From nobody Fri May 3 08:07:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639498073; cv=none; d=zohomail.com; s=zohoarc; b=JU551VFEgmOya0bLSlbbJXIWu0E347OfdAm0qNcULVygRzW6AmJrNHx8xdMZZUp6jPvBQ9fbGopXcBTwfdREB/0yFcmerhHlIdSatC4hr52F5nwdObdXp96GjX26Rhq9E4YZEV50VlgxH8UlxFzBQgC+RVxOB4OjvDC9MGIf3Uc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639498073; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=v8SP8QTG6jBJ8t8sn82sEjI4E7eFqkhzLBr6Cq549Po=; b=mn+jOOewC/g1PJvsQlkCXXQfiYlMK8/c55VyvdI1uhbC0S9kWtLOGISJ6SOp0ISczbrKauGzY1+kpsiUpbUFhp9LHTG63HGdVZ7zPvRK+ETiYdy3P7On+K1YvaOfX7xA0RiCL0Wh3ACbNagOzeKLpxgVlkJnjMInURMe3hdRGI4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1639498073888421.13347180976587; Tue, 14 Dec 2021 08:07:53 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-225-5W4Ds-ebP1alC3i5ojrpuQ-1; Tue, 14 Dec 2021 11:07:48 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B6B9B34834; Tue, 14 Dec 2021 16:07:42 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4672E74E8D; Tue, 14 Dec 2021 16:07:42 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 917104BB7B; Tue, 14 Dec 2021 16:07:41 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1BEG7eLZ017363 for ; Tue, 14 Dec 2021 11:07:40 -0500 Received: by smtp.corp.redhat.com (Postfix) id 5CDF674E9B; Tue, 14 Dec 2021 16:07:40 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.39.194.122]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7A13677C9E; Tue, 14 Dec 2021 16:07:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1639498072; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=v8SP8QTG6jBJ8t8sn82sEjI4E7eFqkhzLBr6Cq549Po=; b=fjRzPqwWrwieB06PD5OiolqyaXjcyxWxIdjGAXA/q452pGIo5nAar09N0gEzvk1oXosPN0 TLMfB3xg3YiijWYijYXUQGbq9fbl8xiboHFMcthB/l+uOz+erGs7IE15wpxJnUqgPE8+bQ 2gjSKLWywYugM/yw5YlPlkW0c93N+Fo= X-MC-Unique: 5W4Ds-ebP1alC3i5ojrpuQ-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH v4 1/3] conf: add support for setting SEV kernel hashes Date: Tue, 14 Dec 2021 16:07:04 +0000 Message-Id: <20211214160706.3392451-2-berrange@redhat.com> In-Reply-To: <20211214160706.3392451-1-berrange@redhat.com> References: <20211214160706.3392451-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Cc: Peter Krempa X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1639498074941100001 Normally the SEV measurement only covers the firmware loader contents. When doing a direct kernel boot, however, with new enough OVMF it is possible to ask for the measurement to cover the kernel, ramdisk and command line. It can't be done automatically as that would break existing guests using direct kernel boot with old firmware, so there is a new XML setting allowing this behaviour to be toggled. Reviewed-by: Peter Krempa Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/formatdomain.rst | 7 ++++++- docs/schemas/domaincommon.rng | 5 +++++ src/conf/domain_conf.c | 8 ++++++++ src/conf/domain_conf.h | 1 + 4 files changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 0c5e33c78f..9d064a4af2 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -8215,7 +8215,7 @@ spec `__ =20 ... - + 0x0001 47 1 @@ -8225,6 +8225,11 @@ spec `__ ... =20 +``kernelHashes`` + The optional ``kernelHashes`` attribute indicates whether the + hashes of the kernel, ramdisk and command line should be included + in the measurement done by the firmware. This is only valid if + using direct kernel boot. :since:`Since 8.0.0` ``cbitpos`` The required ``cbitpos`` element provides the C-bit (aka encryption bit) location in guest page table entry. The value of ``cbitpos`` is hypervi= sor diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index ce5018f798..7fa5c2b8b5 