From nobody Mon Feb 9 12:42:59 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=quarantine dis=quarantine) header.from=suse.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 164005708412948.513059643497854; Mon, 20 Dec 2021 19:24:44 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-183-wMQtECb1PGCqH1WvY47zYg-1; Mon, 20 Dec 2021 22:24:39 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7AA8510151E0; Tue, 21 Dec 2021 03:24:33 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1F14410595A9; Tue, 21 Dec 2021 03:24:33 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 77FB61809CBA; Tue, 21 Dec 2021 03:24:32 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1BL3NhAP024227 for ; Mon, 20 Dec 2021 22:23:44 -0500 Received: by smtp.corp.redhat.com (Postfix) id C6A50141DC29; Tue, 21 Dec 2021 03:23:43 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C152F141DC28 for ; Tue, 21 Dec 2021 03:23:43 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A1518802A5A for ; Tue, 21 Dec 2021 03:23:43 +0000 (UTC) Received: from de-smtp-delivery-102.mimecast.com (de-smtp-delivery-102.mimecast.com [194.104.109.102]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-591-WZzcuXv_OeWk0NcQXStwSQ-1; Mon, 20 Dec 2021 22:23:41 -0500 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04lp2058.outbound.protection.outlook.com [104.47.14.58]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id de-mta-37-4GHORxnxMI-8Cir6g7IqOA-1; Tue, 21 Dec 2021 04:23:38 +0100 Received: from AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16) by AM9PR04MB7490.eurprd04.prod.outlook.com (2603:10a6:20b:2d9::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4801.14; Tue, 21 Dec 2021 03:23:37 +0000 Received: from AM0PR04MB4899.eurprd04.prod.outlook.com ([fe80::2491:2b2f:154a:acf3]) by AM0PR04MB4899.eurprd04.prod.outlook.com ([fe80::2491:2b2f:154a:acf3%6]) with mapi id 15.20.4801.020; Tue, 21 Dec 2021 03:23:37 +0000 X-MC-Unique: wMQtECb1PGCqH1WvY47zYg-1 X-MC-Unique: WZzcuXv_OeWk0NcQXStwSQ-1 X-MC-Unique: 4GHORxnxMI-8Cir6g7IqOA-1 From: Jim Fehlig To: libvir-list@redhat.com Subject: [PATCH V4 4/6] qemu: Implement the virDomainSetLaunchSecurityState API Date: Mon, 20 Dec 2021 20:23:18 -0700 Message-ID: <20211221032320.3601-5-jfehlig@suse.com> In-Reply-To: <20211221032320.3601-1-jfehlig@suse.com> References: <20211221032320.3601-1-jfehlig@suse.com> X-ClientProxiedBy: AM5PR0502CA0006.eurprd05.prod.outlook.com (2603:10a6:203:91::16) To AM0PR04MB4899.eurprd04.prod.outlook.com (2603:10a6:208:c5::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 300e8ea4-0268-41cf-0108-08d9c4314702 X-MS-TrafficTypeDiagnostic: AM9PR04MB7490:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:125 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0 X-Microsoft-Antispam-Message-Info: 