From nobody Fri May  3 20:42:04 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=quarantine dis=quarantine)  header.from=suse.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1640057082082150.49146178212573;
 Mon, 20 Dec 2021 19:24:42 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-260-4c1gVeOgNjSuwRB1moxYhw-1; Mon, 20 Dec 2021 22:24:34 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6F61810151E1;
	Tue, 21 Dec 2021 03:24:28 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A3B9010595A9;
	Tue, 21 Dec 2021 03:24:26 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8A5C41809CB8;
	Tue, 21 Dec 2021 03:24:22 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BL3NZhi024196 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 20 Dec 2021 22:23:35 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 187CA1121325; Tue, 21 Dec 2021 03:23:35 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast08.extmail.prod.ext.rdu2.redhat.com [10.11.55.24])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 13A551121322
	for <libvir-list@redhat.com>; Tue, 21 Dec 2021 03:23:32 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 26A073800695
	for <libvir-list@redhat.com>; Tue, 21 Dec 2021 03:23:32 +0000 (UTC)
Received: from de-smtp-delivery-102.mimecast.com
	(de-smtp-delivery-102.mimecast.com [194.104.111.102]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	us-mta-86-f93-arbPMySv-ELPGK9jYA-1; Mon, 20 Dec 2021 22:23:30 -0500
Received: from EUR01-HE1-obe.outbound.protection.outlook.com
	(mail-he1eur01lp2054.outbound.protection.outlook.com [104.47.0.54]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	de-mta-26-HJpgN6mTP1WV-3CoPlFtPw-1; Tue, 21 Dec 2021 04:23:28 +0100
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16)
	by AM9PR04MB7490.eurprd04.prod.outlook.com (2603:10a6:20b:2d9::21)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4801.14;
	Tue, 21 Dec 2021 03:23:27 +0000
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::2491:2b2f:154a:acf3]) by
	AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::2491:2b2f:154a:acf3%6]) with mapi id 15.20.4801.020;
	Tue, 21 Dec 2021 03:23:27 +0000
X-MC-Unique: 4c1gVeOgNjSuwRB1moxYhw-1
X-MC-Unique: f93-arbPMySv-ELPGK9jYA-1
X-MC-Unique: HJpgN6mTP1WV-3CoPlFtPw-1
From: Jim Fehlig <jfehlig@suse.com>
To: libvir-list@redhat.com
Subject: [PATCH V4 1/6] libvirt: Introduce virDomainSetLaunchSecurityState
	public API
Date: Mon, 20 Dec 2021 20:23:15 -0700
Message-ID: <20211221032320.3601-2-jfehlig@suse.com>
In-Reply-To: <20211221032320.3601-1-jfehlig@suse.com>
References: <20211221032320.3601-1-jfehlig@suse.com>
X-ClientProxiedBy: AM5PR0502CA0002.eurprd05.prod.outlook.com
	(2603:10a6:203:91::12) To AM0PR04MB4899.eurprd04.prod.outlook.com
	(2603:10a6:208:c5::16)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e9dbbc38-99b5-413d-7c63-08d9c43140c9
X-MS-TrafficTypeDiagnostic: AM9PR04MB7490:EE_
X-Microsoft-Antispam-PRVS: 
 <AM9PR04MB74909DB17DE99C72AE2B5261C67C9@AM9PR04MB7490.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 
 vskafrg1Gp+WzpkQk2fqN6IyUGQZ0Fce+wkfEET7v7IU6dqyqn3m04F3cpQ9WB/cGwBwMleje2yi7PAgvTWROgBuF2Aoi6WLB5Ktlwj5gJUUCcX1xcBNwyOslprLTtixnzlwqV74wnrBeyfhvReXT/x/tn9yDfGA9tsByJZ+VcWk2uAjeLi67w2/c2BE5m1QEXolvy4WRmX+UBLhogNHntwTXufhaoMkNp6WLtPfdftYa/f+BFiaPqo3gaGrgbBk6bELvxvnMAdnEoCxuhV7TFscY7IwxoBeF1715a9ac4KOaync7a4uPclyyPQprlEDVe12l9CLPNXvJ6yg/7TNe2aFWYQH1ZKDFDMPxKGo1GaJ4aQtdFKG6o7K1gp7miUYIF3LcgkA6KRhYLYUP302ZvKBaxq2jpvDHORkiuz9J+Jm3vHt5nFFIWK15vL7L+Tj1d4SfFcP93ej7fxtJQj6eFogHAtl3/Z18iDxeqBNgsrlu+K5AiYtXoreXv3AIM7zKHixwdv/gvBYDU2QFdsrIbroKGRPyc7h92ju4cu6P9kmZJrKZdOGgsRXddHUJRElaasFTJjptBQxaBnOPk//R3MBUPJQkj1zlF+ZnaLbHgG+Ppw40HV+qC7yer0zmqFsoSYR1U5T5xH7mREI3h0WUd85No6ewcYXChb6NlH0gqNadsn6QEA2Dh93xQYtlWhNm6a8P8gu7iUI3E/ffZPDp0VvQVjzfhZgyZUxmJhLr7Z6+JAbN3MwSOc2mN3Mth5QJThzFatIJesH/mkZ85gXsFLy7SkIgySk2Ljg5loa1YTJ3ULt299Nm3QcAe6LMEpE
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:AM0PR04MB4899.eurprd04.prod.outlook.com;
	PTR:; CAT:NONE;
	SFS:(366004)(6666004)(6486002)(450100002)(66946007)(26005)(66556008)(186003)(66476007)(316002)(4326008)(86362001)(8676002)(2616005)(83380400001)(8936002)(6512007)(1076003)(5660300002)(6506007)(508600001)(6916009)(2906002)(966005)(36756003)(38100700002)(145543001)(213903007);
	DIR:OUT; SFP:1101
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?VuVxiVp2SsvYKwHTexaxkBMXJRFlaNleyWICaGLCyPClvIzHHbzhOfsWtS8X?=
	=?us-ascii?Q?ckMmqQ2OP+sYtXadoKiVrIKKjpJ4fHphzf4FJ1C+7LGXOMnJxgu/agCfgwZ7?=
	=?us-ascii?Q?BsNVqPYnpk0tNpr+2LpcZPTpL11IPN3GeVc2/hWHmAEzKqRea1ZodX/rfU6X?=
	=?us-ascii?Q?UZVCPNTIHpt3/jOlIEmX9IbeVtqwSSKHL2FoIBXL0B9FKvUjNTYEHh+1V9ip?=
	=?us-ascii?Q?s8sBl/z/1Pb9pa3DcjpcOKip25oNWL3+75wzoWTR7A1fScmShJJnwid2c7wI?=
	=?us-ascii?Q?bJFcWoP6/7WBXdoAIN0ID/nT6+hCqjLbNdTM+ptbcWI5dBNLja9kP1TDceVo?=
	=?us-ascii?Q?lOVqjigEZVUa3CA12ENtXIPo53TOTOIELN5XihKU6z5XfajSOti0sp7B6i/w?=
	=?us-ascii?Q?Pg+/DMC4ifObGyOFXJg2cmDyZ+ciL1W75mZHl6835oyHsFotr4De+2ZtnGS4?=
	=?us-ascii?Q?9B+uF/cDZ6dqa/3srpwJNnmeGx/eVVw7CRqqb9K2UqCg1crRiwKHvYp87v2Q?=
	=?us-ascii?Q?SnoB85XL3dE+HyEk2lEWQOc/OsD2CAelXXzzZ0EZtKvzWzjd+RLeZ2/x4Sf+?=
	=?us-ascii?Q?Sf0YFjcPXuC+dvAWDNONEUKvd7Ss3LUU0k5r3NeR1sjT0wSI9/cX0znN0nF8?=
	=?us-ascii?Q?QWR/mMu02PgCoqn4UiwqB7R3aAirzop4gLZ8yCf8vPfRJg19Kxac5ImhtFFp?=
	=?us-ascii?Q?p8rlrsz7+DVwVqt4bHHovKMcyEJ8Qgs4nSyhoOmtBC58bxJj3CgxrsswxFCH?=
	=?us-ascii?Q?PvLn2B4zrEbx2quZzM5XcROiAKuCWmVUVtRWvJlXWoVrzsG0Qs9YnnrZU2sr?=
	=?us-ascii?Q?rHSqVgiFVcxk0jqdehKvBamTN7L8j1HHPOGK2DAm0numdc4l06c1k4QywMMz?=
	=?us-ascii?Q?FCW7vwScyShFiceZ+jibQiKZ3JCrkEkdIxkIOtsiIlr6hB+jaXFuBUOjmoN/?=
	=?us-ascii?Q?i4mJwmaspz86lGfm4Riyn8x2fsDCXUH+VZgZ/UfdI7XMe2i5Y8sWdyn5/zE7?=
	=?us-ascii?Q?16kitXRlZ7GuxLUBLZBDeTuRyRPefANIe8RReIsQfGaYejx9jUfbPjRC4FyI?=
	=?us-ascii?Q?o9kpnpTPKGQ+o7kwun/m2ZoL6FGNOKDCddPcbICkmnSuM5S6EZFrzZYg1uK3?=
	=?us-ascii?Q?J7S66GeSAmddccAgtePWx9svvLdHyr1SrVieMay4SaVQgWVOldLhEU5TqV7S?=
	=?us-ascii?Q?FNF6mR8zyt2IOcQGlZNjApJJzTPNOIMS+wIXeLVous9qcqawwsxYNehxssP5?=
	=?us-ascii?Q?0dxeZ6Z8YMswFaE3Iu5DdHY1KFrCn5SqLxYwbco3zqZ92cjw45cxsZpIT2Qm?=
	=?us-ascii?Q?+VWTjR4a2xouDMRte3+f8GD4TKFzbOH2d98yzmmkDP4mvb5YbgcooYQVc2X0?=
	=?us-ascii?Q?dnRKJAL2sGew/eufEw4yEVY3XpG6aP83G9bGNuyE4DgI/bIRS4mPvYx3UOVc?=
	=?us-ascii?Q?ZUargMsRcNUn9tMEVZUfx/DJ/3QemGrwfcaO4mf7kqcKyr9nv8oyxc8HSzsk?=
	=?us-ascii?Q?VAAoyY96fu7ImYQjAsadJQ2ueGBhwHY0qwF5lKNVCR/W6sWgZ3oleDM8rBVi?=
	=?us-ascii?Q?uRyHGHh2eYvySeV49SF4B/q2Yqw9s/H7MCzIATFDYLNqOtKs7YCJERBRRP7v?=
	=?us-ascii?Q?a9vwEoSDW3MsMrei+tl9F/4=3D?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 e9dbbc38-99b5-413d-7c63-08d9c43140c9
X-MS-Exchange-CrossTenant-AuthSource: AM0PR04MB4899.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2021 03:23:27.1679 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 1ZC+WVTRS3ZWZDKTukr1AgFJR0RTWYEDTOaoSrXVMsT6IB0v0jc5qzA33sW7korgTzCpG+U9OpQwe/CXtgkPxA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7490
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 1BL3NZhi024196
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1640057082857100001

This API allows setting a launch secret within a guests's memory. The
launch secret is created by the guest owner after retrieving and
verifying the launch measurement with virDomainGetLaunchSecurityInfo.