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -499,6 +499,11 @@ sev + + + + + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 9a21ac10ce..bd372190df 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -14804,6 +14804,10 @@ virDomainSEVDefParseXML(virDomainSEVDef *def, unsigned long policy; int rc; =20 + if (virXMLPropTristateBool(ctxt->node, "kernelHashes", VIR_XML_PROP_NO= NE, + &def->kernel_hashes) < 0) + return -1; + if (virXPathULongHex("string(./policy)", ctxt, &policy) < 0) { virReportError(VIR_ERR_XML_ERROR, "%s", _("failed to get launch security policy")); @@ -27133,6 +27137,10 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSec= Def *sec) case VIR_DOMAIN_LAUNCH_SECURITY_SEV: { virDomainSEVDef *sev =3D &sec->data.sev; =20 + if (sev->kernel_hashes !=3D VIR_TRISTATE_BOOL_ABSENT) + virBufferAsprintf(&attrBuf, " kernelHashes=3D'%s'", + virTristateBoolTypeToString(sev->kernel_hash= es)); + if (sev->haveCbitpos) virBufferAsprintf(&childBuf, "%d\n", sev->c= bitpos); =20 diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index afabcd1b4d..144ba4dd12 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2714,6 +2714,7 @@ struct _virDomainSEVDef { unsigned int cbitpos; bool haveReducedPhysBits; unsigned int reduced_phys_bits; + virTristateBool kernel_hashes; }; =20 struct _virDomainSecDef { --=20 2.33.1 From nobody Fri May 3 08:07:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639498083; cv=none; d=zohomail.com; s=zohoarc; b=Y/bOHovIySMgokQD3LtwN/QsmNnRsDZvHrKgQYSu7NO3BoUQXdRlYEcGnnfP+QXmqZxQkNLpIUz/SV8UvLksoRz0LsnAQ8NztPyQPcCTbRffFlhfvfQuwsNcgsRHSpZ2SAWSN0pfmhaU8u0YsZBEua0849t/JYu4t1dNKCmX92s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639498083; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=HoD6cNs1R/BOSNTsPvjEx0PbAcZQkp0HvmM+e2QocAg=; b=icf9XK+mBrGmg26O+KPxl/womknd6rDizL13YxAQRmkqC242ds3WVLX/2zRk13cLYWaPZ597cMt6lFnshGBQEcreMVKReIO8SKAyjGhmOCNQVEgV1hISmCU3lizfMMlE+sh5P/s6bilzPu9slWMmV0JSs4TOEXyxlO7Gwp9wIJ0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1639498083302665.3628462925574; Tue, 14 Dec 2021 08:08:03 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-186-KhbQKSirMHG04KEMJz2uGw-1; Tue, 14 Dec 2021 11:07:55 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0D842100CCC2; Tue, 14 Dec 2021 16:07:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E2341105914A; Tue, 14 Dec 2021 16:07:49 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id A300B1809CB9; Tue, 14 Dec 2021 16:07:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1BEG7fFk017373 for ; Tue, 14 Dec 2021 11:07:41 -0500 Received: by smtp.corp.redhat.com (Postfix) id 687D074E8D; Tue, 14 Dec 2021 16:07:41 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.39.194.122]) by smtp.corp.redhat.com (Postfix) with ESMTP id AF9FF77453; Tue, 14 Dec 2021 16:07:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1639498082; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=HoD6cNs1R/BOSNTsPvjEx0PbAcZQkp0HvmM+e2QocAg=; b=JDWfnEoExlMC2RW85Dk6DGtdXTm2PJ3+ODQvVaNb2JP6MdX3I224ufZGsAxBimx/SpeJfp 4H896d1PYFeYLpE1BXv2gOucWLYRsCQINr6wq5SyuOTPZ0Jyuk6tKY9USrrrwBHDrszJ2E ABN7t1ND88Tx8gkdNeqMMdarMqBwL3M= X-MC-Unique: KhbQKSirMHG04KEMJz2uGw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH v4 2/3] qemu: probe for sev-guest.kernel-hashes property Date: Tue, 14 Dec 2021 16:07:05 +0000 Message-Id: <20211214160706.3392451-3-berrange@redhat.com> In-Reply-To: <20211214160706.3392451-1-berrange@redhat.com> References: <20211214160706.3392451-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1639498085460100001 This sev-guest object property indicates whether QEMU should expose the kernel, ramdisk, cmdline hashes to the firmware for measurement. The 6.2.0 capabilities are selectively refreshed to pull in the kernel-hashes parameter to the schema. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies | 5 +++++ tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml | 1 + 4 files changed, 9 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index ddd61ecfc9..c1b06998af 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -652,6 +652,7 @@ VIR_ENUM_IMPL(virQEMUCaps, "device.json", /* QEMU_CAPS_DEVICE_JSON */ "query-dirty-rate", /* QEMU_CAPS_QUERY_DIRTY_RATE */ "rbd-encryption", /* QEMU_CAPS_RBD_ENCRYPTION */ + "sev-guest-kernel-hashes", /* QEMU_CAPS_SEV_GUEST_KERNEL_HAS= HES */ ); =20 =20 @@ -1571,6 +1572,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSc= hemaQueries[] =3D { { "query-named-block-nodes/arg-type/flat", QEMU_CAPS_QMP_QUERY_NAMED_B= LOCK_NODES_FLAT }, { "screendump/arg-type/device", QEMU_CAPS_SCREENDUMP_DEVICE }, { "set-numa-node/arg-type/+hmat-lb", QEMU_CAPS_NUMA_HMAT }, + { "object-add/arg-type/+sev-guest/kernel-hashes", QEMU_CAPS_SEV_GUEST_= KERNEL_HASHES }, }; =20 typedef struct _virQEMUCapsObjectTypeProps virQEMUCapsObjectTypeProps; diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 716e09123c..aaac20a834 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -631,6 +631,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for = syntax-check */ QEMU_CAPS_DEVICE_JSON, /* -device accepts JSON */ QEMU_CAPS_QUERY_DIRTY_RATE, /* accepts query-dirty-rate */ QEMU_CAPS_RBD_ENCRYPTION, /* Ceph RBD encryption support */ + QEMU_CAPS_SEV_GUEST_KERNEL_HASHES, /* sev-guest.kernel-hashes=3D */ =20 QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies b/tests/q= emucapabilitiesdata/caps_6.2.0.x86_64.replies index 69d3b1b12a..9de8e3bd66 100644 --- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies +++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.replies @@ -13315,6 +13315,11 @@ { "name": "reduced-phys-bits", "type": "int" + }, + { + "name": "kernel-hashes", + "default": null, + "type": "bool" } ], "meta-type": "object" diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_6.2.0.x86_64.xml index 39179916c5..5aa65679ee 100644 --- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml @@ -240,6 +240,7 @@ + 6001050 0 43100244 --=20 2.33.1 From nobody Fri May 3 08:07:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639498083; cv=none; d=zohomail.com; s=zohoarc; b=d6ENedsj5u2Bns3vEVRuWDFlMadoD8l2S4QEhdJJ7FCpMr3matKxBkJIaes3MiADHBNOuW/qRsTJYVpertCUGxyWlhftNNBqM3kC8DscQpW/aM0+gFgwyc4qH8YNIqqiu9/McU/HOSOCDJBoR6JcrJV4Jw2fzz3X2gkj9rB/NMY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639498083; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=LrkrbZY4czmRCQhK69FlDa4t6udeLG44ZIV9yRdjs+s=; b=cTsqtNVIwL2lP1v14Y8nLyD+fy5aNlugnuL8zRBju2nOdtJ6qb4xnDki2e4tAUjTXPQPniVNrYwFDHsEIaCqXkaAMsCfKuGxC8BxQk+A5SniUlE1kBP5tV11gqaaBqaolYoOtWeWaV9QK5V1yw3/7Q29LEbX+lLTlXlNCU7ogHk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1639498083576270.5511721346094; Tue, 14 Dec 2021 08:08:03 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-195-s7O4dCNyM86SM7Kapf-FDA-1; Tue, 14 Dec 2021 11:08:00 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 18276801AAB; Tue, 14 Dec 2021 16:07:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EA4C3708D5; Tue, 14 Dec 2021 16:07:49 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BB9E44CA9B; Tue, 14 Dec 2021 16:07:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1BEG7ghT017388 for ; Tue, 14 Dec 2021 11:07:42 -0500 Received: by smtp.corp.redhat.com (Postfix) id 6B4B674E8F; Tue, 14 Dec 2021 16:07:42 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.39.194.122]) by smtp.corp.redhat.com (Postfix) with ESMTP