15GNL40lg3r0ejJAAfJcH+qRUWIe/ku057/9ShiZiEgUq3sKODjBk5+XQvzxuAPAVwsMuAWBczWIjh9Zed7Rd+yvf4RVVwFpV/LXd66jupskQ5dcgvrHGE3UiezFeKAeUkIX9dhIl8zsdA/0B6zw5ewwbzh474icFzfI+9ctO72Uxda4aTrJBiWh5c7HBrb5pQ6QkU5dq209w6OCMb3J3+GD7OBrjT3dPrB23Pql0aU9AzxTFypTd31LrByw7pO4WeyYyoLDmFytu6ASkA1T7WMCoAwbM8GlECWUvWAcXMAxM+45rywNB8Bg4oQvDuN83DKtePOoOiVSLmlj2GG4DRZOrrfEOj7s8U29QplrYpJ5pz2huZn+9sFLQx29Gb297fv6grKGPM9fWJZF5OwrlFftyXoUyML8VE6H2x4BOdmh/oCH2qDCSeH4YaW3diyn+RoFzsXqolsaHc6slihFbjwXnnQv7jJTMQhDknn4s5/ESs6BcuY90csc4W3hNIoYTLAtaiA7Sl00p0hhiLTmLBZdP8vmkjeLAmHbzCeqCXYgte5ohhSvA2kkqXvYgmCgaSi2HpNn34GMYEOZU6mW/oHzHlCQ/Yff0BX5/nqjU4DmBos/ppyY0tcu9TAkNrK+seSYAQVjXEzIbmHA9ruQQkx4Y7XLqVrFwsQsZRgB86yd5/kCOo9h6B7hN0YMvRCt4lRLY/+B9HwgnQmhyquxFwmdijqeY2ky9khkS9cq9Tw= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR04MB4899.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(6666004)(6486002)(66946007)(26005)(66556008)(186003)(66476007)(316002)(86362001)(8676002)(2616005)(83380400001)(8936002)(6512007)(1076003)(5660300002)(6506007)(508600001)(6916009)(2906002)(36756003)(38100700002)(145543001)(213903007); DIR:OUT; SFP:1101 X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?lClpsum8O8pWLvLejZQl2MQM+mB7zp3rekrmGCa8bWTELFwugj+x5lUDSkmO?= =?us-ascii?Q?PVKW63YZoMK4p0068Gvt1zBbIPj55PM9t8tSHl6o6IyjzwgJdt182rTNWYhC?= =?us-ascii?Q?/uYmpc/5Zq2z/TWhcHYIenMHlxVpgA5x25vqZGnd+K7mi21Ldq5TCMP7zoFI?= =?us-ascii?Q?50MxA3XGAvzxySSbfIjtPvG1zAtu9xIXCV+Anr/7EX7fJyW2KPPN3QeiERgC?= =?us-ascii?Q?DWlFRbYu0BPPtyM9dWEIhZFeQohpJSPISqm229p5AMb5GujzX+v8Gbhgkwio?= =?us-ascii?Q?+NpwldTi2u1I2tGwHNByvXWGnqRT7rwSqtHeNtu/VVejtIQFGrJunQd33vxT?= =?us-ascii?Q?NRGIbqp5D1/W7f3AIeFiICXzCzo4NaklFVvs1zjBWABmM+KXA0awjbd4yg9i?= =?us-ascii?Q?GZZcUd0CD0HAdUp2xEfyF+6ZhC4Dbl28CI8J9N9COUvjV7pBfkMfnHYzRGZ9?= =?us-ascii?Q?i/DHcKan8UZFF+GTJs2ohjz71W6ILkEj2QWkQmHZf9jV9w4vOg7msJ4fLdd2?= =?us-ascii?Q?CAuKS4HqPwr8D/Qli3+DJ2e2zOfgVA9KcpdE8tMIDjx8IlWegZ1iLuwXtQ/a?= =?us-ascii?Q?W0xPiid+idszBO56FlK6rgIV9lNH+jVMj/oq/75ZXkFExMWONKWrc64zZ5D/?= =?us-ascii?Q?QxBsf+emLFuaBhcu7FcTEYgAqrq0v+A0l/kHKuaH8nm/7d+2Z9WGA7GDD7jg?= =?us-ascii?Q?KXscG4OthM+JTxdtufuzsgwENuMMfPuFQvKsSrmuqH9hz7qqDzKjzRlJXHrh?= =?us-ascii?Q?/5EXv9qM1vnYApn9vAUr/UlDop1C68uToEO+aPYXjOwnSW9G/c8CUTENL6X2?= =?us-ascii?Q?WqMc5eqvmZTmK+xxiGHKCQ9vOk38dfqIXonNUsXKEI2v7TNPnkxS+WP7M6To?= =?us-ascii?Q?IKf31LeVAP0ftaaZtRaO4SvyA1HKdDO6v6RL8XZWUZJhKR6rjB/9oFqU8kJX?= =?us-ascii?Q?LkyUO4yKTpNJ5LjgAs+86mDcPf1NpgWWTZeHEMG+rn98QXHRcngwDp1JzU53?= =?us-ascii?Q?/rJxd4DXqnZi8voEusHbh2C3SslEzROVyA009ch7OesJw3c3LBRbhKeQPsu/?= =?us-ascii?Q?g5KcaEB/Ytt2A9SnOgjK6rbjGXG3JDVCDxYTiUXsDY/kb278oeGDDyCbfVVx?= =?us-ascii?Q?s/eIz2xE3Z617BQ7zV0F/pJp/qT1lGlQj1p2+6UmBik4+ePllf7259L/W1mv?= =?us-ascii?Q?Qd4KoXR6eQeoyfTv6RkO9cSPCQnxF3Lk+lOy7ZnJM1LrpDshfVkRzYBjay8Q?= =?us-ascii?Q?k9a2zubBOGDJcnnXzIVtwpRdTXmH3ft/0pFoFjM6fFX72kR39hkrAP01eC8v?= =?us-ascii?Q?nolQ+d4YbsuXGH/Iq/6DnlJhBxs6KM2pewVgpJjrPLXBMpcp6TIIF9yUzBHm?= =?us-ascii?Q?rFfDogHDBz8RFopkybLNHh6d5Xb5yeQHqKKAXE7LVgWBowKuBzWcSbZVfntO?= =?us-ascii?Q?i5uwVO2devQiNeA/DiDnLyjCaDfQr3BzS25v/rRwKA1lPKTVMEU448TeJG/9?