The API uses virTypedParameter for input, allowing it to be expanded
to support other confidential computing technologies. In the case of
SEV, a basic guest launch workflow is described in the SEV API spec
in section "1.3.1 Launch"

https://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 include/libvirt/libvirt-domain.h | 36 +++++++++++++++++++
 src/driver-hypervisor.h          |  7 ++++
 src/libvirt-domain.c             | 62 ++++++++++++++++++++++++++++++++
 src/libvirt_public.syms          |  5 +++
 4 files changed, 110 insertions(+)

diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-dom=
ain.h
index 5d3e15766e..5f0a9b7572 100644
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
@@ -5102,6 +5102,7 @@ int virDomainSetLifecycleAction(virDomainPtr domain,
 # define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement"
=20
 /**
+
  * VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MAJOR:
  *
  * Macro represents the API major version of the SEV host,
@@ -5133,11 +5134,46 @@ int virDomainSetLifecycleAction(virDomainPtr domain,
  */
 # define VIR_DOMAIN_LAUNCH_SECURITY_SEV_POLICY "sev-policy"
=20
+/**
+ * VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_HEADER:
+ *
+ * A macro used to represent the SEV launch secret header. The secret head=
er
+ * is a base64-encoded VIR_TYPED_PARAM_STRING containing artifacts needed =
by
+ * the SEV firmware to recover the plain text of the launch secret. See
+ * section "6.6 LAUNCH_SECRET" in the SEV API specification for a detailed
+ * description of the secret header.
+ */
+# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_HEADER "sev-secret-header"
+
+/**
+ * VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET:
+ *
+ * A macro used to represent the SEV launch secret. The secret is a
+ * base64-encoded VIR_TYPED_PARAM_STRING containing an encrypted launch
+ * secret. The secret is created by the domain owner after the SEV launch
+ * measurement is retrieved and verified.
+ */
+# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET "sev-secret"
+
+/**
+ * VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_SET_ADDRESS:
+ *
+ * A macro used to represent the physical address within the guest's memory
+ * where the secret will be set, as VIR_TYPED_PARAM_ULLONG. If not specifi=
ed,
+ * the address will be determined by the hypervisor.
+ */
+# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_SET_ADDRESS "sev-secret-set=
-address"
+
 int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
                                    virTypedParameterPtr *params,
                                    int *nparams,
                                    unsigned int flags);
=20
+int virDomainSetLaunchSecurityState(virDomainPtr domain,
+                                    virTypedParameterPtr params,
+                                    int nparams,
+                                    unsigned int flags);
+
 typedef enum {
     VIR_DOMAIN_GUEST_INFO_USERS =3D (1 << 0), /* return active users */
     VIR_DOMAIN_GUEST_INFO_OS =3D (1 << 1), /* return OS information */
diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
index d642af8a37..c83fb648a2 100644
--- a/src/driver-hypervisor.h
+++ b/src/driver-hypervisor.h
@@ -1333,6 +1333,12 @@ typedef int
                                         int *nparams,
                                         unsigned int flags);
=20
+typedef int
+(*virDrvDomainSetLaunchSecurityState)(virDomainPtr domain,
+                                      virTypedParameterPtr params,
+                                      int nparams,
+                                      unsigned int flags);
+
 typedef virDomainCheckpointPtr
 (*virDrvDomainCheckpointCreateXML)(virDomainPtr domain,
                                    const char *xmlDesc,
@@ -1661,6 +1667,7 @@ struct _virHypervisorDriver {
     virDrvConnectBaselineHypervisorCPU connectBaselineHypervisorCPU;
     virDrvNodeGetSEVInfo nodeGetSEVInfo;
     virDrvDomainGetLaunchSecurityInfo domainGetLaunchSecurityInfo;
+    virDrvDomainSetLaunchSecurityState domainSetLaunchSecurityState;
     virDrvDomainCheckpointCreateXML domainCheckpointCreateXML;
     virDrvDomainCheckpointGetXMLDesc domainCheckpointGetXMLDesc;
     virDrvDomainListAllCheckpoints domainListAllCheckpoints;
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index c36874f91e..5912551a49 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -12851,6 +12851,68 @@ int virDomainGetLaunchSecurityInfo(virDomainPtr do=
main,
 }
=20
=20
+/**
+ * virDomainSetLaunchSecurityState:
+ * @domain: a domain object
+ * @params: pointer to launch security parameter objects
+ * @nparams: number of launch security parameters
+ * @flags: currently used, set to 0.
+ *
+ * Set a launch security secret in the guest's memory. The guest must be
+ * in a paused state, e.g. in state VIR_DOMIAN_PAUSED as reported by
+ * virDomainGetState. On success, the guest can be transitioned to a
+ * running state. On failure, the guest should be destroyed.
+ *
+ * A basic guest attestation process can be achieved by:
+ * - Start a secure guest in the paused state by passing VIR_DOMAIN_START_=
PAUSED
+ *   to one of the virDomainCreate APIs
+ * - Retrieve the guest launch measurement with virDomainGetLaunchSecurity=
Info
+ * - Verify launch measurement and generate a secret for the guest
+ * - Set the secret in the guest's memory with virDomainSetLaunchSecurityS=
tate
+ * - Start running the guest with virDomainResume
+ *
+ * See VIR_DOMAIN_LAUNCH_SECURITY_* for a detailed description of accepted
+ * launch security parameters.
+ *
+ * Returns -1 in case of failure, 0 in case of success.
+ */
+int virDomainSetLaunchSecurityState(virDomainPtr domain,
+                                    virTypedParameterPtr params,
+                                    int nparams,
+                                    unsigned int flags)
+{
+    virConnectPtr conn =3D domain->conn;
+
+    VIR_DOMAIN_DEBUG(domain, "params=3D%p, nparams=3D%d flags=3D0x%x",
+                     params, nparams, flags);
+    VIR_TYPED_PARAMS_DEBUG(params, nparams);
+
+    virResetLastError();
+
+    virCheckDomainReturn(domain, -1);
+    virCheckNonNullArgGoto(params, error);
+    virCheckPositiveArgGoto(nparams, error);
+    virCheckReadOnlyGoto(domain->conn->flags, error);
+
+    if (virTypedParameterValidateSet(conn, params, nparams) < 0)
+        goto error;
+
+    if (conn->driver->domainSetLaunchSecurityState) {
+        int ret;
+        ret =3D conn->driver->domainSetLaunchSecurityState(domain, params,
+                                                         nparams, flags);
+        if (ret < 0)
+            goto error;
+        return ret;
+    }
+    virReportUnsupportedError();
+
+ error:
+    virDispatchError(domain->conn);
+    return -1;
+}
+
+
 /**
  * virDomainAgentSetResponseTimeout:
  * @domain: a domain object
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index 788a967df7..f93692c427 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -911,4 +911,9 @@ LIBVIRT_7.8.0 {
         virNetworkCreateXMLFlags;
 } LIBVIRT_7.7.0;
=20
+LIBVIRT_8.0.0 {
+    global:
+        virDomainSetLaunchSecurityState;
+} LIBVIRT_7.8.0;
+
 # .... define new API here using predicted next version number ....
--=20
2.34.1


From nobody Fri May  3 20:42:04 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=quarantine dis=quarantine)  header.from=suse.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1640057169292122.81003093884681;
 Mon, 20 Dec 2021 19:26:09 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-478-T1_a-687Mxe97_NH8SMMMQ-1; Mon, 20 Dec 2021 22:26:06 -0500
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 88E0A3D9D;
	Tue, 21 Dec 2021 03:26:00 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 68D83798AB;
	Tue, 21 Dec 2021 03:26:00 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 38B524BB7C;
	Tue, 21 Dec 2021 03:26:00 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BL3Nbhq024207 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 20 Dec 2021 22:23:38 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id D38792166B4C; Tue, 21 Dec 2021 03:23:37 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id CC96A2166B4A
	for <libvir-list@redhat.com>; Tue, 21 Dec 2021 03:23:35 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EF2BB101A52D
	for <libvir-list@redhat.com>; Tue, 21 Dec 2021 03:23:34 +0000 (UTC)
Received: from de-smtp-delivery-102.mimecast.com
	(de-smtp-delivery-102.mimecast.com [194.104.109.102]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	us-mta-464-onqkROOMPlmzAJ8o8mt3RQ-1; Mon, 20 Dec 2021 22:23:33 -0500
Received: from EUR04-VI1-obe.outbound.protection.outlook.com
	(mail-vi1eur04lp2056.outbound.protection.outlook.com [104.47.14.56]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	de-mta-33-TSoodK1PO2GiOL-iuD4MEA-1; Tue, 21 Dec 2021 04:23:31 +0100
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16)
	by AM9PR04MB7490.eurprd04.prod.outlook.com (2603:10a6:20b:2d9::21)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4801.14;
	Tue, 21 Dec 2021 03:23:30 +0000
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::2491:2b2f:154a:acf3]) by
	AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::2491:2b2f:154a:acf3%6]) with mapi id 15.20.4801.020;
	Tue, 21 Dec 2021 03:23:30 +0000
X-MC-Unique: T1_a-687Mxe97_NH8SMMMQ-1
X-MC-Unique: onqkROOMPlmzAJ8o8mt3RQ-1
X-MC-Unique: TSoodK1PO2GiOL-iuD4MEA-1
From: Jim Fehlig <jfehlig@suse.com>
To: libvir-list@redhat.com
Subject: [PATCH V4 2/6] remote: Add RPC support for the
	virDomainSetLaunchSecurityState API
Date: Mon, 20 Dec 2021 20:23:16 -0700
Message-ID: <20211221032320.3601-3-jfehlig@suse.com>
In-Reply-To: <20211221032320.3601-1-jfehlig@suse.com>
References: <20211221032320.3601-1-jfehlig@suse.com>
X-ClientProxiedBy: AM5PR0502CA0005.eurprd05.prod.outlook.com
	(2603:10a6:203:91::15) To AM0PR04MB4899.eurprd04.prod.outlook.com
	(2603:10a6:208:c5::16)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: d3e26852-75dc-4322-6e95-08d9c43142cc
X-MS-TrafficTypeDiagnostic: AM9PR04MB7490:EE_
X-Microsoft-Antispam-PRVS: 
 <AM9PR04MB749050F1888F5774B74A5C10C67C9@AM9PR04MB7490.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:116
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 
 duwtC1/pz3zwAMtopyKKTN8f+EsP0jP+e2y5DuITlkJE8tKZvWU0s0MxN6wIa+DD5LqhwC4PK85VTtXh2Pikn3kOD5bCs9uwZwNoDSYaMv66ZsGfZjceR4CJxxXwGiDMS3FvDIDpRVSEdV1E+N/zgckJFFcHpREzzhssf35Zq+MwywdRs46Ud5L0i8MrRnvVlAZtWEN1L8oxf+MGYayC9fqrShHVGrY0wH4G5d9GnLJ23Xycwt2CuOj+NqHZL7gYBRYO/dR+7ww0lB/QT0yj+ap0e4aSdn7Q8pJfo3X2Afl6Z0mNQlfFOIN/pAltHy7ZO3Q/QBSgSfp/JpO5htOo24DOZUNwf3j2lTTZgCQrMUWldaMT/SdBeQdRsNpWnVBVSpFxRX2CpAWvTNEpUAJUZx3qNG7WKuArWTGCjRJmKFDr8z1hJkp201qdxK+KKt2aJA52dAHtDiKQl3IeZaB8hTW2eofn1GYiS+niirjBAOUPe7YBY3Y0e859LYqaZ10gl+ndvCHUAc2kCD6Kd5d4yu3/7VeLXCInO5+uiuPz5Nz4jqLXHe/svqJxwGZouqkWHT3i1G0Edq/lpE0HjBKe9at+b/G2omABEWinVxaxgt08IwsQXQy98sVAmTp6fSEm41ScGvkT/Q4nabi9dLYvGXqxJ9kOwGettetNQ6vHA5hj5ydfg5nE/x8fhi0mnGZVAe7JT1LO7yIS/A9zroNewkOUVQq8lw987DLMm3VVaDA=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:AM0PR04MB4899.eurprd04.prod.outlook.com;
	PTR:; CAT:NONE;
	SFS:(366004)(6666004)(6486002)(450100002)(66946007)(26005)(66556008)(186003)(66476007)(316002)(4326008)(86362001)(8676002)(2616005)(83380400001)(8936002)(6512007)(1076003)(5660300002)(6506007)(508600001)(6916009)(2906002)(36756003)(38100700002)(145543001)(213903007);
	DIR:OUT; SFP:1101
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?eHKk+TvdR6MsWiBlKnZ0WebKg6XFlywDheQ/OQRCjXkpt64mkODTfhFNunJ6?=
	=?us-ascii?Q?aI5FeV8/J8LsPjXebTmcFZBYrR48gUwcR93TDas6uI8wDZ4ZuH1DBEt62ZAk?=
	=?us-ascii?Q?0Vdu6ccUCUKWM6W/avrH/fUSKnC4vmTYwr9A/wK3p9y5WEZtWuZHvffQ3Ydy?=
	=?us-ascii?Q?QxEBeWxnCdMb05Q+/alFAB6cJKF5GLKUc21fbwnY+Em0H1zaAb3WmQY1yoJp?=
	=?us-ascii?Q?dW1pvXxgKUJPD0CqRb+nayoM2aUUd1gCAHVb8mX3uT0rDVjynciXAmcWmzL4?=
	=?us-ascii?Q?0S8VJIU5h+6oZcE0CVhDu6xFHpH89NS+4NGVl0G7GFCjFvjoqGxRaHkltugK?=
	=?us-ascii?Q?WAUonSQrbqPp6UnRi+F8YJ6m44ofV+Q1xeIDliQOT0TXzmbITzSM38Zn3r6e?=
	=?us-ascii?Q?japWRLoVqDwQqMWGYRK/Ot4YbQVlj7WQRuY8Srf4tnP/baZBJHXVbsEjD7Lq?=
	=?us-ascii?Q?VU2YpYdfGMjfrmelXqARwc0CITwgejIIACIAvpwj6w/p+jAOtpF0zwnpbdPO?=
	=?us-ascii?Q?OJeyEidHFTL0g2dWnbYAFyn/2lPglj3EhaMkxxapLshmItE53DoQq6F3VJ6Q?=
	=?us-ascii?Q?fcmEFFQ61P1XOEm2NO4P+PkM6CiFRsTll5Ej/VMnQ75F/W5994M1sIDPCJv8?=
	=?us-ascii?Q?SXUhEECvOjXDWdo0huC1A9XtcXj5n2L6hjMTyOWRtS6Q+MQyTcHPpfhMP5y5?=
	=?us-ascii?Q?SZ6BVYQdL2mgZDk4lFBp1JhsA99iHG8WitBFwDG+sOP7nGx16gCgjpwulLrl?=
	=?us-ascii?Q?9eiEn6nV+0WVX3lFpMKvkm6g86Aoxbb85ik+m3V51HDb6rP1C2Hrt5xCG/Mr?=
	=?us-ascii?Q?KNoODJ7SfSIN8OEc2dtfA70b09ejFLcPhDzHCFt1nSTfF8oHqTdE8uVn4ySE?=
	=?us-ascii?Q?VrSvCLCokof5sQu9YXpNSn+NNeF3Rn0CT5+FMVD/ZGpx/NUhGSfOHHl5hSNQ?=
	=?us-ascii?Q?yRZSypcs69gXHfSA4sGLBm/WV+ALEhUA7YZbsAXSkK0PBG3GxTiS+wZPCFJp?=
	=?us-ascii?Q?pEYAo9NYIe2aPVntX3q/ZQlO8m0PhMDJPhOOqBL9rPFCletx6FH+00I/YMbp?=
	=?us-ascii?Q?jcV12f8hnl7TbIYw6b941V8eaKegoIg/yYW+YUqZrpvJSUctaKpEuYu6mKNO?=
	=?us-ascii?Q?K15GTtia2Np2aj8BQt8kOn4FMVRAKhqfSRmm4uj/MyCFJQOVYPR71z7g8gCQ?=
	=?us-ascii?Q?U1LBCaRXKxCAR7shiAXevtxq2X0FjLWeo0yTS8AMrqEQnh5vg3hKdzsk4yC5?=
	=?us-ascii?Q?EhFP9Oncr42aQ1sFuOFBejmWx88dgIUiJqH49tjjbuTD/qXEPapIsds0/j3Z?=
	=?us-ascii?Q?B3nivND+I65nc05Sn5y+/tGwliHuLBLUgJrImtaKl6Y9GyRVBt8bX9fcPrwt?=
	=?us-ascii?Q?PZqFk6Khg70qbjS+DNt8BYqk3SHrtcoA/lv60jks0dZ1j4b/umEyFRFZNWGF?=
	=?us-ascii?Q?5g5t/cuFhtLEqOeIfsmbp06ekUD4Kl2QosOs5X3jw55qSxU+HUgchloFJrgc?=
	=?us-ascii?Q?K4+JDu8/wB8nltg2NO0MYZBTsnBSu5XzgtaJAp49v+xczSkkRTiPGmAxLqu3?=
	=?us-ascii?Q?PeTf2/YFahHlsvpOcm0HnilHpZkhi0qJF4yWrZq3QUMJI7yCzb6l/ab+PG2L?=
	=?us-ascii?Q?fMwW9TsuULE2xrgTXcCHImo=3D?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 d3e26852-75dc-4322-6e95-08d9c43142cc
X-MS-Exchange-CrossTenant-AuthSource: AM0PR04MB4899.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2021 03:23:30.5271 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 RP/GtV8cRmmw/NLSLzfGmJnEBHEVbsUgZd38hPFtszulr4JKUJwy+4CDluIPGyReQ8LgJ06ULyqUDdSAEb3Feg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7490
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 1BL3Nbhq024207
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1640057169733100001

