[RFC PATCH 1/3] libvirt: Introduce virDomainInjectLaunchSecret public API
Jim Fehlig
jfehlig at suse.com
Tue Nov 23 18:02:48 UTC 2021
On 11/23/21 10:28, Daniel P. Berrangé wrote:
> On Tue, Nov 16, 2021 at 07:23:52PM -0700, Jim Fehlig wrote:
>> An API inject a launch secret into the domain's memory.
>>
>> Signed-off-by: Jim Fehlig <jfehlig at suse.com>
>> ---
>> include/libvirt/libvirt-domain.h | 6 ++++
>> src/driver-hypervisor.h | 8 +++++
>> src/libvirt-domain.c | 50 ++++++++++++++++++++++++++++++++
>> src/libvirt_public.syms | 5 ++++
>> 4 files changed, 69 insertions(+)
>>
>> diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
>> index 2f017c5b68..418ee4bd2d 100644
>> --- a/include/libvirt/libvirt-domain.h
>> +++ b/include/libvirt/libvirt-domain.h
>> @@ -5091,6 +5091,12 @@ int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
>> int *nparams,
>> unsigned int flags);
>>
>> +int virDomainInjectLaunchSecret(virDomainPtr domain,
>> + const char *secrethdr,
>> + const char *secret,
>> + unsigned long long injectaddr,
>> + unsigned int flags);
>
> I thought of a better name at last, that shows its relation
> to virDomainGetLaunchSecurityInfo without implying that they
> are the direct inverse of each other:
>
> virDomainSetLaunchSecurityState(...)
I need to get over my distaste for 'launch' in the API name.
virDomainGetLaunchSecurityInfo already exists, so no changing that. And not
including 'launch' in the Set API would be a source of confusion. If we were
creating the names anew, I'd prefer something like virDomain{Get,Set}PrestartSecret.
> Also, we whould bear in mind that the set of state parameters
> may be differnt for vendors other than AMD, and even later
> generations of AMD SEV might want more parameters.
Nod.
> So lets use a 'virTypedParameter' array for this methodeg
Right. I mentioned that in the cover letter. While hacking on patch3 I realized
explicit params was a no-go :-).
> virDomainSetLaunchSecurityState(virDomainPtr dom,
> virTypedParameterPtr params,
> int nparams,
> unsigned int flags);
Thanks! I'll include this in a V1.
Regards,
Jim
More information about the libvir-list
mailing list