaps *caps,
--=20
2.33.1

From nobody Mon May  6 22:41:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639154947; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Llfevj49gYFCeo9c7utuJmDW6zvXxA4nuZb0yU0aKTyFKFzE0kMYNf6PB80+kvttMAX5n2ULJJXReW91MgEGdU+umZkbizUx6hgPMVfXvgJaazBG9EqLhWclDnpbrpEGdmucTR9F9fTKq4+3TDRKdyNOLmFk4Ubj+CB0qMJuNL0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639154947;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=YWY90+PJsYvUDw9Nd2bXsg2v/+apkLU6UTUbJlG2cNI=;
	b=K42QGrWCY7nMaPd9JFB2y9VjGOwIEwOUkeHH9Er7pS8R9/aLehGxJANs2DLtMuxkEERH8rqC00zOcm2pOFCzAXLGcFLGO54eP4p/x191At75bHimct9Rmi2Ns/mPNW/fOWSTsD984YxVZ5494GbQTUnOSJipny37/u7CO4tKT/g=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1639154947658340.4812949157632;
 Fri, 10 Dec 2021 08:49:07 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-37-i1cEUqI4Ox6UN51MmWwTyQ-1; Fri, 10 Dec 2021 11:49:04 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C83DE10168CC;
	Fri, 10 Dec 2021 16:48:58 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id AB33E10016FE;
	Fri, 10 Dec 2021 16:48:58 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7AAB31803390;
	Fri, 10 Dec 2021 16:48:58 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BAGmuTP020319 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 11:48:56 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id C1A9910589A9; Fri, 10 Dec 2021 16:48:56 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id B96C810114AE;
	Fri, 10 Dec 2021 16:48:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639154946;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=YWY90+PJsYvUDw9Nd2bXsg2v/+apkLU6UTUbJlG2cNI=;
	b=bPbXoPD+PjEQX6VkcqHPQrL1zfotmYbV0S1StUW4AhgnkAXXcdfCAN6fyTzTWatlyj0edX
	MGMUdeDeXi3T3/wDaZ2iwfvdpE/KgGc6yzFnWLg4bIb2tklVgfpPuQnDmPM7ETHY0jUFzt
	yB087qSyTmbKuKyeuPkI3JAFnMNHj2Y=
X-MC-Unique: i1cEUqI4Ox6UN51MmWwTyQ-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v3 11/13] conf: add support for setting SEV kernel
	hashes
Date: Fri, 10 Dec 2021 16:47:11 +0000
Message-Id: <20211210164713.3024012-12-berrange@redhat.com>
In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com>
References: <20211210164713.3024012-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639154949754100001

Normally the SEV measurement only covers the firmware
loader contents. When doing a direct kernel boot, however,
with new enough OVMF it is possible to ask for the
measurement to cover the kernel, ramdisk and command line.

It can't be done automatically as that would break existing
guests using direct kernel boot with old firmware, so there
is a new XML setting allowing this behaviour to be toggled.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 docs/formatdomain.rst         | 7 ++++++-
 docs/schemas/domaincommon.rng | 5 +++++
 src/conf/domain_conf.c        | 8 ++++++++
 src/conf/domain_conf.h        | 1 +
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index eb8c973cf1..c6e1f2226a 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -8191,7 +8191,7 @@ spec <https://support.amd.com/TechDocs/55766_SEV-KM_A=
PI_Specification.pdf>`__
=20
    <domain>
      ...
-     <launchSecurity type=3D'sev'>
+     <launchSecurity type=3D'sev' kernelHashes=3D'yes'>
        <policy>0x0001</policy>
        <cbitpos>47</cbitpos>
        <reducedPhysBits>1</reducedPhysBits>
@@ -8201,6 +8201,11 @@ spec <https://support.amd.com/TechDocs/55766_SEV-KM_=
API_Specification.pdf>`__
      ...