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/remote/remote_driver.c   |  1 +
 src/remote/remote_protocol.x | 17 ++++++++++++++++-
 src/remote_protocol-structs  |  9 +++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 5b179a927d..5b7ccfaebd 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -8600,6 +8600,7 @@ static virHypervisorDriver hypervisor_driver =3D {
     .domainAuthorizedSSHKeysSet =3D remoteDomainAuthorizedSSHKeysSet, /* 6=
.10.0 */
     .domainGetMessages =3D remoteDomainGetMessages, /* 7.1.0 */
     .domainStartDirtyRateCalc =3D remoteDomainStartDirtyRateCalc, /* 7.2.0=
 */
+    .domainSetLaunchSecurityState =3D remoteDomainSetLaunchSecurityState, =
/* 8.0.0 */
 };
=20
 static virNetworkDriver network_driver =3D {
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index 60010778ca..4f13cef662 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -272,6 +272,9 @@ const REMOTE_NODE_SEV_INFO_MAX =3D 64;
 /* Upper limit on number of launch security information entries */
 const REMOTE_DOMAIN_LAUNCH_SECURITY_INFO_PARAMS_MAX =3D 64;
=20
+/* Upper limit on number of launch security state entries */
+const REMOTE_DOMAIN_LAUNCH_SECURITY_STATE_PARAMS_MAX =3D 64;
+
 /* Upper limit on number of parameters describing a guest */
 const REMOTE_DOMAIN_GUEST_INFO_PARAMS_MAX =3D 2048;
=20
@@ -3642,6 +3645,12 @@ struct remote_domain_get_launch_security_info_ret {
     remote_typed_param params<REMOTE_DOMAIN_LAUNCH_SECURITY_INFO_PARAMS_MA=
X>;
 };
=20
+struct remote_domain_set_launch_security_state_args {
+    remote_nonnull_domain dom;
+    remote_typed_param params<REMOTE_DOMAIN_LAUNCH_SECURITY_STATE_PARAMS_M=
AX>;
+    unsigned int flags;
+};
+
 /* nwfilter binding */
=20
 struct remote_nwfilter_binding_lookup_by_port_dev_args {
@@ -6905,5 +6914,11 @@ enum remote_procedure {
      * @generate: both
      * @acl: none
      */
-    REMOTE_PROC_DOMAIN_EVENT_MEMORY_DEVICE_SIZE_CHANGE =3D 438
+    REMOTE_PROC_DOMAIN_EVENT_MEMORY_DEVICE_SIZE_CHANGE =3D 438,
+
+    /**
+     * @generate: both
+     * @acl: domain:write
+     */
+    REMOTE_PROC_DOMAIN_SET_LAUNCH_SECURITY_STATE =3D 439
 };
diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs
index dbef4ace79..d88176781d 100644
--- a/src/remote_protocol-structs
+++ b/src/remote_protocol-structs
@@ -3005,6 +3005,14 @@ struct remote_domain_get_launch_security_info_ret {
                 remote_typed_param * params_val;
         } params;
 };
+struct remote_domain_set_launch_security_state_args {
+        remote_nonnull_domain      dom;
+        struct {
+                u_int              params_len;
+                remote_typed_param * params_val;
+        } params;
+        u_int                      flags;
+};
 struct remote_nwfilter_binding_lookup_by_port_dev_args {
         remote_nonnull_string      name;
 };
@@ -3680,4 +3688,5 @@ enum remote_procedure {
         REMOTE_PROC_NODE_DEVICE_IS_ACTIVE =3D 436,
         REMOTE_PROC_NETWORK_CREATE_XML_FLAGS =3D 437,
         REMOTE_PROC_DOMAIN_EVENT_MEMORY_DEVICE_SIZE_CHANGE =3D 438,
+        REMOTE_PROC_DOMAIN_SET_LAUNCH_SECURITY_STATE =3D 439,
 };
--=20
2.34.1


