[RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

Tyler Fanelli tfanelli at redhat.com
Mon Apr 4 14:58:48 UTC 2022 

Just a quick ping so this patchset doesn't get lost in the list -- may I 
receive a review on this?


On 3/23/22 3:36 PM, Tyler Fanelli wrote:

> This an RFC discussing a new API, virDomainGetSevAttestationReport (along with a
> virsh command "domgetsevreport"), with initial QEMU support via the
> "query-sev-attestation-report" QAPI mechanism. "query-sev-attestation-report" is
> supplied a base64-encoded 16 byte "mnonce" string as input, with a purpose of
> being embedded into the attestation report to provide protection.
>
> My main point of concern is the design/communication of the virTypedParameterPtr
> exchanged between the client and libvirtd and how they interact together, as I
> have seen no other API follow the method I used. Namely, the same
> virTypedParameterPtr is used for both input _AND_ output. The same
> virTypedParameterPtr containing the original mnonce string inputted to the API is
> also used to contain the attestation report upon being returned from the API.
>
> This contrasts with much of the APIs I've noticed, which use a
> virTypedParameterPtr for either input or output, but not both.
>
> This patch is not final, as I still would like some human-readable outputting
> and storage of the attestation report.
>
> Looking for thoughts on the design of this API, as well as suggested
> improvements.
>
>
> Tyler Fanelli (5):
>    libvirt: Introduce virDomainGetSevAttestationReport public API
>    remote: add RPC support for the virDomainGetSevAttestationReport API
>    qemu_capabilities: Introduce QEMU_CAPS_SEV_GET_ATTESTATION_REPORT
>    qemu: Implement the virDomainGetSevAttestationReport API
>    tools: add domgetsevreport virsh command
>
>   docs/manpages/virsh.rst                       | 18 ++++
>   include/libvirt/libvirt-domain.h              | 22 +++++
>   src/driver-hypervisor.h                       |  7 ++
>   src/libvirt-domain.c                          | 63 ++++++++++++++
>   src/libvirt_public.syms                       |  4 +
>   src/qemu/qemu_capabilities.c                  |  2 +
>   src/qemu/qemu_capabilities.h                  |  1 +
>   src/qemu/qemu_driver.c                        | 86 +++++++++++++++++++
>   src/qemu/qemu_monitor.c                       | 11 +++
>   src/qemu/qemu_monitor.h                       |  5 ++
>   src/qemu/qemu_monitor_json.c                  | 40 +++++++++
>   src/qemu/qemu_monitor_json.h                  |  5 ++
>   src/remote/remote_daemon_dispatch.c           | 44 ++++++++++
>   src/remote/remote_driver.c                    | 55 ++++++++++++
>   src/remote/remote_protocol.x                  | 21 ++++-
>   src/remote_protocol-structs                   | 12 +++
>   .../caps_6.1.0.x86_64.xml                     |  1 +
>   .../caps_6.2.0.x86_64.xml                     |  1 +
>   .../caps_7.0.0.x86_64.xml                     |  1 +
>   tools/virsh-domain.c                          | 68 +++++++++++++++
>   20 files changed, 466 insertions(+), 1 deletion(-)
>

-- 
Tyler Fanelli (tfanelli)

More information about the libvir-list mailing list