    </domain>
=20
+``kernelHashes``
+   The optional ``kernelHashes`` attribute indicates whether the
+   hashes of the kernel, ramdisk and command line should be included
+   in the measurement done by the firmware. This is only valid if
+   using direct kernel boot. :since:`Since 8.0.0`
 ``cbitpos``
    The required ``cbitpos`` element provides the C-bit (aka encryption bit)
    location in guest page table entry. The value of ``cbitpos`` is hypervi=
sor
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index f01b7a6470..8fe6134935 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -499,6 +499,11 @@
     <attribute name=3D"type">
       <value>sev</value>
     </attribute>
+    <optional>
+      <attribute name=3D"kernelHashes">
+        <ref name=3D"virYesNo"/>
+      </attribute>
+    </optional>
     <interleave>
       <optional>
         <element name=3D"cbitpos">
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c634e7dd41..15e52eeed8 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -14793,6 +14793,10 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
     unsigned long policy;
     int rc;
=20
+    if (virXMLPropTristateBool(ctxt->node, "kernelHashes", VIR_XML_PROP_NO=
NE,
+                               &def->kernel_hashes) < 0)
+        return -1;
+
     if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) {
         virReportError(VIR_ERR_XML_ERROR, "%s",
                        _("failed to get launch security policy"));
@@ -27052,6 +27056,10 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSec=
Def *sec)
     case VIR_DOMAIN_LAUNCH_SECURITY_SEV: {
         virDomainSEVDef *sev =3D &sec->data.sev;
=20
+        if (sev->kernel_hashes !=3D VIR_TRISTATE_BOOL_ABSENT)
+            virBufferAsprintf(&attrBuf, " kernelHashes=3D'%s'",
+                              virTristateBoolTypeToString(sev->kernel_hash=
es));
+
         if (sev->haveCbitpos)
             virBufferAsprintf(&childBuf, "<cbitpos>%d</cbitpos>\n", sev->c=
bitpos);
=20
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index c0c07ea6ba..8e576c00f8 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2692,6 +2692,7 @@ struct _virDomainSEVDef {
     unsigned int cbitpos;
     bool haveReducedPhysBits;
     unsigned int reduced_phys_bits;
+    virTristateBool kernel_hashes;
 };
=20
 struct _virDomainSecDef {
--=20
2.33.1

From nobody Mon May  6 22:41:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639154949; cv=none;
	d=zohomail.com; s=zohoarc;
	b=H4wMbkDnHzL2xwvqL0Q9nmWApfo7+cAybQB2isVNp0oUIcO1OzTB3NrKDaq4+vBQ6npvuc2jyr1y4rFeIoBgQF3uAxO9YWPJvNu/4Ib9FFALAQsGmy4SUY04jHVRzRIKabUQ9/La7CuzLLHi//D3lEoWHaQxCOe6sXdgEaRd338=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639154949;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=bfVmlPxBBK+3TJGWbudzCMx93nLDG60YYu+Xi2OtqzA=;
	b=DYaD/H2t78B4Y2yqV1JcUu1vBzZdbP7c7m4uJB8lO8veltZwrstiN79WBhxLFZz/pGvCJNZTjzjZZ19c4atykBwSKd2ncWIAqsuiUy7f2wNclGE40xc3irIJqn1Z4mktgwRwyOybVJfhlTVbrpa3eKfI9QYo7DCv+JeQ6Z+3j8Q=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1639154949808777.4774293423127;
 Fri, 10 Dec 2021 08:49:09 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-527-1G8SBEEtOu2pxeCWVm7q-w-1; Fri, 10 Dec 2021 11:49:06 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BBA4C10168C0;
	Fri, 10 Dec 2021 16:49:00 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9B6201001F4D;
	Fri, 10 Dec 2021 16:49:00 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 24FE24A700;
	Fri, 10 Dec 2021 16:49:00 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BAGmw2o020331 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 11:48:58 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 33B021002EFB; Fri, 10 Dec 2021 16:48:58 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 0609410016FE;
	Fri, 10 Dec 2021 16:48:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639154948;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=bfVmlPxBBK+3TJGWbudzCMx93nLDG60YYu+Xi2OtqzA=;
	b=AOSvvLAiB43UqvwG+6KVDw1P+t1vsIRsmcQok0QJJlAjsdMKAiWXtuuPYNCdoKleFh4NkP
	K/eiHegiV8Tm+XMlcYSfALpRnUW79XaribD2zDo99hR3Oht4+/Or/aQzmy0wjmqScNjQ8i
	FegXysNS6dXvnTp+CYBtziYXsnju3/g=
X-MC-Unique: 1G8SBEEtOu2pxeCWVm7q-w-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v3 12/13] qemu: probe for sev-guest.kernel-hashes
	property
Date: Fri, 10 Dec 2021 16:47:12 +0000
Message-Id: <20211210164713.3024012-13-berrange@redhat.com>
In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com>
References: <20211210164713.3024012-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639154950277100005

This sev-guest object property indicates whether QEMU should
expose the kernel, ramdisk, cmdline hashes to the firmware
for measurement.