From nobody Fri May  3 20:42:04 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=quarantine dis=quarantine)  header.from=suse.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 164005710564149.46606846384611;
 Mon, 20 Dec 2021 19:25:05 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-91--MOTdZf0M_asjWpzEl7yHg-1; Mon, 20 Dec 2021 22:24:51 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9BBF3801AAB;
	Tue, 21 Dec 2021 03:24:45 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7CB7A10595A9;
	Tue, 21 Dec 2021 03:24:45 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4C2814A7C9;
	Tue, 21 Dec 2021 03:24:45 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
	[10.11.54.9])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BL3NdPC024212 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 20 Dec 2021 22:23:39 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 400AE492CB0; Tue, 21 Dec 2021 03:23:39 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 3AD21492CA7
	for <libvir-list@redhat.com>; Tue, 21 Dec 2021 03:23:39 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1D12B8011A5
	for <libvir-list@redhat.com>; Tue, 21 Dec 2021 03:23:39 +0000 (UTC)
Received: from de-smtp-delivery-102.mimecast.com
	(de-smtp-delivery-102.mimecast.com [194.104.111.102]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	us-mta-182-erSYx172MU2UTEW-OaaHNQ-1; Mon, 20 Dec 2021 22:23:37 -0500
Received: from EUR01-HE1-obe.outbound.protection.outlook.com
	(mail-he1eur01lp2056.outbound.protection.outlook.com [104.47.0.56]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	de-mta-24-0jHSOC9bNC6Xg5sz7Mi9fQ-1; Tue, 21 Dec 2021 04:23:35 +0100
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16)
	by AM9PR04MB7490.eurprd04.prod.outlook.com (2603:10a6:20b:2d9::21)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4801.14;
	Tue, 21 Dec 2021 03:23:34 +0000
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::2491:2b2f:154a:acf3]) by
	AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::2491:2b2f:154a:acf3%6]) with mapi id 15.20.4801.020;
	Tue, 21 Dec 2021 03:23:34 +0000
X-MC-Unique: -MOTdZf0M_asjWpzEl7yHg-1
X-MC-Unique: erSYx172MU2UTEW-OaaHNQ-1
X-MC-Unique: 0jHSOC9bNC6Xg5sz7Mi9fQ-1
From: Jim Fehlig <jfehlig@suse.com>
To: libvir-list@redhat.com
Subject: [PATCH V4 3/6] qemu_capabilities: Introduce
	QEMU_CAPS_SEV_INJECT_LAUNCH_SECRET
Date: Mon, 20 Dec 2021 20:23:17 -0700
Message-ID: <20211221032320.3601-4-jfehlig@suse.com>
In-Reply-To: <20211221032320.3601-1-jfehlig@suse.com>
References: <20211221032320.3601-1-jfehlig@suse.com>
X-ClientProxiedBy: AM5PR0502CA0009.eurprd05.prod.outlook.com
	(2603:10a6:203:91::19) To AM0PR04MB4899.eurprd04.prod.outlook.com
	(2603:10a6:208:c5::16)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 00c8475c-2fd7-4834-713a-08d9c4314501
X-MS-TrafficTypeDiagnostic: AM9PR04MB7490:EE_
X-Microsoft-Antispam-PRVS: 
 <AM9PR04MB74902DF44DB20063C2B63E82C67C9@AM9PR04MB7490.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:83
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 
 QPGmhynDt68mNyYRL3O1JmLlO13BO4zicrHX4UN5h/1bfDs94HY1GnbcF3KUr8mbfubsia+ysHbw2vAMiWxCxJqiBlA++Qw64nXBAlP1NG/ShoypM6zNaLxwzXNZRCsmWX03Sd3TO1HhSpwjt6SXtWHQKN9d0JuXr+GXYpcHTD0Ry/pttj0flww6ODXYej6p//5dWTyy5t399IbaAyu3BV97v+ktnaadSCFjCntpfBn2cbcbQvS28zX5dvmSDAb91hWnA+5jEBfi4KTuINOiC6r+RmMleRU4s9LXqGtgAZkHWkGucx48d8CcZnwk7sNSS1oNUFIZmG5jKO+ZMPjqpiV07qv6M6ZkFKlCUzZ8uHCAm/mNnniwxBooQK3qowRtH7FCl2P29PTbR7msC0qn3dOttp5JvoidCawDm4D6u7dOV8lb3c+cEgrH+OljwpLGXITprAylxYZc0yAUoFjrghTPaH7QAfc1OC/usHv3JjrsuBzWe9QOfFp8A3b+GhbKNGqiXUM7NwrvwukBwRxLbI0QfagXMJz9axgTC8gLX22/xCs6G9BYeWGOoqJ1NxB6XUQ4vZqaxSAbOvp6Vx/F0Y0vlSkC1NhrDuJrl9OiELCvFaD/Im8pnnr4a01EPgCuSB/2kY+LW9S07MhdWo3jqj7B3C9emWNkO1ZNnUXTdODz6a1VCv2oVDf+cxmgNcM4
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:AM0PR04MB4899.eurprd04.prod.outlook.com;
	PTR:; CAT:NONE;
	SFS:(366004)(6666004)(6486002)(66946007)(26005)(66556008)(186003)(66476007)(316002)(86362001)(8676002)(2616005)(8936002)(6512007)(1076003)(5660300002)(6506007)(508600001)(6916009)(2906002)(36756003)(38100700002)(219293001);
	DIR:OUT; SFP:1101
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?nn5CmqQP5wdfVzZGLHNoWRqjBRmDyt+vhSUWrCPrcuNODSb2xUeC4+WekRBQ?=
	=?us-ascii?Q?0XXaGAbUikiWrupCeG1Rm6uTfIySWySI3Ja6U9RfvVUFhmGFsGiXw98y369r?=
	=?us-ascii?Q?GY2TmmRIJW+4gr9E1yD7G7uAHQujiiLYjp3arql4+5uRLjxngyspzD9jbHAQ?=
	=?us-ascii?Q?hu40b/jYKXealAXU461oTnowHftD2k66BwrcQO3rdIKdAnnEkTOT7xn1bsdu?=
	=?us-ascii?Q?Mgw7THWdz7MumeV8jZxBFMOv2G1fAiXwv5GeWJLHlDetdZIJrFCYyZe0YaRU?=
	=?us-ascii?Q?AOLuTFiRGAeLbjLpimDZs9T1sqSsVaAXc7FL3V5Xz+5atNMiBUA/QBl5X2Pd?=
	=?us-ascii?Q?1KwIZ3hvNCSwj3iWcKN1euDYPSepCfaYMJZu5OxbUSfDOsdTiz/5rGWrQqH6?=
	=?us-ascii?Q?67ewZV0DPDoJYxN/R8iwvfUgrkB2fDLriNjJ64qyh5/4SsNtdKJFer/EX5vs?=
	=?us-ascii?Q?A/uep/QVCnEFuTCEqr17jPwzNiZI9hwPv/CMnSxhK4Gr4BbSQc3JQv+7gYuI?=
	=?us-ascii?Q?5aXls0JUBpDOziAZogS+cmphLQ8o+khtcdgvHz8WNFhAcl0RkH1dNFckNp15?=
	=?us-ascii?Q?lxHLe7PFN6ILJYtsMGsJI7hwi1svyL0ChJJKraUHSIKLskPMyJNZDfrvmh81?=
	=?us-ascii?Q?s5xNzypagzMBbVLBNRLXC4cQEOsr5bdn6RR/LWRZqdbFQD4attQfp5UHtqHj?=
	=?us-ascii?Q?Yrk+ESSEyd9sMIp+lJAZb/+GRxHOedPtoulfv4krVnbvBTiouz4UgS4qVI6H?=
	=?us-ascii?Q?lLdlR4+70bl0UTjkYzkcOuTWMsYR+CMUSOTvvB6AT0tgLRymMlZJdHt3sY8P?=
	=?us-ascii?Q?qqvs8Var2mIu1Gc4PtGIw2p6nhi18/1wuCKRFf28detT7REnCy6wCGCfHvMz?=
	=?us-ascii?Q?P/QRFToG/VW+7mfogm4Zu+UGu3i/EgT+Gp3Ew700puo6a81ypAKPFWyKGb1V?=
	=?us-ascii?Q?STBA+aHoKXcLW8rUyra0rE/dZN4EMR2rQL7I3LwdNtMteD4tBFgMsM+FYMqX?=
	=?us-ascii?Q?h8yJ+kQCKb3P04aolKeOHR+yG3345bZ3UWZdXz0MswEGACKn7qd6LY2FsvEx?=
	=?us-ascii?Q?xUHQpG23JYlQUOGFzu/jpXSFdYv5v2Wb9EEna0U9j/JHONd9VYPJ6jw4LCAU?=
	=?us-ascii?Q?grOvavJ27JHNCk1gC3HG8RFRfyToMJQv+PoyjHzMIj8S5MaS1a4xQzUcsh6Z?=
	=?us-ascii?Q?PpY6VIK/hUyvljkVEgapSAtXKhbUlje7mrPBZVYpnZFuVR18d3EETHj43FX+?=
	=?us-ascii?Q?ofgOeESxav0t/j0oXPQX6VKtNu9d30iwzUqogF84Z6hZ/RIlCPGtYZ1jHlxy?=
	=?us-ascii?Q?mwoJajra2VW0k3zJuZ8ynWPFc7v2q9iPyjn3xuPwWDLqanmKKylmjyLXQG2w?=
	=?us-ascii?Q?EnBwxDCp5UdwxL508MVQa/Vsdsp+CzDxWq7G4v2zg2BEVFrk61FNmZWo6Ass?=
	=?us-ascii?Q?VyxT1pM1SaZ7cjLd1eu9HBVsWdSrodyxzSPVxugaOBeR1DbWfUol8SxB26Ko?=
	=?us-ascii?Q?jM/J4FE806qUlVX5AjFiMmLP+4ckHUwtC7Pa0YtTD6u5wzpQiT9pejX8M/qL?=
	=?us-ascii?Q?+6/pYmnABHXfzBfLwjaWJ4r8qOE6Zkxbe+BaA6C/3zm+9Fl6ze+oHu0aoqmF?=
	=?us-ascii?Q?ovn8zroOjoV8tGWcJfazoGU=3D?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 00c8475c-2fd7-4834-713a-08d9c4314501
X-MS-Exchange-CrossTenant-AuthSource: AM0PR04MB4899.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2021 03:23:34.2143 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 vp+/5lYjf+vJ0QQBazWm71NgrvKPb99x5b3JLnizNmq/OMUnmZ2AjKqeCvvOBeRssK8WWQ0BccsanNwxgG3WWA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7490
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 1BL3NdPC024212
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1640057107116100003
Content-Type: text/plain; charset="utf-8"

The 'sev-inject-launch-secret' qmp command is only available with
qemu >=3D 6.0.0. Introduce a capability for sev-inject-launch-secret.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/qemu/qemu_capabilities.c                     | 2 ++
 src/qemu/qemu_capabilities.h                     | 1 +
 tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml | 1 +
 tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml | 1 +
 tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml | 1 +
 5 files changed, 6 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 4f63322a9e..2d72132410 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -653,6 +653,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
               "query-dirty-rate", /* QEMU_CAPS_QUERY_DIRTY_RATE */
               "rbd-encryption", /* QEMU_CAPS_RBD_ENCRYPTION */
               "sev-guest-kernel-hashes", /* QEMU_CAPS_SEV_GUEST_KERNEL_HAS=
HES */
+              "sev-inject-launch-secret", /* QEMU_CAPS_SEV_INJECT_LAUNCH_S=
ECRET */
     );
=20
=20
@@ -1182,6 +1183,7 @@ struct virQEMUCapsStringFlags virQEMUCapsCommands[] =
=3D {
     { "set-numa-node", QEMU_CAPS_NUMA },
     { "set-action", QEMU_CAPS_SET_ACTION },
     { "query-dirty-rate", QEMU_CAPS_QUERY_DIRTY_RATE },
+    { "sev-inject-launch-secret", QEMU_CAPS_SEV_INJECT_LAUNCH_SECRET },
 };
=20
 struct virQEMUCapsStringFlags virQEMUCapsMigration[] =3D {
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index aaac20a834..63ac24314f 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -632,6 +632,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
     QEMU_CAPS_QUERY_DIRTY_RATE, /* accepts query-dirty-rate */
     QEMU_CAPS_RBD_ENCRYPTION, /* Ceph RBD encryption support */
     QEMU_CAPS_SEV_GUEST_KERNEL_HASHES, /* sev-guest.kernel-hashes=3D */
+    QEMU_CAPS_SEV_INJECT_LAUNCH_SECRET, /* 'sev-inject-launch-secret' qmp =
command present */
=20
     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_6.0.0.x86_64.xml
index 1b394198f1..0d6763e9a3 100644
--- a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml
@@ -235,6 +235,7 @@
   <flag name=3D'virtio-mem-pci'/>
   <flag name=3D'piix4.acpi-root-pci-hotplug'/>
   <flag name=3D'query-dirty-rate'/>
+  <flag name=3D'sev-inject-launch-secret'/>
   <version>6000000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100242</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_6.1.0.x86_64.xml
index 1f4f49eb34..228f397c67 100644
--- a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
@@ -239,6 +239,7 @@
   <flag name=3D'piix4.acpi-root-pci-hotplug'/>
   <flag name=3D'query-dirty-rate'/>
   <flag name=3D'rbd-encryption'/>
+  <flag name=3D'sev-inject-launch-secret'/>
   <version>6001000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100243</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_6.2.0.x86_64.xml
index b7d6effa94..4288912faf 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
@@ -241,6 +241,7 @@
   <flag name=3D'query-dirty-rate'/>
   <flag name=3D'rbd-encryption'/>
   <flag name=3D'sev-guest-kernel-hashes'/>
+  <flag name=3D'sev-inject-launch-secret'/>
   <version>6002000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100244</microcodeVersion>
--=20
2.34.1