= =?us-ascii?Q?6zMQS30mfqujINlXSujA2CoA04FfTeudtikzREj+lURlETPVo4NdiNmF+unS?= =?us-ascii?Q?U0mpViU42ybSXH0ERDWASQ4KvITN9Iqe82kf8DbOSiaYiwfNfBdbydL9M49J?= =?us-ascii?Q?yyN99Svs0Q9cLftmsch/vT8=3D?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 300e8ea4-0268-41cf-0108-08d9c4314702 X-MS-Exchange-CrossTenant-AuthSource: AM0PR04MB4899.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2021 03:23:37.6203 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KFN0G/Qf4Znb8VB1HXPkLbXYNgNcm1zVGXjR+NaHSqd0Dv4Pygf3tASevWoecZ04U/YtV/zOrPiukPAVvi0QSA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7490 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 1BL3NhAP024227 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1640057084912100001 Content-Type: text/plain; charset="utf-8" Set a launch secret in guest memory using the sev-inject-launch-secret QMP API. Only supported with qemu >=3D 6.0.0 and SEV-enabled guests in a paused state. Signed-off-by: Jim Fehlig Reviewed-by: Daniel P. Berrang=C3=A9 --- Daniel already r-b V3 of this patch, but I didn't include it since there's a bit of change in V4. src/qemu/qemu_driver.c | 100 +++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor.c | 14 +++++ src/qemu/qemu_monitor.h | 7 +++ src/qemu/qemu_monitor_json.c | 45 ++++++++++++++++ src/qemu/qemu_monitor_json.h | 6 +++ tests/qemumonitorjsontest.c | 3 ++ 6 files changed, 175 insertions(+) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index b8537a4260..7e8bd5f251 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -20083,6 +20083,105 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr doma= in, return ret; } =20 + +static int +qemuDomainSetLaunchSecurityState(virDomainPtr domain, + virTypedParameterPtr params, + int nparams, + unsigned int flags) +{ + virQEMUDriver *driver =3D domain->conn->privateData; + virDomainObj *vm; + int ret =3D -1; + int rc; + size_t i; + g_autoptr(virQEMUCaps) qemucaps =3D NULL; + g_autofree char *secrethdr =3D NULL; + g_autofree char *secret =3D NULL; + unsigned long long setaddr =3D 0; + bool hasSetaddr =3D false; + int state; + + virCheckFlags(0, -1); + if (virTypedParamsValidate(params, nparams, + VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_HEADE= R, + VIR_TYPED_PARAM_STRING, + VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET, + VIR_TYPED_PARAM_STRING, + VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_SET_A= DDRESS, + VIR_TYPED_PARAM_ULLONG, + NULL) < 0) + return -1; + + if (!(vm =3D qemuDomainObjFromDomain(domain))) + goto cleanup; + + if (virDomainSetLaunchSecurityStateEnsureACL(domain->conn, vm->def) < = 0) + goto cleanup; + + /* Currently only SEV is supported */ + if (!vm->def->sec || + vm->def->sec->sectype !=3D VIR_DOMAIN_LAUNCH_SECURITY_SEV) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("setting a launch secret is only supported in SEV= -enabled domains")); + goto cleanup; + } + + if (!