The 6.2.0 capabilities are hacked to look as if they were
generated with sev-guest support.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/qemu/qemu_capabilities.c                  |   8 ++
 src/qemu/qemu_capabilities.h                  |   1 +
 .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml  |   7 +-
 .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml  |   7 +-
 tests/domaincapsdata/qemu_6.2.0.x86_64.xml    |   7 +-
 .../caps_2.12.0.x86_64.replies                |  97 ++++++++++++----
 .../caps_3.0.0.x86_64.replies                 |  97 ++++++++++++----
 .../caps_3.1.0.x86_64.replies                 |  97 ++++++++++++----
 .../caps_4.0.0.x86_64.replies                 |  97 ++++++++++++----
 .../caps_4.1.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_4.2.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_5.0.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_5.1.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_5.2.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_6.0.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_6.1.0.x86_64.replies                 |  89 ++++++++++----
 .../caps_6.2.0.x86_64.replies                 | 109 ++++++++++++++----
 .../caps_6.2.0.x86_64.xml                     |   8 ++
 18 files changed, 895 insertions(+), 263 deletions(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index ddd61ecfc9..9553e6e5b8 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -652,6 +652,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
               "device.json", /* QEMU_CAPS_DEVICE_JSON */
               "query-dirty-rate", /* QEMU_CAPS_QUERY_DIRTY_RATE */
               "rbd-encryption", /* QEMU_CAPS_RBD_ENCRYPTION */
+              "sev-guest-kernel-hashes", /* QEMU_CAPS_SEV_GUEST_KERNEL_HAS=
HES */
     );
=20
=20
@@ -1718,6 +1719,10 @@ static struct virQEMUCapsStringFlags virQEMUCapsObje=
ctPropsMaxCPU[] =3D {
     { "migratable", QEMU_CAPS_CPU_MIGRATABLE },
 };
=20
+static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsSEVGuest[] =3D {
+    { "kernel-hashes", QEMU_CAPS_SEV_GUEST_KERNEL_HASHES },
+};
+
 static virQEMUCapsObjectTypeProps virQEMUCapsObjectProps[] =3D {
     { "memory-backend-file", virQEMUCapsObjectPropsMemoryBackendFile,
       G_N_ELEMENTS(virQEMUCapsObjectPropsMemoryBackendFile),
@@ -1731,6 +1736,9 @@ static virQEMUCapsObjectTypeProps virQEMUCapsObjectPr=
ops[] =3D {
     { "max-arm-cpu", virQEMUCapsObjectPropsMaxCPU,
       G_N_ELEMENTS(virQEMUCapsObjectPropsMaxCPU),
       QEMU_CAPS_ARM_MAX_CPU },
+    { "sev-guest", virQEMUCapsObjectPropsSEVGuest,
+      G_N_ELEMENTS(virQEMUCapsObjectPropsSEVGuest),
+      QEMU_CAPS_SEV_GUEST },
 };
=20
 static struct virQEMUCapsStringFlags virQEMUCapsMachinePropsPSeries[] =3D {
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 716e09123c..aaac20a834 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -631,6 +631,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
     QEMU_CAPS_DEVICE_JSON, /* -device accepts JSON */
     QEMU_CAPS_QUERY_DIRTY_RATE, /* accepts query-dirty-rate */
     QEMU_CAPS_RBD_ENCRYPTION, /* Ceph RBD encryption support */
+    QEMU_CAPS_SEV_GUEST_KERNEL_HASHES, /* sev-guest.kernel-hashes=3D */
=20
     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
diff --git a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml b/tests/domainc=
apsdata/qemu_6.2.0-q35.x86_64.xml
index 9d68c0a404..b5f700c119 100644
--- a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml
@@ -225,6 +225,11 @@
     <genid supported=3D'yes'/>
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
-    <sev supported=3D'no'/>
+    <sev supported=3D'yes'>
+      <cbitpos>47</cbitpos>
+      <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>59</maxGuests>
+      <maxESGuests>450</maxESGuests>
+    </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml b/tests/domainc=
apsdata/qemu_6.2.0-tcg.x86_64.xml
index 8db840faac..c2c22d5775 100644
--- a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml
@@ -231,6 +231,11 @@
     <genid supported=3D'yes'/>
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
-    <sev supported=3D'no'/>
+    <sev supported=3D'yes'>
+      <cbitpos>47</cbitpos>
+      <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>59</maxGuests>
+      <maxESGuests>450</maxESGuests>
+    </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml b/tests/domaincapsd=
ata/qemu_6.2.0.x86_64.xml
index 0f89790b60..17207394dd 100644
--- a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
+++ b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml
@@ -225,6 +225,11 @@
     <genid supported=3D'yes'/>
     <backingStoreInput supported=3D'yes'/>
     <backup supported=3D'yes'/>
-    <sev supported=3D'no'/>
+    <sev supported=3D'yes'>
+      <cbitpos>47</cbitpos>
+      <reducedPhysBits>1</reducedPhysBits>
+      <maxGuests>59</maxGuests>
+      <maxESGuests>450</maxESGuests>
+    </sev>
   </features>
 </domainCapabilities>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies b/tests/=
qemucapabilitiesdata/caps_2.12.0.x86_64.replies
index 5fefbc64ab..c5bdd5398b 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.replies
@@ -17361,10 +17361,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-40"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-40"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-41"
+}
+
 {
   "return": [
     {
@@ -17561,7 +17610,7 @@
       "cpu-max": 255
     }
   ],
-  "id": "libvirt-40"
+  "id": "libvirt-41"
 }
=20
 {
@@ -17569,7 +17618,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -17674,12 +17723,12 @@
       "type": "string"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -18193,12 +18242,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -18206,12 +18255,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -18219,12 +18268,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -19511,12 +19560,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -19578,12 +19627,12 @@