From nobody Fri May  3 20:42:04 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=quarantine dis=quarantine)  header.from=suse.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 164005708412948.513059643497854;
 Mon, 20 Dec 2021 19:24:44 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-183-wMQtECb1PGCqH1WvY47zYg-1; Mon, 20 Dec 2021 22:24:39 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7AA8510151E0;
	Tue, 21 Dec 2021 03:24:33 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 1F14410595A9;
	Tue, 21 Dec 2021 03:24:33 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 77FB61809CBA;
	Tue, 21 Dec 2021 03:24:32 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
	[10.11.54.7])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BL3NhAP024227 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 20 Dec 2021 22:23:44 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id C6A50141DC29; Tue, 21 Dec 2021 03:23:43 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id C152F141DC28
	for <libvir-list@redhat.com>; Tue, 21 Dec 2021 03:23:43 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[207.211.31.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A1518802A5A
	for <libvir-list@redhat.com>; Tue, 21 Dec 2021 03:23:43 +0000 (UTC)
Received: from de-smtp-delivery-102.mimecast.com
	(de-smtp-delivery-102.mimecast.com [194.104.109.102]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	us-mta-591-WZzcuXv_OeWk0NcQXStwSQ-1; Mon, 20 Dec 2021 22:23:41 -0500
Received: from EUR04-VI1-obe.outbound.protection.outlook.com
	(mail-vi1eur04lp2058.outbound.protection.outlook.com [104.47.14.58]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	de-mta-37-4GHORxnxMI-8Cir6g7IqOA-1; Tue, 21 Dec 2021 04:23:38 +0100
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16)
	by AM9PR04MB7490.eurprd04.prod.outlook.com (2603:10a6:20b:2d9::21)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4801.14;
	Tue, 21 Dec 2021 03:23:37 +0000
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::2491:2b2f:154a:acf3]) by
	AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::2491:2b2f:154a:acf3%6]) with mapi id 15.20.4801.020;
	Tue, 21 Dec 2021 03:23:37 +0000
X-MC-Unique: wMQtECb1PGCqH1WvY47zYg-1
X-MC-Unique: WZzcuXv_OeWk0NcQXStwSQ-1
X-MC-Unique: 4GHORxnxMI-8Cir6g7IqOA-1
From: Jim Fehlig <jfehlig@suse.com>
To: libvir-list@redhat.com
Subject: [PATCH V4 4/6] qemu: Implement the virDomainSetLaunchSecurityState
 API
Date: Mon, 20 Dec 2021 20:23:18 -0700
Message-ID: <20211221032320.3601-5-jfehlig@suse.com>
In-Reply-To: <20211221032320.3601-1-jfehlig@suse.com>
References: <20211221032320.3601-1-jfehlig@suse.com>
X-ClientProxiedBy: AM5PR0502CA0006.eurprd05.prod.outlook.com
	(2603:10a6:203:91::16) To AM0PR04MB4899.eurprd04.prod.outlook.com
	(2603:10a6:208:c5::16)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 300e8ea4-0268-41cf-0108-08d9c4314702
X-MS-TrafficTypeDiagnostic: AM9PR04MB7490:EE_
X-Microsoft-Antispam-PRVS: 
 <AM9PR04MB74901C8ED88BB25AE782EA79C67C9@AM9PR04MB7490.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:125
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 
 15GNL40lg3r0ejJAAfJcH+qRUWIe/ku057/9ShiZiEgUq3sKODjBk5+XQvzxuAPAVwsMuAWBczWIjh9Zed7Rd+yvf4RVVwFpV/LXd66jupskQ5dcgvrHGE3UiezFeKAeUkIX9dhIl8zsdA/0B6zw5ewwbzh474icFzfI+9ctO72Uxda4aTrJBiWh5c7HBrb5pQ6QkU5dq209w6OCMb3J3+GD7OBrjT3dPrB23Pql0aU9AzxTFypTd31LrByw7pO4WeyYyoLDmFytu6ASkA1T7WMCoAwbM8GlECWUvWAcXMAxM+45rywNB8Bg4oQvDuN83DKtePOoOiVSLmlj2GG4DRZOrrfEOj7s8U29QplrYpJ5pz2huZn+9sFLQx29Gb297fv6grKGPM9fWJZF5OwrlFftyXoUyML8VE6H2x4BOdmh/oCH2qDCSeH4YaW3diyn+RoFzsXqolsaHc6slihFbjwXnnQv7jJTMQhDknn4s5/ESs6BcuY90csc4W3hNIoYTLAtaiA7Sl00p0hhiLTmLBZdP8vmkjeLAmHbzCeqCXYgte5ohhSvA2kkqXvYgmCgaSi2HpNn34GMYEOZU6mW/oHzHlCQ/Yff0BX5/nqjU4DmBos/ppyY0tcu9TAkNrK+seSYAQVjXEzIbmHA9ruQQkx4Y7XLqVrFwsQsZRgB86yd5/kCOo9h6B7hN0YMvRCt4lRLY/+B9HwgnQmhyquxFwmdijqeY2ky9khkS9cq9Tw=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:AM0PR04MB4899.eurprd04.prod.outlook.com;
	PTR:; CAT:NONE;
	SFS:(366004)(6666004)(6486002)(66946007)(26005)(66556008)(186003)(66476007)(316002)(86362001)(8676002)(2616005)(83380400001)(8936002)(6512007)(1076003)(5660300002)(6506007)(508600001)(6916009)(2906002)(36756003)(38100700002)(145543001)(213903007);
	DIR:OUT; SFP:1101
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?lClpsum8O8pWLvLejZQl2MQM+mB7zp3rekrmGCa8bWTELFwugj+x5lUDSkmO?=
	=?us-ascii?Q?PVKW63YZoMK4p0068Gvt1zBbIPj55PM9t8tSHl6o6IyjzwgJdt182rTNWYhC?=
	=?us-ascii?Q?/uYmpc/5Zq2z/TWhcHYIenMHlxVpgA5x25vqZGnd+K7mi21Ldq5TCMP7zoFI?=
	=?us-ascii?Q?50MxA3XGAvzxySSbfIjtPvG1zAtu9xIXCV+Anr/7EX7fJyW2KPPN3QeiERgC?=
	=?us-ascii?Q?DWlFRbYu0BPPtyM9dWEIhZFeQohpJSPISqm229p5AMb5GujzX+v8Gbhgkwio?=
	=?us-ascii?Q?+NpwldTi2u1I2tGwHNByvXWGnqRT7rwSqtHeNtu/VVejtIQFGrJunQd33vxT?=
	=?us-ascii?Q?NRGIbqp5D1/W7f3AIeFiICXzCzo4NaklFVvs1zjBWABmM+KXA0awjbd4yg9i?=
	=?us-ascii?Q?GZZcUd0CD0HAdUp2xEfyF+6ZhC4Dbl28CI8J9N9COUvjV7pBfkMfnHYzRGZ9?=
	=?us-ascii?Q?i/DHcKan8UZFF+GTJs2ohjz71W6ILkEj2QWkQmHZf9jV9w4vOg7msJ4fLdd2?=
	=?us-ascii?Q?CAuKS4HqPwr8D/Qli3+DJ2e2zOfgVA9KcpdE8tMIDjx8IlWegZ1iLuwXtQ/a?=
	=?us-ascii?Q?W0xPiid+idszBO56FlK6rgIV9lNH+jVMj/oq/75ZXkFExMWONKWrc64zZ5D/?=
	=?us-ascii?Q?QxBsf+emLFuaBhcu7FcTEYgAqrq0v+A0l/kHKuaH8nm/7d+2Z9WGA7GDD7jg?=
	=?us-ascii?Q?KXscG4OthM+JTxdtufuzsgwENuMMfPuFQvKsSrmuqH9hz7qqDzKjzRlJXHrh?=
	=?us-ascii?Q?/5EXv9qM1vnYApn9vAUr/UlDop1C68uToEO+aPYXjOwnSW9G/c8CUTENL6X2?=
	=?us-ascii?Q?WqMc5eqvmZTmK+xxiGHKCQ9vOk38dfqIXonNUsXKEI2v7TNPnkxS+WP7M6To?=
	=?us-ascii?Q?IKf31LeVAP0ftaaZtRaO4SvyA1HKdDO6v6RL8XZWUZJhKR6rjB/9oFqU8kJX?=
	=?us-ascii?Q?LkyUO4yKTpNJ5LjgAs+86mDcPf1NpgWWTZeHEMG+rn98QXHRcngwDp1JzU53?=
	=?us-ascii?Q?/rJxd4DXqnZi8voEusHbh2C3SslEzROVyA009ch7OesJw3c3LBRbhKeQPsu/?=
	=?us-ascii?Q?g5KcaEB/Ytt2A9SnOgjK6rbjGXG3JDVCDxYTiUXsDY/kb278oeGDDyCbfVVx?=
	=?us-ascii?Q?s/eIz2xE3Z617BQ7zV0F/pJp/qT1lGlQj1p2+6UmBik4+ePllf7259L/W1mv?=
	=?us-ascii?Q?Qd4KoXR6eQeoyfTv6RkO9cSPCQnxF3Lk+lOy7ZnJM1LrpDshfVkRzYBjay8Q?=
	=?us-ascii?Q?k9a2zubBOGDJcnnXzIVtwpRdTXmH3ft/0pFoFjM6fFX72kR39hkrAP01eC8v?=
	=?us-ascii?Q?nolQ+d4YbsuXGH/Iq/6DnlJhBxs6KM2pewVgpJjrPLXBMpcp6TIIF9yUzBHm?=
	=?us-ascii?Q?rFfDogHDBz8RFopkybLNHh6d5Xb5yeQHqKKAXE7LVgWBowKuBzWcSbZVfntO?=
	=?us-ascii?Q?i5uwVO2devQiNeA/DiDnLyjCaDfQr3BzS25v/rRwKA1lPKTVMEU448TeJG/9?=
	=?us-ascii?Q?6zMQS30mfqujINlXSujA2CoA04FfTeudtikzREj+lURlETPVo4NdiNmF+unS?=
	=?us-ascii?Q?U0mpViU42ybSXH0ERDWASQ4KvITN9Iqe82kf8DbOSiaYiwfNfBdbydL9M49J?=
	=?us-ascii?Q?yyN99Svs0Q9cLftmsch/vT8=3D?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 300e8ea4-0268-41cf-0108-08d9c4314702
X-MS-Exchange-CrossTenant-AuthSource: AM0PR04MB4899.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2021 03:23:37.6203 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 KFN0G/Qf4Znb8VB1HXPkLbXYNgNcm1zVGXjR+NaHSqd0Dv4Pygf3tASevWoecZ04U/YtV/zOrPiukPAVvi0QSA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7490
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 1BL3NhAP024227
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1640057084912100001
Content-Type: text/plain; charset="utf-8"

Set a launch secret in guest memory using the sev-inject-launch-secret
QMP API. Only supported with qemu >=3D 6.0.0 and SEV-enabled guests in a
paused state.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---

Daniel already r-b V3 of this patch, but I didn't include it since there's
a bit of change in V4.