(qemucaps =3D virQEMUCapsCacheLookupDefault(driver->qemuCapsCache, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL))) + goto cleanup; + + if (!virQEMUCapsGet(qemucaps, QEMU_CAPS_SEV_INJECT_LAUNCH_SECRET)) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("QEMU does not support setting a launch secret")); + goto cleanup; + } + + for (i =3D 0; i < nparams; i++) { + virTypedParameterPtr param =3D ¶ms[i]; + + if (STREQ(param->field, VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_HEAD= ER)) { + secrethdr =3D g_strdup(param->value.s); + } else if (STREQ(param->field, VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECR= ET)) { + secret =3D g_strdup(param->value.s); + } else if (STREQ(param->field, VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECR= ET_SET_ADDRESS)) { + setaddr =3D param->value.ul; + hasSetaddr =3D true; + } + } + + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) + goto cleanup; + + if (virDomainObjCheckActive(vm) < 0) + goto endjob; + + state =3D virDomainObjGetState(vm, NULL); + if (state !=3D VIR_DOMAIN_PAUSED) { + virReportError(VIR_ERR_OPERATION_INVALID, + "%s", _("domain must be in a paused state")); + goto endjob; + } + + qemuDomainObjEnterMonitor(driver, vm); + rc =3D qemuMonitorSetLaunchSecurityState(QEMU_DOMAIN_PRIVATE(vm)->mon, + secrethdr, secret, setaddr, has= Setaddr); + qemuDomainObjExitMonitor(driver, vm); + if (rc < 0) + goto endjob; + + ret =3D 0; + + endjob: + qemuDomainObjEndJob(driver, vm); + + cleanup: + virDomainObjEndAPI(&vm); + return ret; +} + + static const unsigned int qemuDomainGetGuestInfoSupportedTypes =3D VIR_DOMAIN_GUEST_INFO_USERS | VIR_DOMAIN_GUEST_INFO_OS | @@ -20956,6 +21055,7 @@ static virHypervisorDriver qemuHypervisorDriver =3D= { .domainAuthorizedSSHKeysSet =3D qemuDomainAuthorizedSSHKeysSet, /* 6.1= 0.0 */ .domainGetMessages =3D qemuDomainGetMessages, /* 7.1.0 */ .domainStartDirtyRateCalc =3D qemuDomainStartDirtyRateCalc, /* 7.2.0 */ + .domainSetLaunchSecurityState =3D qemuDomainSetLaunchSecurityState, /*= 8.0.0 */ }; =20 =20 diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index dda6ae9796..5272d49c2e 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -4379,6 +4379,20 @@ qemuMonitorGetSEVInfo(qemuMonitor *mon, } =20 =20 +int +qemuMonitorSetLaunchSecurityState(qemuMonitor *mon, + const char *secrethdr, + const char *secret, + unsigned long long setaddr, + bool hasSetaddr) +{ + QEMU_CHECK_MONITOR(mon); + + return qemuMonitorJSONSetLaunchSecurityState(mon, secrethdr, secret, + setaddr, hasSetaddr); +} + + int qemuMonitorGetPRManagerInfo(qemuMonitor *mon, GHashTable **retinfo) diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index 29746f0b8e..87826e6268 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -1454,6 +1454,13 @@ qemuMonitorGetSEVInfo(qemuMonitor *mon, ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5); =20 +int +qemuMonitorSetLaunchSecurityState(qemuMonitor *mon, + const char *secrethdr, + const char *secret, + unsigned long long setaddr, + bool hasSetaddr); + typedef struct _qemuMonitorPRManagerInfo qemuMonitorPRManagerInfo; struct _qemuMonitorPRManagerInfo { bool connected; diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index a3d6eca569..37ee859a33 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -8262,6 +8262,51 @@ qemuMonitorJSONGetSEVInfo(qemuMonitor *mon, } =20 =20 +/** + * Set a launch secret in guest memory + * + * Example JSON: + * + * { "execute" : "sev-inject-launch-secret", + * "data": { "packet-header": "str", "secret": "str", "gpa": "uint64" } } + * + * The guest physical address (gpa) parameter is optional + */ +int +qemuMonitorJSONSetLaunchSecurityState(qemuMonitor *mon, + const char *secrethdr, + const char *secret, + unsigned long long setaddr, + bool hasSetaddr) +{ + g_autoptr(virJSONValue) cmd =3D NULL; + g_autoptr(virJSONValue) reply =3D NULL; + + if (hasSetaddr) { + cmd =3D qemuMonitorJSONMakeCommand("sev-inject-launch-secret", + "s:packet-header", secrethdr, + "s:secret", secret, + "U:gpa", setaddr, + NULL); + } else { + cmd =3D qemuMonitorJSONMakeCommand("sev-inject-launch-secret", + "s:packet-header", secrethdr, + "s:secret", secret, + NULL); + } + if (cmd =3D=3D NULL) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + return -1; + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + return -1; + + return 0; +} + + /* * Example return data * diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index e88dfc9d50..64d9ebdaa3 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -476,6 +476,12 @@ qemuMonitorJSONGetVersion(qemuMonitor *mon, char **package) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) ATTRIBUTE_NONNULL(4); =20 +int qemuMonitorJSONSetLaunchSecurityState(qemuMonitor *mon, + const char *secrethdr, + const char *secret, + unsigned long long setaddr, + bool hasSetaddr); + int qemuMonitorJSONGetMachines(qemuMonitor *mon, qemuMonitorMachineInfo ***machines) diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c index 1b0bd0870d..48e2a457ab 100644 --- a/tests/qemumonitorjsontest.c +++ b/tests/qemumonitorjsontest.c @@ -1196,6 +1196,8 @@ GEN_TEST_FUNC(qemuMonitorJSONSetAction, QEMU_MONITOR_ACTION_REBOOT_RESET, QEMU_MONITOR_ACTION_WATCHDOG_SHUTDOWN, QEMU_MONITOR_ACTION_PANIC_SHUTDOWN) +GEN_TEST_FUNC(qemuMonitorJSONSetLaunchSecurityState, "sev_secret_header", + "sev_secret", 0, true) =20 static int testQemuMonitorJSONqemuMonitorJSONNBDServerStart(const void *opaque) @@ -3067,6 +3069,7 @@ mymain(void) DO_TEST_GEN(qemuMonitorJSONJobComplete); DO_TEST_GEN(qemuMonitorJSONBlockJobCancel); DO_TEST_GEN(qemuMonitorJSONSetAction); + DO_TEST_GEN(qemuMonitorJSONSetLaunchSecurityState); DO_TEST(qemuMonitorJSONGetBalloonInfo); DO_TEST(qemuMonitorJSONGetBlockInfo); DO_TEST(qemuMonitorJSONGetAllBlockStatsInfo); --=20 2.34.1