       "capability": "dirty-bitmaps"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -19593,7 +19642,7 @@
     "cert-chain": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA=
",
     "pdh": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAA=
OAAA"
   },
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -19604,7 +19653,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -19794,7 +19843,7 @@
       }
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -19986,7 +20035,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -20241,7 +20290,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -20255,7 +20304,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -20445,7 +20494,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -20637,7 +20686,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
@@ -20892,7 +20941,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_3.0.0.x86_64.replies
index a63d1d8118..bc1ff6527d 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.replies
@@ -18035,10 +18035,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
+  "id": "libvirt-40"
+}
+
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
   "id": "libvirt-40"
 }
=20
+{
+  "execute": "query-machines",
+  "id": "libvirt-41"
+}
+
 {
   "return": [
     {
@@ -18245,7 +18294,7 @@
       "cpu-max": 255
     }
   ],
-  "id": "libvirt-40"
+  "id": "libvirt-41"
 }
=20
 {
@@ -18253,7 +18302,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -18358,12 +18407,12 @@
       "type": "string"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -18800,12 +18849,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -18813,12 +18862,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -18826,12 +18875,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -20130,12 +20179,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -20205,16 +20254,16 @@
       "capability": "late-block-activate"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
-  "id": "libvirt-47",
+  "id": "libvirt-48",
   "error": {
     "class": "GenericError",
     "desc": "SEV feature is not available"
@@ -20229,7 +20278,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -20422,7 +20471,7 @@
       }
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -20617,7 +20666,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -20880,7 +20929,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -20894,7 +20943,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -21087,7 +21136,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -21282,7 +21331,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
@@ -21545,7 +21594,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_3.1.0.x86_64.replies
index d021745a06..8bec154b10 100644
--- a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.replies
@@ -18452,10 +18452,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
+  "id": "libvirt-40"
+}
+
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
   "id": "libvirt-40"
 }
=20
+{
+  "execute": "query-machines",
+  "id": "libvirt-41"
+}
+
 {
   "return": [
     {
@@ -18672,7 +18721,7 @@
       "cpu-max": 255
     }
   ],
-  "id": "libvirt-40"
+  "id": "libvirt-41"
 }
=20
 {
@@ -18680,7 +18729,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -18785,12 +18834,12 @@
       "type": "int"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -19309,12 +19358,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -19322,12 +19371,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -19335,12 +19384,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -20614,12 +20663,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -20689,16 +20738,16 @@
       "capability": "late-block-activate"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
-  "id": "libvirt-47",
+  "id": "libvirt-48",
   "error": {
     "class": "GenericError",
     "desc": "SEV feature is not available"
@@ -20713,7 +20762,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -20915,7 +20964,7 @@
       }
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -21119,7 +21168,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -21394,7 +21443,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -21408,7 +21457,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -21610,7 +21659,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -21814,7 +21863,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
@@ -22089,7 +22138,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_4.0.0.x86_64.replies
index 5de9457eed..8a44f5e24a 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.replies
@@ -18981,10 +18981,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
+  "id": "libvirt-40"
+}
+
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
   "id": "libvirt-40"
 }
=20
+{
+  "execute": "query-machines",
+  "id": "libvirt-41"
+}
+
 {
   "return": [
     {
@@ -19201,7 +19250,7 @@
       "alias": "q35"
     }
   ],
-  "id": "libvirt-40"
+  "id": "libvirt-41"
 }
=20
 {
@@ -19209,7 +19258,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -19314,12 +19363,12 @@
       "type": "bool"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -19836,12 +19885,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -19849,12 +19898,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -19862,12 +19911,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -21149,12 +21198,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -21228,16 +21277,16 @@
       "capability": "x-ignore-shared"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
-  "id": "libvirt-47",
+  "id": "libvirt-48",
   "error": {
     "class": "GenericError",