 src/qemu/qemu_driver.c       | 100 +++++++++++++++++++++++++++++++++++
 src/qemu/qemu_monitor.c      |  14 +++++
 src/qemu/qemu_monitor.h      |   7 +++
 src/qemu/qemu_monitor_json.c |  45 ++++++++++++++++
 src/qemu/qemu_monitor_json.h |   6 +++
 tests/qemumonitorjsontest.c  |   3 ++
 6 files changed, 175 insertions(+)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index b8537a4260..7e8bd5f251 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -20083,6 +20083,105 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr doma=
in,
     return ret;
 }
=20
+
+static int
+qemuDomainSetLaunchSecurityState(virDomainPtr domain,
+                                 virTypedParameterPtr params,
+                                 int nparams,
+                                 unsigned int flags)
+{
+    virQEMUDriver *driver =3D domain->conn->privateData;
+    virDomainObj *vm;
+    int ret =3D -1;
+    int rc;
+    size_t i;
+    g_autoptr(virQEMUCaps) qemucaps =3D NULL;
+    g_autofree char *secrethdr =3D NULL;
+    g_autofree char *secret =3D NULL;
+    unsigned long long setaddr =3D 0;
+    bool hasSetaddr =3D false;
+    int state;
+
+    virCheckFlags(0, -1);
+    if (virTypedParamsValidate(params, nparams,
+                               VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_HEADE=
R,
+                               VIR_TYPED_PARAM_STRING,
+                               VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET,
+                               VIR_TYPED_PARAM_STRING,
+                               VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_SET_A=
DDRESS,
+                               VIR_TYPED_PARAM_ULLONG,
+                               NULL) < 0)
+        return -1;
+
+    if (!(vm =3D qemuDomainObjFromDomain(domain)))
+        goto cleanup;
+
+    if (virDomainSetLaunchSecurityStateEnsureACL(domain->conn, vm->def) < =
0)
+        goto cleanup;
+
+    /* Currently only SEV is supported */
+    if (!vm->def->sec ||
+        vm->def->sec->sectype !=3D VIR_DOMAIN_LAUNCH_SECURITY_SEV) {
+        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+                       _("setting a launch secret is only supported in SEV=
-enabled domains"));
+        goto cleanup;
+    }
+
+    if (!(qemucaps =3D virQEMUCapsCacheLookupDefault(driver->qemuCapsCache,
+                                                   NULL, NULL, NULL, NULL,
+                                                   NULL, NULL, NULL)))
+        goto cleanup;
+
+    if (!virQEMUCapsGet(qemucaps, QEMU_CAPS_SEV_INJECT_LAUNCH_SECRET)) {
+        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+                       _("QEMU does not support setting a launch secret"));
+        goto cleanup;
+    }
+
+    for (i =3D 0; i < nparams; i++) {
+        virTypedParameterPtr param =3D &params[i];
+
+        if (STREQ(param->field, VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_HEAD=
ER)) {
+            secrethdr =3D g_strdup(param->value.s);
+        } else if (STREQ(param->field, VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECR=
ET)) {
+            secret =3D g_strdup(param->value.s);
+        } else if (STREQ(param->field, VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECR=
ET_SET_ADDRESS)) {
+            setaddr =3D  param->value.ul;
+            hasSetaddr =3D true;
+        }
+    }
+
+    if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
+        goto cleanup;
+
+    if (virDomainObjCheckActive(vm) < 0)
+        goto endjob;
+
+    state =3D virDomainObjGetState(vm, NULL);
+    if (state !=3D VIR_DOMAIN_PAUSED) {
+        virReportError(VIR_ERR_OPERATION_INVALID,
+                       "%s", _("domain must be in a paused state"));
+        goto endjob;
+    }
+
+    qemuDomainObjEnterMonitor(driver, vm);
+    rc =3D qemuMonitorSetLaunchSecurityState(QEMU_DOMAIN_PRIVATE(vm)->mon,
+                                           secrethdr, secret, setaddr, has=
Setaddr);
+    qemuDomainObjExitMonitor(driver, vm);
+    if (rc < 0)
+        goto endjob;
+
+    ret =3D 0;
+
+ endjob:
+    qemuDomainObjEndJob(driver, vm);
+
+ cleanup:
+    virDomainObjEndAPI(&vm);
+    return ret;
+}
+
+
 static const unsigned int qemuDomainGetGuestInfoSupportedTypes =3D
     VIR_DOMAIN_GUEST_INFO_USERS |
     VIR_DOMAIN_GUEST_INFO_OS |
@@ -20956,6 +21055,7 @@ static virHypervisorDriver qemuHypervisorDriver =3D=
 {
     .domainAuthorizedSSHKeysSet =3D qemuDomainAuthorizedSSHKeysSet, /* 6.1=
0.0 */
     .domainGetMessages =3D qemuDomainGetMessages, /* 7.1.0 */
     .domainStartDirtyRateCalc =3D qemuDomainStartDirtyRateCalc, /* 7.2.0 */
+    .domainSetLaunchSecurityState =3D qemuDomainSetLaunchSecurityState, /*=
 8.0.0 */
 };
=20
=20
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index dda6ae9796..5272d49c2e 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -4379,6 +4379,20 @@ qemuMonitorGetSEVInfo(qemuMonitor *mon,
 }
=20
=20
+int
+qemuMonitorSetLaunchSecurityState(qemuMonitor *mon,
+                                  const char *secrethdr,
+                                  const char *secret,
+                                  unsigned long long setaddr,
+                                  bool hasSetaddr)
+{
+    QEMU_CHECK_MONITOR(mon);
+
+    return qemuMonitorJSONSetLaunchSecurityState(mon, secrethdr, secret,
+                                                 setaddr, hasSetaddr);
+}
+
+
 int
 qemuMonitorGetPRManagerInfo(qemuMonitor *mon,
                             GHashTable **retinfo)
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 29746f0b8e..87826e6268 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -1454,6 +1454,13 @@ qemuMonitorGetSEVInfo(qemuMonitor *mon,
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
     ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
=20
+int
+qemuMonitorSetLaunchSecurityState(qemuMonitor *mon,
+                                  const char *secrethdr,
+                                  const char *secret,
+                                  unsigned long long setaddr,
+                                  bool hasSetaddr);
+
 typedef struct _qemuMonitorPRManagerInfo qemuMonitorPRManagerInfo;
 struct _qemuMonitorPRManagerInfo {
     bool connected;
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index a3d6eca569..37ee859a33 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -8262,6 +8262,51 @@ qemuMonitorJSONGetSEVInfo(qemuMonitor *mon,
 }
=20
=20
+/**
+ * Set a launch secret in guest memory
+ *
+ * Example JSON:
+ *
+ * { "execute" : "sev-inject-launch-secret",
+ *   "data": { "packet-header": "str", "secret": "str", "gpa": "uint64" } }
+ *
+ * The guest physical address (gpa) parameter is optional
+ */
+int
+qemuMonitorJSONSetLaunchSecurityState(qemuMonitor *mon,
+                                      const char *secrethdr,
+                                      const char *secret,
+                                      unsigned long long setaddr,
+                                      bool hasSetaddr)
+{
+    g_autoptr(virJSONValue) cmd =3D NULL;
+    g_autoptr(virJSONValue) reply =3D NULL;
+
+    if (hasSetaddr) {
+        cmd =3D qemuMonitorJSONMakeCommand("sev-inject-launch-secret",
+                                         "s:packet-header", secrethdr,
+                                         "s:secret", secret,
+                                         "U:gpa", setaddr,
+                                         NULL);
+    } else {
+        cmd =3D qemuMonitorJSONMakeCommand("sev-inject-launch-secret",
+                                         "s:packet-header", secrethdr,
+                                         "s:secret", secret,
+                                         NULL);
+    }
+    if (cmd =3D=3D NULL)
+        return -1;
+
+    if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+        return -1;
+
+    if (qemuMonitorJSONCheckError(cmd, reply) < 0)
+        return -1;
+
+    return 0;
+}
+
+
 /*
  * Example return data
  *
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index e88dfc9d50..64d9ebdaa3 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -476,6 +476,12 @@ qemuMonitorJSONGetVersion(qemuMonitor *mon,
                           char **package)
     ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) ATTRIBUTE_NONNULL(4);
=20
+int qemuMonitorJSONSetLaunchSecurityState(qemuMonitor *mon,
+                                          const char *secrethdr,
+                                          const char *secret,
+                                          unsigned long long setaddr,
+                                          bool hasSetaddr);
+
 int
 qemuMonitorJSONGetMachines(qemuMonitor *mon,
                            qemuMonitorMachineInfo ***machines)
diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c
index 1b0bd0870d..48e2a457ab 100644
--- a/tests/qemumonitorjsontest.c
+++ b/tests/qemumonitorjsontest.c
@@ -1196,6 +1196,8 @@ GEN_TEST_FUNC(qemuMonitorJSONSetAction,
               QEMU_MONITOR_ACTION_REBOOT_RESET,
               QEMU_MONITOR_ACTION_WATCHDOG_SHUTDOWN,
               QEMU_MONITOR_ACTION_PANIC_SHUTDOWN)
+GEN_TEST_FUNC(qemuMonitorJSONSetLaunchSecurityState, "sev_secret_header",
+              "sev_secret", 0, true)
=20
 static int
 testQemuMonitorJSONqemuMonitorJSONNBDServerStart(const void *opaque)
@@ -3067,6 +3069,7 @@ mymain(void)
     DO_TEST_GEN(qemuMonitorJSONJobComplete);
     DO_TEST_GEN(qemuMonitorJSONBlockJobCancel);
     DO_TEST_GEN(qemuMonitorJSONSetAction);
+    DO_TEST_GEN(qemuMonitorJSONSetLaunchSecurityState);
     DO_TEST(qemuMonitorJSONGetBalloonInfo);
     DO_TEST(qemuMonitorJSONGetBlockInfo);
     DO_TEST(qemuMonitorJSONGetAllBlockStatsInfo);
--=20
2.34.1


