[RFC] Allowing SEV attestation
Daniel P. Berrangé
berrange at redhat.com
Wed Oct 27 16:11:54 UTC 2021
On Tue, Oct 26, 2021 at 05:29:00PM -0600, Jim Fehlig wrote:
> On 5/6/21 04:22, Michal Prívozník wrote:
> > Dear list,
>
> Hi Michal,
>
> This thread has been quiet for a long time, but I wanted to check if any
> work has been done to provide an sev-inject-launch-secret equivalent for
> libvirt. AFAICT, there was agreement this missing piece is needed to solve
> the attestation puzzle. Did you make any progress? If so, I can help with
> testing and review. If not, I can take a stab at it.
I've not started any work, but was thinking about it a little, but
not much further than considering that we should have an API that
looks like
int virDomainSetLaunchSecurityInfo(virDomainPtr domain,
virTypedParameterPtr *params,
int *nparams,
unsigned int flags);
though this is little unusual because in other APIs where we have
Set and Get functions for virTypedParameterPtr, we allow the
same set of typed parameter keys for the Set/Get. In this case
we would have different parameters for the Set/Get scenarios
So I was thinking perhaps we should just a different name for
the setter but then failed to come up with a nice alternative.
Naming is always the hardest problem :-) The implemntation of
any API would be quite straighforward.
Anyway if you have cycles to work on it great, but I can work on
it sometime reasonably soon too if you don't. My main constraint
is getting acess to hardware to test with...
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list