     "desc": "SEV feature is not available"
@@ -21252,7 +21301,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -21456,7 +21505,7 @@
       }
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -21662,7 +21711,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -21941,7 +21990,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -21955,7 +22004,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -22159,7 +22208,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -22365,7 +22414,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
@@ -22644,7 +22693,7 @@
       }
     }
   },
-  "id": "libvirt-51"
+  "id": "libvirt-52"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_4.1.0.x86_64.replies
index 0dadabf948..7d5ef93f16 100644
--- a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.replies
@@ -19441,10 +19441,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-40"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-40"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-41"
+}
+
 {
   "return": [
     {
@@ -19766,7 +19815,7 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-40"
+  "id": "libvirt-41"
 }
=20
 {
@@ -19774,7 +19823,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -19879,12 +19928,12 @@
       "type": "bool"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -21029,12 +21078,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -21042,12 +21091,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -21055,12 +21104,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -22334,12 +22383,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -22413,16 +22462,16 @@
       "capability": "x-ignore-shared"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
-  "id": "libvirt-47",
+  "id": "libvirt-48",
   "error": {
     "class": "GenericError",
     "desc": "SEV feature is not available"
@@ -22437,7 +22486,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -22645,7 +22694,7 @@
       }
     }
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -22659,7 +22708,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -22867,7 +22916,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_4.2.0.x86_64.replies
index cd7a5c345c..e7aae333ec 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.replies
@@ -20483,10 +20483,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -20876,7 +20925,7 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -20884,7 +20933,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -20989,12 +21038,12 @@
       "type": "bool"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -22377,12 +22426,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -22390,12 +22439,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -22403,12 +22452,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -23694,12 +23743,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -23777,16 +23826,16 @@
       "capability": "validate-uuid"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
-  "id": "libvirt-48",
+  "id": "libvirt-49",
   "error": {
     "class": "GenericError",
     "desc": "SEV feature is not available"
@@ -23801,7 +23850,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -24103,7 +24152,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -24117,7 +24166,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -24419,7 +24468,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_5.0.0.x86_64.replies
index ad6ee05ba6..7657e7047d 100644
--- a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.replies
@@ -21808,10 +21808,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -22185,7 +22234,7 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -22193,7 +22242,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -22283,12 +22332,12 @@
       "type": "string"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -23833,12 +23882,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -23846,12 +23895,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -23859,12 +23908,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -25140,12 +25189,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -25223,16 +25272,16 @@
       "capability": "validate-uuid"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
-  "id": "libvirt-48",
+  "id": "libvirt-49",
   "error": {
     "class": "GenericError",
     "desc": "SEV feature is not available"
@@ -25247,7 +25296,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -25550,7 +25599,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -25564,7 +25613,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -25867,7 +25916,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_5.1.0.x86_64.replies
index b8f3c79026..82f6de7e7e 100644
--- a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.replies
@@ -22375,10 +22375,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -22768,7 +22817,7 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -22776,7 +22825,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -22866,12 +22915,12 @@
       "type": "string"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -24573,12 +24622,12 @@
       "migration-safe": true
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -24586,12 +24635,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -24599,12 +24648,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -25899,12 +25948,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -25982,16 +26031,16 @@
       "capability": "validate-uuid"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
-  "id": "libvirt-48",
+  "id": "libvirt-49",
   "error": {
     "class": "GenericError",
     "desc": "SEV is not enabled in KVM"
@@ -26006,7 +26055,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -26314,7 +26363,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -26328,7 +26377,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -26636,7 +26685,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_5.2.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_5.2.0.x86_64.replies