From nobody Fri May  3 20:42:04 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=quarantine dis=quarantine)  header.from=suse.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1640057174662258.8136724737449;
 Mon, 20 Dec 2021 19:26:14 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-441-fOzpSPtHOempQTEPJ5z6Pw-1; Mon, 20 Dec 2021 22:26:08 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2F33918460F0;
	Tue, 21 Dec 2021 03:26:03 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 0A08472434;
	Tue, 21 Dec 2021 03:26:03 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id CAC214A7CA;
	Tue, 21 Dec 2021 03:26:02 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com
	[10.11.54.10])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BL3Nkgk024240 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 20 Dec 2021 22:23:46 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 2B1EE401411; Tue, 21 Dec 2021 03:23:46 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 26336401E22
	for <libvir-list@redhat.com>; Tue, 21 Dec 2021 03:23:46 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 085F4811E76
	for <libvir-list@redhat.com>; Tue, 21 Dec 2021 03:23:46 +0000 (UTC)
Received: from de-smtp-delivery-102.mimecast.com
	(de-smtp-delivery-102.mimecast.com [194.104.111.102]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	us-mta-211-zSurGj5KPlyhYWOf6pmE7w-1; Mon, 20 Dec 2021 22:23:44 -0500
Received: from EUR01-HE1-obe.outbound.protection.outlook.com
	(mail-he1eur01lp2051.outbound.protection.outlook.com [104.47.0.51]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	de-mta-30-K3BJXJCGMrGCr9pytV2vCw-2; Tue, 21 Dec 2021 04:23:41 +0100
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16)
	by AM9PR04MB7490.eurprd04.prod.outlook.com (2603:10a6:20b:2d9::21)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4801.14;
	Tue, 21 Dec 2021 03:23:41 +0000
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::2491:2b2f:154a:acf3]) by
	AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::2491:2b2f:154a:acf3%6]) with mapi id 15.20.4801.020;
	Tue, 21 Dec 2021 03:23:40 +0000
X-MC-Unique: fOzpSPtHOempQTEPJ5z6Pw-1
X-MC-Unique: zSurGj5KPlyhYWOf6pmE7w-1
X-MC-Unique: K3BJXJCGMrGCr9pytV2vCw-2
From: Jim Fehlig <jfehlig@suse.com>
To: libvir-list@redhat.com
Subject: [PATCH V4 5/6] tools: Add domsetlaunchsecstate virsh command
Date: Mon, 20 Dec 2021 20:23:19 -0700
Message-ID: <20211221032320.3601-6-jfehlig@suse.com>
In-Reply-To: <20211221032320.3601-1-jfehlig@suse.com>
References: <20211221032320.3601-1-jfehlig@suse.com>
X-ClientProxiedBy: AM5PR0502CA0005.eurprd05.prod.outlook.com
	(2603:10a6:203:91::15) To AM0PR04MB4899.eurprd04.prod.outlook.com
	(2603:10a6:208:c5::16)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 68836e60-2d91-43c9-a55c-08d9c43148f6
X-MS-TrafficTypeDiagnostic: AM9PR04MB7490:EE_
X-Microsoft-Antispam-PRVS: 
 <AM9PR04MB7490792680C0F81312176127C67C9@AM9PR04MB7490.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7691
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 
 lqGbSNAk/jYb33P1RyT9IWekdoXc1twPyasgs9+KXQG6KzzN3Qjbq1V0dCPcIOijZ4BbPMnGwcP3IskYPA3A7y4gM5jwdqLrVBn2Ft5AtGzWN2KBcq3nF8YdbKE7V66c1l29fyG3kGxnGvCMUmWkzhZZb4j9jB5QW1bvqhmXTkl4eCZSToY5zq3FvgM+Q+ETWpxENETdFcAqcmrXTJONZqWhks3NrY4rLZKV0QIeLEusnGMTamI9TtCq9ilJaFTILS/dXnZgMB7dObg7pQoyhjqGdFspS26At/835nX9WKQqR1VpiokoLAGqcP39j+5B3RUqh/4oFFiujASAJeUwIe6c74W210nrY7Vu4qJa/b51WEltrP4ZfmPk/o9X+9IZ3ljBl4D8FnlXgIUO0cQTWfoR5SWQGhDmKQRZLZMEwndX9aSmcQUUdWswmDQXJ91/9j3fbnR8pS72KdwDmosKf9bm1SSalkcukv6WNZJnVm3g/ATg9Rhcag1m0C+2UId9RCY3l9XQKo7zvQ/8F9yqOe235FT+LZnSGUzK6cUfJbwMDCr5xdSvSKNKtzFlNBANwMMES9bbQ+QzGd/Nbbib7jVcsR+/Hx9GLUUFy45mPy1oIZhzWQewvz3iJj1rGkDQR3/BH6l6CeZbYoIqWq+7EQ==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:AM0PR04MB4899.eurprd04.prod.outlook.com;
	PTR:; CAT:NONE;
	SFS:(366004)(6666004)(6486002)(450100002)(66946007)(26005)(66556008)(186003)(66476007)(316002)(4326008)(86362001)(8676002)(2616005)(83380400001)(8936002)(6512007)(1076003)(5660300002)(6506007)(508600001)(6916009)(2906002)(36756003)(38100700002);
	DIR:OUT; SFP:1101
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?POTp/GYMlK+D/BHvN14lXreCQylgbw+ktVCd2VSXO1FS3A1dNtnje9LCmK0N?=
	=?us-ascii?Q?bLgMcTHAZErNDhWbYPoC0qwsvZ8cBF3x38dHYNdF5IcyuUIAF5360/1DUOyk?=
	=?us-ascii?Q?eRiOEUihpgXrpXZrmfyay2mCRMDfqBYx4UbY3gFJODCGl/ReAXQi7m3AVxoG?=
	=?us-ascii?Q?GksHko5frNMrh7LZccHOfrNrpFdhADVVGOYuW0KqPeUCz6OHbiFyo29s0XGn?=
	=?us-ascii?Q?aTVsQPd6riPS5kh6prsAy9PGXLPFTjRDIO/+GX48ng5K7f0FB3B0XwCbcO74?=
	=?us-ascii?Q?km671xzrgDlxx3TiPeG+gJLS4hND5keCjeQ7iKEddMZ/Yvqry+BMoFbj+4rF?=
	=?us-ascii?Q?yLmI9NOfTxlcSoxweh/CIkagCZUwFFBLXxqh/tLw6gb2dOxmYJxN6Opn186f?=
	=?us-ascii?Q?KQj1abCBITQo7stzMe+mNlkPts59TcXuOzVVtb6sC7EBFCpMroMJaGYDvQFL?=
	=?us-ascii?Q?XM5USDGH0d2xgo/AeYSOnHP0ztXd5adbW6DK/XIs2dCWLVB8fBuT2IEJf7IG?=
	=?us-ascii?Q?8yTDLUL/tg6DA7wef4DhoGtuqHO5ZOXa2CLtbJjyAiD1T2rbu7vriUao2t3y?=
	=?us-ascii?Q?bdmIZG5oMBbS00oUoT2WQH89CcwmzSlTkdl14nOpk4UkKO3jYrbwst/tnE2r?=
	=?us-ascii?Q?zBXabwStcv3Yk8tzn5rJFo6XvDnslLCYK+t13bVyRaNuJl0xQpuNem6Wa8vE?=
	=?us-ascii?Q?8wTybKA/55I2MLRuOVjTvxNho9IxyQfDsIKrckYcsIXdUxl+0Yb0Pr/l+s7L?=
	=?us-ascii?Q?T3+4XgysGRjqJ1IP3SHssjuPabc+DH+uwANTus9WQuvZ/WACmhWflafd5myP?=
	=?us-ascii?Q?bSLqlJewjyhZPtrovklHxMxaR5dBV0Kxu/39A32tmRBF37Chngz6y93ayQC8?=
	=?us-ascii?Q?8jy6zIFmVnRfe04XL+UVdahrtRP6nVV7YQgmrINfEe0RU576V/v7kn9DAi5z?=
	=?us-ascii?Q?8y0gSyN7WvWIOzEXdXcxP6Xf5q+9anm6a5vUinWzOibUkLeU9CRjUfK8HEYQ?=
	=?us-ascii?Q?WNhjzeZS70Ysf0fBH0giADWa4iau7i/xtez8e2M6MYRYo5dyijMNBxUJQi9d?=
	=?us-ascii?Q?DmyqP+0uTGJXMCaC6MFpEgcQ8WEvTyi6JRb7XzfWghSzTOZft+sZnX8PXrsC?=
	=?us-ascii?Q?2v7JzcxD+eTfEFvcJgL5kEcYkgV/+mCUatwEloGB/psP2FuaH57K8KCxK9wO?=
	=?us-ascii?Q?YA5CudI2oCQMOSYShK3xr4NnptGXAgor+81kGt1fE05egsK524EI9buMx04c?=
	=?us-ascii?Q?mWkklmq3zGwKGquDy4radxXJq0OS5exDLiabcJ5P72oj0rHIfN8QicaaCNaI?=
	=?us-ascii?Q?JRZiL1VvpbpmPFD7vjzUYP20dh8GwxeOFIf8NfYVcBuEwGJeevnPGEcIzn5e?=
	=?us-ascii?Q?LIn1zTj98uJ0CyNlnXwJZoaJBWuC6yDPB/1iaXosyyTH06z7JCi9nxt0wwyc?=
	=?us-ascii?Q?verKev1R9E2ndtVHfLwuocwDEkgoZalgNEhhwhnOgAJaC9iwT7f58Dle2kNv?=
	=?us-ascii?Q?yS0Bfd8SUTTsnWoJxtsN+Jp+h4pBYj2iRdNP0mCxERn6SrJLIWqoiU+qKhGj?=
	=?us-ascii?Q?GOIShj1AZPBmtDldqkJglqBQjYPGT416tuqHms1KZhXUgfAS7eRVHq/n/VH6?=
	=?us-ascii?Q?+ae7DARN7bOig0uh+i2O4tY=3D?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 68836e60-2d91-43c9-a55c-08d9c43148f6
X-MS-Exchange-CrossTenant-AuthSource: AM0PR04MB4899.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2021 03:23:40.8857 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 3CrDOeL9gvG12ACq9Nyd94kFTQEmrScH2PWkzVI0VnIX5STJ6KcjvPGnyzGZpulMhfOqOcbWAr3Ok17dxEjLZA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7490
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.10
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 1BL3Nkgk024240
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1640057176123100001

After attesting a domain with the help of domlaunchsecinfo,
domsetlaunchsecstate can be used to set a secret in the guest
domain's memory prior to running the vcpus.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 docs/manpages/virsh.rst |  25 ++++++++++
 tools/virsh-domain.c    | 107 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 132 insertions(+)

diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 9decdee925..dd534c10cb 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -2088,6 +2088,31 @@ launch security protection is active. If none is act=
ive, no parameters
 will be reported.
=20
=20
+domsetlaunchsecstate
+--------------------
+
+**Syntax:**
+
+::
+
+   domsetlaunchsecstate domain --secrethdr hdr-filename
+       --secret secret-filename [--set-address address]
+
+Set a launch security secret in the guest's memory. The guest must have a
+launchSecurity type enabled in its configuration and be in a paused state.
+On success, the guest can be transitioned to a running state. On failure,
+the guest should be destroyed.
+
+*--secrethdr* specifies a filename containing the base64-encoded secret he=
ader.
+The header includes artifacts needed by the hypervisor firmware to recover=
 the
+plain text of the launch secret. *--secret* specifies the filename contain=
ing
+the base64-encoded encrypted launch secret.
+
+The *--set-address* option can be used to specify a physical address within
+the guest's memory to set the secret. If not specified, the address will be
+determined by the hypervisor.
+
+
 dommemstat
 ----------
=20
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index f086c2dd4b..b56f6a90f5 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -9571,6 +9571,107 @@ cmdDomLaunchSecInfo(vshControl * ctl, const vshCmd =
* cmd)
     return ret;
 }
=20
+/*
+ * "domsetlaunchsecstate" command
+ */
+static const vshCmdInfo info_domsetlaunchsecstate[] =3D {
+    {.name =3D "help",
+     .data =3D N_("Set domain launch security state")
+    },
+    {.name =3D "desc",
+     .data =3D N_("Set a secret in the guest domain's memory")
+    },
+    {.name =3D NULL}
+};
+
+static const vshCmdOptDef opts_domsetlaunchsecstate[] =3D {
+    VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+    {.name =3D "secrethdr",
+     .type =3D VSH_OT_STRING,
+     .flags =3D VSH_OFLAG_REQ_OPT,
+     .help =3D N_("path to file containing the secret header"),
+    },
+    {.name =3D "secret",
+     .type =3D VSH_OT_STRING,
+     .flags =3D VSH_OFLAG_REQ_OPT,
+     .help =3D N_("path to file containing the secret"),
+    },
+    {.name =3D "set-address",
+     .type =3D VSH_OT_INT,
+     .help =3D N_("physical address within the guest domain's memory to se=
t the secret"),
+    },
+    {.name =3D NULL}
+};
+
+static bool
+cmdDomSetLaunchSecState(vshControl * ctl, const vshCmd * cmd)
+{
+    g_autoptr(virshDomain) dom =3D NULL;
+    const char *sechdrfile =3D NULL;
+    const char *secfile =3D NULL;
+    g_autofree char *sechdr =3D NULL;
+    g_autofree char *sec =3D NULL;
+    unsigned long long setaddr;
+    virTypedParameterPtr params =3D NULL;
+    int nparams =3D 0;
+    int maxparams =3D 0;
+    int rv;
+    bool ret =3D false;
+
+    if (!(dom =3D virshCommandOptDomain(ctl, cmd, NULL)))
+        return false;
+
+    if (vshCommandOptStringReq(ctl, cmd, "secrethdr", &sechdrfile) < 0)
+        return false;
+
+    if (vshCommandOptStringReq(ctl, cmd, "secret", &secfile) < 0)
+        return false;
+
+    if (sechdrfile =3D=3D NULL || secfile =3D=3D NULL)
+        return false;
+
+    if (virFileReadAll(sechdrfile, 1024*64, &sechdr) < 0) {
+        vshSaveLibvirtError();
+        return false;
+    }
+
+    if (virFileReadAll(secfile, 1024*64, &sec) < 0) {
+        vshSaveLibvirtError();
+        return false;
+    }
+
+    if (virTypedParamsAddString(&params, &nparams, &maxparams,
+                                VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_HEAD=
ER,
+                                sechdr) < 0)
+        return false;
+
+    if (virTypedParamsAddString(&params, &nparams, &maxparams,
+                                VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET,
+                                sec) < 0)
+        return false;
+
+
+    if ((rv =3D vshCommandOptULongLong(ctl, cmd, "set-address", &setaddr))=
 < 0) {
+        return false;
+    } else if (rv > 0) {
+        if (virTypedParamsAddULLong(&params, &nparams, &maxparams,
+                                    VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_=
SET_ADDRESS,
+                                    setaddr) < 0)
+            return false;
+    }
+
+    if (virDomainSetLaunchSecurityState(dom, params, nparams, 0) !=3D 0) {
+        vshError(ctl, "%s", _("Unable to set launch security state"));
+        goto cleanup;
+    }
+
+    ret =3D true;
+
+ cleanup:
+    virTypedParamsFree(params, nparams);
+    return ret;
+}
+
 /*
  * "qemu-monitor-command" command
  */
@@ -14596,6 +14697,12 @@ const vshCmdDef domManagementCmds[] =3D {
      .info =3D info_domlaunchsecinfo,
      .flags =3D 0
     },
+    {.name =3D "domsetlaunchsecstate",
+     .handler =3D cmdDomSetLaunchSecState,
+     .opts =3D opts_domsetlaunchsecstate,
+     .info =3D info_domsetlaunchsecstate,
+     .flags =3D 0
+    },
     {.name =3D "domname",
      .handler =3D cmdDomname,
      .opts =3D opts_domname,
--=20
2.34.1


