[libvirt PATCH v3 04/13] qemu: report new launch security parameters
Daniel P. Berrangé
berrange at redhat.com
Fri Dec 10 16:47:04 UTC 2021
Report extra info about the SEV setup, returning those fields
that are required to calculate the expected launch measurement
HMAC(0x04 || API_MAJOR || API_MINOR || BUILD ||
GCTX.POLICY || GCTX.LD || MNONCE; GCTX.TIK)
specified in section 6.5.1 of AMD Secure Encrypted
Virtualization API.
Reviewed-by: Peter Krempa <pkrempa at redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
---
src/qemu/qemu_driver.c | 43 +++++++++++++++++++++++++++++++++++-------
1 file changed, 36 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index f28d703512..ee23e10543 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -19961,14 +19961,19 @@ qemuNodeGetSEVInfo(virConnectPtr conn,
static int
-qemuDomainGetSEVMeasurement(virQEMUDriver *driver,
- virDomainObj *vm,
- virTypedParameterPtr *params,
- int *nparams,
- unsigned int flags)
+qemuDomainGetSEVInfo(virQEMUDriver *driver,
+ virDomainObj *vm,
+ virTypedParameterPtr *params,
+ int *nparams,
+ unsigned int flags)
{
int ret = -1;
+ int rv;
g_autofree char *tmp = NULL;
+ unsigned int apiMajor = 0;
+ unsigned int apiMinor = 0;
+ unsigned int buildID = 0;
+ unsigned int policy = 0;
int maxpar = 0;
virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1);
@@ -19985,15 +19990,39 @@ qemuDomainGetSEVMeasurement(virQEMUDriver *driver,
qemuDomainObjEnterMonitor(driver, vm);
tmp = qemuMonitorGetSEVMeasurement(QEMU_DOMAIN_PRIVATE(vm)->mon);
+
+ if (!tmp) {
+ qemuDomainObjExitMonitor(driver, vm);
+ goto endjob;
+ }
+
+ rv = qemuMonitorGetSEVInfo(QEMU_DOMAIN_PRIVATE(vm)->mon,
+ &apiMajor, &apiMinor, &buildID, &policy);
qemuDomainObjExitMonitor(driver, vm);
- if (!tmp)
+ if (rv < 0)
goto endjob;
if (virTypedParamsAddString(params, nparams, &maxpar,
VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT,
tmp) < 0)
goto endjob;
+ if (virTypedParamsAddUInt(params, nparams, &maxpar,
+ VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MAJOR,
+ apiMajor) < 0)
+ goto endjob;
+ if (virTypedParamsAddUInt(params, nparams, &maxpar,
+ VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MINOR,
+ apiMinor) < 0)
+ goto endjob;
+ if (virTypedParamsAddUInt(params, nparams, &maxpar,
+ VIR_DOMAIN_LAUNCH_SECURITY_SEV_BUILD_ID,
+ buildID) < 0)
+ goto endjob;
+ if (virTypedParamsAddUInt(params, nparams, &maxpar,
+ VIR_DOMAIN_LAUNCH_SECURITY_SEV_POLICY,
+ policy) < 0)
+ goto endjob;
ret = 0;
@@ -20021,7 +20050,7 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr domain,
if (vm->def->sec &&
vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_SEV) {
- if (qemuDomainGetSEVMeasurement(driver, vm, params, nparams, flags) < 0)
+ if (qemuDomainGetSEVInfo(driver, vm, params, nparams, flags) < 0)
goto cleanup;
}
--
2.33.1
More information about the libvir-list
mailing list