index 54d8db5904..89f0270e27 100644
--- a/tests/qemucapabilitiesdata/caps_5.2.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_5.2.0.x86_64.replies
@@ -22982,10 +22982,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -23441,7 +23490,7 @@
       "default-ram-id": "pc.ram"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -23449,7 +23498,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -23534,12 +23583,12 @@
       "type": "string"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -25364,12 +25413,12 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -25377,12 +25426,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -25390,12 +25439,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -26690,12 +26739,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -26773,16 +26822,16 @@
       "capability": "validate-uuid"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
-  "id": "libvirt-48",
+  "id": "libvirt-49",
   "error": {
     "class": "GenericError",
     "desc": "SEV is not enabled in KVM"
@@ -26797,7 +26846,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -27106,7 +27155,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -27120,7 +27169,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -27429,7 +27478,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_6.0.0.x86_64.replies
index 986bb56630..6cda5538a5 100644
--- a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.replies
@@ -24796,10 +24796,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -25244,7 +25293,7 @@
       "default-ram-id": "pc.ram"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -25252,7 +25301,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -25350,12 +25399,12 @@
       "type": "child<container>"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -27223,12 +27272,12 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -27236,12 +27285,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -27249,12 +27298,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -28573,12 +28622,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -28660,12 +28709,12 @@
       "capability": "background-snapshot"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -28675,7 +28724,7 @@
     "cert-chain": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA=
",
     "pdh": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAA=
OAAA"
   },
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
@@ -28686,7 +28735,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -29007,7 +29056,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -29021,7 +29070,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -29342,7 +29391,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_6.1.0.x86_64.replies
index 92feb723e6..694f0c64b2 100644
--- a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.replies
@@ -25060,10 +25060,59 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -25526,7 +25575,7 @@
       "default-ram-id": "pc.ram"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -25534,7 +25583,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -25637,12 +25686,12 @@
       "type": "child<container>"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -27699,12 +27748,12 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -27712,12 +27761,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -27725,12 +27774,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -29062,12 +29111,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -29149,16 +29198,16 @@
       "capability": "background-snapshot"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
-  "id": "libvirt-48",
+  "id": "libvirt-49",
   "error": {
     "class": "GenericError",
     "desc": "Failed to open /dev/sev: No such file or directory"
@@ -29173,7 +29222,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -29496,7 +29545,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -29510,7 +29559,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -29833,7 +29882,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies b/tests/q=
emucapabilitiesdata/caps_6.2.0.x86_64.replies
index 69d3b1b12a..71f325f921 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies
+++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies
@@ -13315,6 +13315,11 @@
         {
           "name": "reduced-phys-bits",
           "type": "int"
+        },
+        {
+          "name": "kernel-hashes",
+          "default": null,
+          "type": "bool"
         }
       ],
       "meta-type": "object"
@@ -28022,10 +28027,64 @@
 }
=20
 {
-  "execute": "query-machines",
+  "execute": "qom-list-properties",
+  "arguments": {
+    "typename": "sev-guest"
+  },
   "id": "libvirt-41"
 }
=20
+{
+  "return": [
+    {
+      "name": "type",
+      "type": "string"
+    },
+    {
+      "name": "dh-cert-file",
+      "description": "guest owners DH certificate (encoded with base64)",
+      "type": "string"
+    },
+    {
+      "name": "sev-device",
+      "description": "SEV device to use",
+      "type": "string"
+    },
+    {
+      "name": "session-file",
+      "description": "guest owners session parameters (encoded with base64=
)",
+      "type": "string"
+    },
+    {
+      "name": "kernel-hashes",
+      "description": "add kernel hashes to guest firmware for measured Lin=
ux boot",
+      "type": "bool"
+    },
+    {
+      "name": "handle",
+      "type": "uint32"
+    },
+    {
+      "name": "policy",
+      "type": "uint32"
+    },
+    {
+      "name": "reduced-phys-bits",
+      "type": "uint32"
+    },
+    {
+      "name": "cbitpos",
+      "type": "uint32"
+    }
+  ],
+  "id": "libvirt-41"
+}