From nobody Fri May  3 20:42:04 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=quarantine dis=quarantine)  header.from=suse.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1640057177207315.38299960386485;
 Mon, 20 Dec 2021 19:26:17 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-1-RImCC7jDP2ya107HXixfvg-1; Mon, 20 Dec 2021 22:26:14 -0500
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C20D9801B2A;
	Tue, 21 Dec 2021 03:26:07 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8977110595B8;
	Tue, 21 Dec 2021 03:26:07 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 59C6B4A7C8;
	Tue, 21 Dec 2021 03:26:07 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
	[10.11.54.2])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1BL3Nmua024258 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 20 Dec 2021 22:23:48 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 9EAC740149AF; Tue, 21 Dec 2021 03:23:48 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 999B740149AA
	for <libvir-list@redhat.com>; Tue, 21 Dec 2021 03:23:48 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 81BDC1064E69
	for <libvir-list@redhat.com>; Tue, 21 Dec 2021 03:23:48 +0000 (UTC)
Received: from de-smtp-delivery-102.mimecast.com
	(de-smtp-delivery-102.mimecast.com [194.104.109.102]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	us-mta-554-QEGq1h-FN-m9TI6J11wBqQ-1; Mon, 20 Dec 2021 22:23:47 -0500
Received: from EUR04-VI1-obe.outbound.protection.outlook.com
	(mail-vi1eur04lp2051.outbound.protection.outlook.com [104.47.14.51]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	de-mta-39-SkfEeAjoOeifUk0DYQghBA-1; Tue, 21 Dec 2021 04:23:44 +0100
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16)
	by AM9PR04MB7490.eurprd04.prod.outlook.com (2603:10a6:20b:2d9::21)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4801.14;
	Tue, 21 Dec 2021 03:23:44 +0000
Received: from AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::2491:2b2f:154a:acf3]) by
	AM0PR04MB4899.eurprd04.prod.outlook.com
	([fe80::2491:2b2f:154a:acf3%6]) with mapi id 15.20.4801.020;
	Tue, 21 Dec 2021 03:23:44 +0000
X-MC-Unique: RImCC7jDP2ya107HXixfvg-1
X-MC-Unique: QEGq1h-FN-m9TI6J11wBqQ-1
X-MC-Unique: SkfEeAjoOeifUk0DYQghBA-1
From: Jim Fehlig <jfehlig@suse.com>
To: libvir-list@redhat.com
Subject: [PATCH V4 6/6] NEWS: Mention new virDomainSetLaunchSecurityState API
Date: Mon, 20 Dec 2021 20:23:20 -0700
Message-ID: <20211221032320.3601-7-jfehlig@suse.com>
In-Reply-To: <20211221032320.3601-1-jfehlig@suse.com>
References: <20211221032320.3601-1-jfehlig@suse.com>
X-ClientProxiedBy: FR3P281CA0044.DEUP281.PROD.OUTLOOK.COM
	(2603:10a6:d10:4a::7) To AM0PR04MB4899.eurprd04.prod.outlook.com
	(2603:10a6:208:c5::16)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 993f0f0d-68ac-4531-8527-08d9c4314ae6
X-MS-TrafficTypeDiagnostic: AM9PR04MB7490:EE_
X-Microsoft-Antispam-PRVS: 
 <AM9PR04MB74902CED16477864AE6CE2BBC67C9@AM9PR04MB7490.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:2449
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 
 2AhGpskeXwGH2SYicJnY+NAfB4UtWiGvKPjXjhXedbA7EfgbMFzpxL7uRwS7P/1YIKHxnfo+YFFLbKUoQ/4fjzTIdk+mt9fnr5pnqI9zwEXjqD5Hn2QXxxHOgi09DH3He10K34kUF0aATksN3pTiNl3hsFRP1TSk6U4CSSRr+orPLjCmI9Enw/21MSYTaQnq1yfCpA9V73+zZ78VZ4a3sya/I2Y7YXAnFa6oeJtlEYP0ig/bNUBYpD/I0X4KnDSuRX2MF2uCGfpYuO+evo6lSWBnuHGG3jo3eHUvxKTiEPBKyhNTi4zujqZAt7eZR+xBu6qS0f9ZpYb/L2zwqFhczrYZJJMFO7tIZlPgo9KcGX72qyOELQdaFudXt/EA8EWeu6XKg6nECgzeOGCu9a3puyTtVpAkAFYe9o23NADR3EwHRMOztVMoeslBI55NZGmfx7AWLn6Xw+i3kjIOli2WZyQ6Gt2j1z2e5DEj7DszgKlhWDVd2nIAKFcNbaH95t4FE0hyJ769IxrZDdAWcqvPSUjulmsdwBywNQluCZABb6yOvhoB1UUPq6IeH3nlNsNXMk4uoUy5PJlNCi1LU2MLWfkT8s3V2Tju1tavnshz+HFgLjhoOf7QdTWItCIqxi8/jsocphxzVwCciegcOGctpMEdpkQE41nHb+gneTlrKqjQUebRB1DJBZT95FyzrUUhEapws4TQk7xhuWzz8jz8Kqbf0sMs2/w5jigb7t9Pb2o=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
	IPV:NLI; SFV:NSPM; H:AM0PR04MB4899.eurprd04.prod.outlook.com;
	PTR:; CAT:NONE;
	SFS:(366004)(6666004)(6486002)(66946007)(26005)(66556008)(186003)(66476007)(316002)(86362001)(8676002)(2616005)(83380400001)(8936002)(6512007)(1076003)(5660300002)(4744005)(6506007)(508600001)(6916009)(2906002)(36756003)(38100700002)(145543001)(213903007);
	DIR:OUT; SFP:1101
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?1ti6Z31pfmjl+EospWVdWbgjhhZaPKrVE/NOYhzVoGFrw6Z1a4MsjkS5yG59?=
	=?us-ascii?Q?9vT1N4wV0xtC9vAi11pTfQssj8gegk4m61l+ZPGm9HQSziqKcnUFC7u6rUts?=
	=?us-ascii?Q?oz+TVsns9C1P2JvKDoybS67+UO5fLPPF2FPx2h/JzRrfRkqzhdrp1ztueKDq?=
	=?us-ascii?Q?VYe5yUmW4raJrwCPkjxPh0qHZtwAgu1n0WoIxRfVDt9qEg286cRPTpmvolIy?=
	=?us-ascii?Q?LT/j38j0UPTRlLpmqO7IJtmb0Wvy6u/MSetmLyXtqHrrtngIGU64XJkxqRzB?=
	=?us-ascii?Q?H/uNbAHSJbVhnsZrYdzQ3LqPaORPERigN8BxQgjqvk1nEV81sQ7/3WaLsmx/?=
	=?us-ascii?Q?KewPCuJhz2zsKzpQccmGwB5zaauf9Gw7bYGqf7LlSga20wx4VSeu3f7ZMMRd?=
	=?us-ascii?Q?wVUT1ij+HQLsgj/DS1/7Gr4uMb+zHKovXyKZ9TmIqkUzJpFsxKU3JhEwAwkW?=
	=?us-ascii?Q?GG0mR98Ti4SdWOsVBLhMo5ijnOInC6VdDm+BGdxyy/Mvh8OYAKTLJmiIC8gb?=
	=?us-ascii?Q?leiJHqxDsBqvkAjBd59f1O+HQ1es9mF9xgmroI6NLsPj1zYy0Yvcs/e979dZ?=
	=?us-ascii?Q?hRcf7TWw3aPCXiXeyD3vz2Lc6jQYzd3AsvWn20w5zOWTMSDqWMCkuu2I1JHl?=
	=?us-ascii?Q?QsS9jQ1OMUUlIfbNkBpAkNz72hYl/fqqVdfjD0OxNZV7RymFGqLDn4sRqNoL?=
	=?us-ascii?Q?I77FrNVD+ZBSFccar5lsT8GjsPoSPEFSanCnS9quJs7QONSNrrvtOrMkG14g?=
	=?us-ascii?Q?eVPMflCQSGY4EPWZ/i+7VhXmG3UxOztG57AevnydwneMWXxMAEwXLJoZafcW?=
	=?us-ascii?Q?bpet1M3+JMqm3KLzZeKG5KUQOUERyjyKnSHRiw51mYfRP067BiGpiRlpoorG?=
	=?us-ascii?Q?323bHiOi4V0J8tuPqQnuejH5g2iGQBVXGFVaBVCW8svTu/Hbv3NA/SVMu1+4?=
	=?us-ascii?Q?TUiFrUjb+Vtl+slZUNR2w+XYBTMzme6t27uRj4UYrtaAmctAPDtHzFribmWQ?=
	=?us-ascii?Q?n27MBqRzGip5Y+A3X6L6hHTgFq+xLOvznrlJedIRSZAfznh0db1NPWfY+J5T?=
	=?us-ascii?Q?onfzE8RjjkUXKAMHbbPVMfsZRFBP9qapAqaWTCLAFGKxa7bPtNbY8dNCqhGY?=
	=?us-ascii?Q?SwUeLd4LM2/Dq2OndivF/4UCzJomWJe2GIsoYp23/6v7dPPUkSoTWOHb7Ybr?=
	=?us-ascii?Q?ycSFtKGEnD8lw8rCzMGLezVjsmqW/qX6DTSoLG6G8oUBTcmohHD/JKIj52S0?=
	=?us-ascii?Q?CuMzIUwEgDkgwTND+85UbVvx4e3+hbUO4Akdtk4KZcvngtwAA0Rwm0INFxxK?=
	=?us-ascii?Q?ysdZKczgWYtJRHa8r2AEN3x9F4SIumeMuD4n23bTYJ72OuM1VcYwKIQBkVv4?=
	=?us-ascii?Q?xSj0H6hoqmcDbppFeBmK7J+6gnDuSgUBTgc7/CQKdLJONwY9RScm/ZaSehI3?=
	=?us-ascii?Q?M4NoF+a8Fv1uUfj1kcAyYWEuiryDNoAmdc7I6d4zK8ajaUi7BY3EFvt6CWJa?=
	=?us-ascii?Q?YHmknFCKollLIx0vym3xcYXabmGKFcYMVljvuYJotGeQtcJMPdrsKQLJFffZ?=
	=?us-ascii?Q?c9y1+tRHRKdrR1YOmBCuaBHtEz6296buZoTCvX/+EdR6h6aeGKiWWHEm6/Ny?=
	=?us-ascii?Q?1WgjvZbzTDblALfkmik43Pw=3D?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 993f0f0d-68ac-4531-8527-08d9c4314ae6
X-MS-Exchange-CrossTenant-AuthSource: AM0PR04MB4899.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2021 03:23:44.0104 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 aGl9tSjYcOubrIF6IoenoqDyfQaI82v8gpZBV0gycAcKWHR5EkItH5sS/UABlVuz5A8DW5cK/ncSqfOa/UWtEw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7490
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 1BL3Nmua024258
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1640057178293100001
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
 NEWS.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/NEWS.rst b/NEWS.rst
index e7d5316721..2c9604d372 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -42,6 +42,12 @@ v8.0.0 (unreleased)
     Libvirt is now able to set the size of translation block cache size
     (tb-size) for TCG domains.
=20
+    * qemu: Add new API to inject a launch secret in a domain
+
+    New API ``virDomainSetLaunchSecurityState()`` and virsh command
+    ``domsetlaunchsecstate`` are added to support injecting a launch secret
+    in a domain's memory.
+
 * **Improvements**
=20
 * **Bug fixes**
--=20
2.34.1