id B7A56708D5; Tue, 14 Dec 2021 16:07:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1639498082; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=LrkrbZY4czmRCQhK69FlDa4t6udeLG44ZIV9yRdjs+s=; b=EYqYVgXlDb9IPmYnrl7xI30fCE7hF/BpSFcSmhN8KWypp8GcyVsp9G8pixek81l+JigWnr kD48u4bZSNGGXHfQKipLgFmTCkj5zGRLZfMBaMBdDusSVeDAquFTT6+fsn5CNFMnTwHbwm HlAwoZd6mHEHKQPv1/rwfBPkVIyOeug= X-MC-Unique: s7O4dCNyM86SM7Kapf-FDA-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH v4 3/3] qemu: format sev-guest.kernel-hashes property Date: Tue, 14 Dec 2021 16:07:06 +0000 Message-Id: <20211214160706.3392451-4-berrange@redhat.com> In-Reply-To: <20211214160706.3392451-1-berrange@redhat.com> References: <20211214160706.3392451-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1639498085539100002 Set the kernel-hashes property on the sev-guest object if the config asked for it explicitly. While QEMU machine types currently default to having this setting off, it is not guaranteed to remain this way. We can't assume that the QEMU capabilities were generated on an AMD host with SEV, so we must force set the QEMU_CAPS_SEV_GUEST. This also means that the 'sev' info in the qemuCaps struct might be NULL, but this is harmless from POV of testing the CLI generator. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Peter Krempa --- src/qemu/qemu_capabilities.c | 5 +++ src/qemu/qemu_command.c | 1 + src/qemu/qemu_validate.c | 7 ++++ ...nch-security-sev-direct.x86_64-latest.args | 40 +++++++++++++++++++ .../launch-security-sev-direct.xml | 39 ++++++++++++++++++ tests/qemuxml2argvtest.c | 5 +++ tests/testutilsqemu.c | 15 ++++--- 7 files changed, 107 insertions(+), 5 deletions(-) create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.x86_6= 4-latest.args create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.xml diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index c1b06998af..4f63322a9e 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -1892,6 +1892,11 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst, { g_autoptr(virSEVCapability) tmp =3D NULL; =20 + if (!src) { + *dst =3D NULL; + return 0; + } + tmp =3D g_new0(virSEVCapability, 1); =20 tmp->pdh =3D g_strdup(src->pdh); diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 6d00105b24..4d5f7934cb 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9928,6 +9928,7 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand = *cmd, "u:policy", sev->policy, "S:dh-cert-file", dhpath, "S:session-file", sessionpath, + "T:kernel-hashes", sev->kernel_hashes, NULL) < 0) return -1; =20 diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index f9a195e991..c1924eb2ad 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -1217,6 +1217,13 @@ qemuValidateDomainDef(const virDomainDef *def, "this QEMU binary")); return -1; } + + if (def->sec->data.sev.kernel_hashes !=3D VIR_TRISTATE_BOOL_AB= SENT && + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST_KERNEL_HASHE= S)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("SEV measured direct kernel boot is not s= upported with this QEMU binary")); + return -1; + } break; case VIR_DOMAIN_LAUNCH_SECURITY_PV: if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_MACHINE_CONFIDENTAL_GU= EST_SUPPORT) || diff --git a/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-lates= t.args b/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.ar= gs new file mode 100644 index 0000000000..dac312e301 --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args @@ -0,0 +1,40 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/tmp/lib/domain--1-QEMUGuest1 \ +USER=3Dtest \ +LOGNAME=3Dtest \ +XDG_DATA_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.local/share \ +XDG_CACHE_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.cache \ +XDG_CONFIG_HOME=3D/tmp/lib/domain--1-QEMUGuest1/.config \ +/usr/bin/qemu-system-x86_64 \ +-name guest=3DQEMUGuest1,debug-threads=3Don \ +-S \ +-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm= p/lib/domain--1-QEMUGuest1/master-key.aes"}' \ +-machine pc,usb=3Doff,dump-guest-core=3Doff,confidential-guest-support=3Dl= sec0,memory-backend=3Dpc.ram \ +-accel kvm \ +-cpu qemu64 \ +-m 214 \ +-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}'= \ +-overcommit mem-lock=3Doff \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-display none \ +-no-user-config \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \ +-rtc base=3Dutc \ +-no-shutdown \ +-no-acpi \ +-boot strict=3Don \ +-kernel /vmlinuz \ +-initrd /initrd \ +-append runme \ +-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0= x2"}' \ +-blockdev '{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","no= de-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \ +-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw= ","file":"libvirt-1-storage"}' \ +-device '{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-form= at","id":"ide0-0-0","bootindex":1}' \ +-audiodev '{"id":"audio1","driver":"none"}' \ +-object '{"qom-type":"sev-guest","id":"lsec0","cbitpos":47,"reduced-phys-b= its":1,"policy":1,"dh-cert-file":"/tmp/lib/domain--1-QEMUGuest1/dh_cert.bas= e64","session-file":"/tmp/lib/domain--1-QEMUGuest1/session.base64","kernel-= hashes":true}' \ +-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource= control=3Ddeny \ +-msg timestamp=3Don diff --git a/tests/qemuxml2argvdata/launch-security-sev-direct.xml b/tests/= qemuxml2argvdata/launch-security-sev-direct.xml new file mode 100644 index 0000000000..80ce6412dd --- /dev/null +++ b/tests/qemuxml2argvdata/launch-security-sev-direct.xml @@ -0,0 +1,39 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + /vmlinuz + /initrd + runme + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + +
+ + + + + + + + + + 47 + 1 + 0x0001 + AQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAAAQAAAAAOAAA + IHAVENOIDEABUTJUSTPROVIDINGASTRING + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 0b88b580c5..6c67b36d5c 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -3425,6 +3425,11 @@ mymain(void) DO_TEST_CAPS_VER("launch-security-sev", "2.12.0"); DO_TEST_CAPS_VER("launch-security-sev", "6.0.0"); DO_TEST_CAPS_VER("launch-security-sev-missing-platform-info", "2.12.0"= ); + DO_TEST_CAPS_ARCH_LATEST_FULL("launch-security-sev-direct", + "x86_64", + ARG_QEMU_CAPS, + QEMU_CAPS_SEV_GUEST, + QEMU_CAPS_LAST); =20 DO_TEST_CAPS_ARCH_LATEST("launch-security-s390-pv", "s390x"); =20 diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c index 7b19575d8b..7fdb82daec 100644 --- a/tests/testutilsqemu.c +++ b/tests/testutilsqemu.c @@ -772,11 +772,6 @@ testQemuInfoInitArgs(struct testQemuInfo *info) bool stripmachinealiases =3D false; virQEMUCaps *cachedcaps =3D NULL; =20 - if (info->args.fakeCapsUsed) { - fprintf(stderr, "ARG_QEMU_CAPS can not be combined with ARG_CA= PS_ARCH or ARG_CAPS_VER\n"); - return -1; - } - info->arch =3D virArchFromString(info->args.capsarch); =20 if (STREQ(info->args.capsver, "latest")) { @@ -805,6 +800,16 @@ testQemuInfoInitArgs(struct testQemuInfo *info) if (!(info->qemuCaps =3D virQEMUCapsNewCopy(cachedcaps))) return -1; =20 + if (info->args.fakeCapsUsed) { + size_t i; + for (i =3D 0; i < QEMU_CAPS_LAST; i++) { + if (virQEMUCapsGet(info->args.fakeCaps, i)) { + virQEMUCapsSet(info->qemuCaps, i); + } + } + } + + if (stripmachinealiases) virQEMUCapsStripMachineAliases(info->qemuCaps); =20 --=20 2.33.1