+
+{
+  "execute": "query-machines",
+  "id": "libvirt-42"
+}
+
 {
   "return": [
     {
@@ -28506,7 +28565,7 @@
       "default-ram-id": "pc.ram"
     }
   ],
-  "id": "libvirt-41"
+  "id": "libvirt-42"
 }
=20
 {
@@ -28514,7 +28573,7 @@
   "arguments": {
     "typename": "none-machine"
   },
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
@@ -28617,12 +28676,12 @@
       "type": "child<container>"
     }
   ],
-  "id": "libvirt-42"
+  "id": "libvirt-43"
 }
=20
 {
   "execute": "query-cpu-definitions",
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
@@ -30692,12 +30751,12 @@
       "deprecated": false
     }
   ],
-  "id": "libvirt-43"
+  "id": "libvirt-44"
 }
=20
 {
   "execute": "query-tpm-models",
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
@@ -30705,12 +30764,12 @@
     "tpm-crb",
     "tpm-tis"
   ],
-  "id": "libvirt-44"
+  "id": "libvirt-45"
 }
=20
 {
   "execute": "query-tpm-types",
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
@@ -30718,12 +30777,12 @@
     "passthrough",
     "emulator"
   ],
-  "id": "libvirt-45"
+  "id": "libvirt-46"
 }
=20
 {
   "execute": "query-command-line-options",
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
@@ -32055,12 +32114,12 @@
       "option": "drive"
     }
   ],
-  "id": "libvirt-46"
+  "id": "libvirt-47"
 }
=20
 {
   "execute": "query-migrate-capabilities",
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
@@ -32142,20 +32201,22 @@
       "capability": "background-snapshot"
     }
   ],
-  "id": "libvirt-47"
+  "id": "libvirt-48"
 }
=20
 {
   "execute": "query-sev-capabilities",
-  "id": "libvirt-48"
+  "id": "libvirt-49"
 }
=20
 {
-  "id": "libvirt-48",
-  "error": {
-    "class": "GenericError",
-    "desc": "SEV: Failed to open /dev/sev: No such file or directory"
-  }
+  "return": {
+    "reduced-phys-bits": 1,
+    "cbitpos": 47,
+    "cert-chain": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA=
",
+    "pdh": "AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAA=
OAAA"
+  },
+  "id": "libvirt-49"
 }
=20
 {
@@ -32166,7 +32227,7 @@
       "name": "host"
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -32499,7 +32560,7 @@
       }
     }
   },
-  "id": "libvirt-49"
+  "id": "libvirt-50"
 }
=20
 {
@@ -32513,7 +32574,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
@@ -32846,7 +32907,7 @@
       }
     }
   },
-  "id": "libvirt-50"
+  "id": "libvirt-51"
 }
=20
 {
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_6.2.0.x86_64.xml
index 39179916c5..73ab031931 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
@@ -154,6 +154,7 @@
   <flag name=3D'tpm-emulator'/>
   <flag name=3D'mch'/>
   <flag name=3D'mch.extended-tseg-mbytes'/>
+  <flag name=3D'sev-guest'/>
   <flag name=3D'usb-storage.werror'/>
   <flag name=3D'egl-headless'/>
   <flag name=3D'vfio-pci.display'/>
@@ -240,6 +241,7 @@
   <flag name=3D'device.json'/>
   <flag name=3D'query-dirty-rate'/>
   <flag name=3D'rbd-encryption'/>
+  <flag name=3D'sev-guest-kernel-hashes'/>
   <version>6001050</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100244</microcodeVersion>
@@ -3710,4 +3712,10 @@
   <machine type=3D'tcg' name=3D'pc-q35-2.5' hotplugCpus=3D'yes' maxCpus=3D=
'255' defaultCPU=3D'qemu64-x86_64-cpu' numaMemSupported=3D'yes' defaultRAMi=
d=3D'pc.ram'/>
   <machine type=3D'tcg' name=3D'pc-i440fx-3.0' hotplugCpus=3D'yes' maxCpus=
=3D'255' defaultCPU=3D'qemu64-x86_64-cpu' numaMemSupported=3D'yes' defaultR=
AMid=3D'pc.ram'/>
   <machine type=3D'tcg' name=3D'pc-q35-2.11' hotplugCpus=3D'yes' maxCpus=
=3D'288' defaultCPU=3D'qemu64-x86_64-cpu' numaMemSupported=3D'yes' defaultR=
AMid=3D'pc.ram'/>
+  <sev>
+    <cbitpos>47</cbitpos>
+    <reducedPhysBits>1</reducedPhysBits>
+    <pdh>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAA=
A</pdh>
+    <certChain>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</ce=
rtChain>
+  </sev>
 </qemuCaps>
--=20
2.33.1

From nobody Mon May  6 22:41:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1639154948; cv=none;
	d=zohomail.com; s=zohoarc;
	b=BskgC1SEP+7D0tbWlW+isCB3ut2MbdiYBfZRr1vkbaijUmURb8ZtBSYNonPKJTxpkb6sUxcXBaf1f9z+whoyGmmlox2wxqSq33Sm9SqEhcTGqLs/cHldbzyzgThsJ4ORU7/BxqWC4Pn4fmHD7nto/YDqgaMpPG9txG0xJjnOhwI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1639154948;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=YTWHdhtzoPq4YbDLBT3aHYSECrVyJ00UNbZkVZdp1fQ=;
	b=LocSVm+SpfmbR8v1V2ubMh5JsZH+fYd035x5KFBsstyE20btdG5g6rRF5v7wCaw+Z8fpltcDwzPeS52Hj6/UZkNrtH/s9QUB6mZd0aBKr6Q95hxcNsbvs4X9QD6m09xP5ZjjbmvIe21YEuEXDs5KiQK2FC2bjIdHpLNOKypHP+4=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 163915494869760.25189682022426;
 Fri, 10 Dec 2021 08:49:08 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-214-RPV8mExAO1upvcyIASrSPA-1; Fri, 10 Dec 2021 11:49:05 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B4DF381EE64;
	Fri, 10 Dec 2021 16:49:00 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9317610016FE;
	Fri, 10 Dec 2021 16:49:00 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 60F264A709;
	Fri, 10 Dec 2021 16:49:00 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BAGmxxE020341 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Dec 2021 11:48:59 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 3863D1001F4D; Fri, 10 Dec 2021 16:48:59 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.153])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 868331000180;
	Fri, 10 Dec 2021 16:48:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1639154947;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=YTWHdhtzoPq4YbDLBT3aHYSECrVyJ00UNbZkVZdp1fQ=;
	b=PEVXXm9RQIBYXBJS37kqRYqtmH6mINaMO9LwXp474h+RPE+AhQrNHoxVXz3o/870dgjnLK
	lfDWsOcvIEbgaFW/rwKuazixUAyz4JMxw3EGMEPIxmTWKF9AxUVe86XpHhCVgh39aXYvhf
	p6B9plGJLw2CxtkJzJVapOyagtkYB1I=
