[RFC] Allowing SEV attestation
Jim Fehlig
jfehlig at suse.com
Fri Oct 29 02:19:35 UTC 2021
On 10/27/21 10:11, Daniel P. Berrangé wrote:
> On Tue, Oct 26, 2021 at 05:29:00PM -0600, Jim Fehlig wrote:
>> On 5/6/21 04:22, Michal Prívozník wrote:
>>> Dear list,
>>
>> Hi Michal,
>>
>> This thread has been quiet for a long time, but I wanted to check if any
>> work has been done to provide an sev-inject-launch-secret equivalent for
>> libvirt. AFAICT, there was agreement this missing piece is needed to solve
>> the attestation puzzle. Did you make any progress? If so, I can help with
>> testing and review. If not, I can take a stab at it.
>
> I've not started any work, but was thinking about it a little, but
> not much further than considering that we should have an API that
> looks like
>
> int virDomainSetLaunchSecurityInfo(virDomainPtr domain,
> virTypedParameterPtr *params,
> int *nparams,
> unsigned int flags);
>
> though this is little unusual because in other APIs where we have
> Set and Get functions for virTypedParameterPtr, we allow the
> same set of typed parameter keys for the Set/Get. In this case
> we would have different parameters for the Set/Get scenarios
>
> So I was thinking perhaps we should just a different name for
> the setter but then failed to come up with a nice alternative.
>
> Naming is always the hardest problem :-) The implemntation of
> any API would be quite straighforward.
Naming can be hard, sometimes more so than the coding :-). To provide some
asymmetry, how about virDomainInjectLaunchSecurityInfo?
> Anyway if you have cycles to work on it great, but I can work on
> it sometime reasonably soon too if you don't. My main constraint
> is getting acess to hardware to test with...
I'll be on vacation until Nov 9 and can work on it when returning. If you happen
to have time before then, I'd be happy to review and test. I do have shared
access to test hardware.
Regards,
Jim
More information about the libvir-list
mailing list