[RFC PATCH 1/3] libvirt: Introduce virDomainInjectLaunchSecret public API

Jim Fehlig jfehlig at suse.com
Tue Nov 23 18:02:48 UTC 2021 

On 11/23/21 10:28, Daniel P. Berrangé wrote:
> On Tue, Nov 16, 2021 at 07:23:52PM -0700, Jim Fehlig wrote:
>> An API inject a launch secret into the domain's memory.
>>
>> Signed-off-by: Jim Fehlig <jfehlig at suse.com>
>> ---
>>   include/libvirt/libvirt-domain.h |  6 ++++
>>   src/driver-hypervisor.h          |  8 +++++
>>   src/libvirt-domain.c             | 50 ++++++++++++++++++++++++++++++++
>>   src/libvirt_public.syms          |  5 ++++
>>   4 files changed, 69 insertions(+)
>>
>> diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
>> index 2f017c5b68..418ee4bd2d 100644
>> --- a/include/libvirt/libvirt-domain.h
>> +++ b/include/libvirt/libvirt-domain.h
>> @@ -5091,6 +5091,12 @@ int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
>>                                      int *nparams,
>>                                      unsigned int flags);
>>   
>> +int virDomainInjectLaunchSecret(virDomainPtr domain,
>> +                                const char *secrethdr,
>> +                                const char *secret,
>> +                                unsigned long long injectaddr,
>> +                                unsigned int flags);
> 
> I thought of a better name at last, that shows its relation
> to virDomainGetLaunchSecurityInfo without implying that they
> are the direct inverse of each other:
> 
>    virDomainSetLaunchSecurityState(...)

I need to get over my distaste for 'launch' in the API name. 
virDomainGetLaunchSecurityInfo already exists, so no changing that. And not 
including 'launch' in the Set API would be a source of confusion. If we were 
creating the names anew, I'd prefer something like virDomain{Get,Set}PrestartSecret.

> Also, we whould bear in mind that the set of state parameters
> may be differnt for vendors other than AMD, and even later
> generations of AMD SEV might want more parameters.

Nod.

> So lets use a 'virTypedParameter' array for this methodeg

Right. I mentioned that in the cover letter. While hacking on patch3 I realized 
explicit params was a no-go :-).

>    virDomainSetLaunchSecurityState(virDomainPtr dom,
>                                    virTypedParameterPtr params,
>                                    int nparams,
>                                    unsigned int flags);

Thanks! I'll include this in a V1.

Regards,
Jim

More information about the libvir-list mailing list