X-MC-Unique: RPV8mExAO1upvcyIASrSPA-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH v3 13/13] qemu: format sev-guest.kernel-hashes
 property
Date: Fri, 10 Dec 2021 16:47:13 +0000
Message-Id: <20211210164713.3024012-14-berrange@redhat.com>
In-Reply-To: <20211210164713.3024012-1-berrange@redhat.com>
References: <20211210164713.3024012-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1639154949975100003

Set the kernel-hashes property on the sev-guest object if
the config asked for it explicitly. While QEMU machine
types currently default to having this setting off, it
is not guaranteed to remain this way.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_command.c                       |  1 +
 src/qemu/qemu_validate.c                      |  7 ++++
 ...unch-security-sev-direct.x86_64-6.2.0.args | 40 +++++++++++++++++++
 .../launch-security-sev-direct.xml            | 39 ++++++++++++++++++
 tests/qemuxml2argvtest.c                      |  1 +
 5 files changed, 88 insertions(+)
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.x86_6=
4-6.2.0.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.xml

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 613f7a5d2a..dfbf4973f5 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9894,6 +9894,7 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand =
*cmd,
                                      "u:policy", sev->policy,
                                      "S:dh-cert-file", dhpath,
                                      "S:session-file", sessionpath,
+                                     "T:kernel-hashes", sev->kernel_hashes,
                                      NULL) < 0)
         return -1;
=20
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 29b01495ad..c0dc1f7b53 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1200,6 +1200,13 @@ qemuValidateDomainDef(const virDomainDef *def,
                                  "this QEMU binary"));
                 return -1;
             }
+
+            if (def->sec->data.sev.kernel_hashes =3D=3D VIR_TRISTATE_BOOL_=
YES &&
+                !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST_KERNEL_HASHE=
S)) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("SEV measured direct kernel boot is not s=
upported with this QEMU binary"));
+                return -1;
+            }
             break;
         case VIR_DOMAIN_LAUNCH_SECURITY_PV:
             if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GU=
EST_SUPPORT) ||
diff --git a/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-6.2.0=
.args b/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-6.2.0.args
new file mode 100644
index 0000000000..0062faa06c
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-6.2.0.args
@@ -0,0 +1,40 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/tmp/lib/domain--1-QEMUGuest1 \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3DQEMUGuest1,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm=
p/lib/domain--1-QEMUGuest1/master-key.aes"}' \
+-machine pc-i440fx-6.2,usb=3Doff,dump-guest-core=3Doff,confidential-guest-=
support=3Dlsec0,memory-backend=3Dpc.ram \
+-accel kvm \
+-cpu qemu64 \
+-m 214 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}'=
 \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-no-acpi \
+-boot strict=3Don \
+-kernel /vmlinuz \
+-initrd /initrd \
+-append runme \
+-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0=
x2"}' \
+-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","no=
de-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw=
","file":"libvirt-1-storage"}' \
+-device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-form=
at","id":"ide0-0-0","bootindex":1}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":47,"reduced-phys-b=
its":1,"policy":1,"dh-cert-file":"/tmp/lib/domain--1-QEMUGuest1/dh_cert.bas=
e64","session-file":"/tmp/lib/domain--1-QEMUGuest1/session.base64","kernel-=
hashes":true}' \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxml2argvdata/launch-security-sev-direct.xml b/tests/=
qemuxml2argvdata/launch-security-sev-direct.xml
new file mode 100644
index 0000000000..80ce6412dd
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev-direct.xml
@@ -0,0 +1,39 @@
+<domain type=3D'kvm'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit=3D'KiB'>219100</memory>
+  <currentMemory unit=3D'KiB'>219100</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc'>hvm</type>
+    <kernel>/vmlinuz</kernel>
+    <initrd>/initrd</initrd>
+    <cmdline>runme</cmdline>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'block' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source dev=3D'/dev/HostVG/QEMUGuest1'/>
+      <target dev=3D'hda' bus=3D'ide'/>
+      <address type=3D'drive' controller=3D'0' bus=3D'0' target=3D'0' unit=
=3D'0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'/>
+    <controller type=3D'ide' index=3D'0'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <memballoon model=3D'none'/>
+  </devices>
+  <launchSecurity type=3D'sev' kernelHashes=3D'yes'>
+    <cbitpos>47</cbitpos>
+    <reducedPhysBits>1</reducedPhysBits>
+    <policy>0x0001</policy>
+    <dhCert>AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA</dhCer=
t>
+    <session>IHAVENOIDEABUTJUSTPROVIDINGASTRING</session>
+  </launchSecurity>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 615f45376c..e1ecb749ed 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -3423,6 +3423,7 @@ mymain(void)
     DO_TEST_CAPS_VER("launch-security-sev", "2.12.0");
     DO_TEST_CAPS_VER("launch-security-sev", "6.0.0");
     DO_TEST_CAPS_VER("launch-security-sev-missing-platform-info", "2.12.0"=
);
+    DO_TEST_CAPS_VER("launch-security-sev-direct", "6.2.0");
=20
     DO_TEST_CAPS_ARCH_LATEST("launch-security-s390-pv", "s390x");
=20
--=20
2.33.1