[RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

Tyler Fanelli tfanelli at redhat.com
Wed Mar 23 19:36:24 UTC 2022 

This an RFC discussing a new API, virDomainGetSevAttestationReport (along with a
virsh command "domgetsevreport"), with initial QEMU support via the
"query-sev-attestation-report" QAPI mechanism. "query-sev-attestation-report" is
supplied a base64-encoded 16 byte "mnonce" string as input, with a purpose of
being embedded into the attestation report to provide protection.

My main point of concern is the design/communication of the virTypedParameterPtr
exchanged between the client and libvirtd and how they interact together, as I
have seen no other API follow the method I used. Namely, the same
virTypedParameterPtr is used for both input _AND_ output. The same
virTypedParameterPtr containing the original mnonce string inputted to the API is
also used to contain the attestation report upon being returned from the API.

This contrasts with much of the APIs I've noticed, which use a
virTypedParameterPtr for either input or output, but not both.

This patch is not final, as I still would like some human-readable outputting
and storage of the attestation report.

Looking for thoughts on the design of this API, as well as suggested
improvements.


Tyler Fanelli (5):
  libvirt: Introduce virDomainGetSevAttestationReport public API
  remote: add RPC support for the virDomainGetSevAttestationReport API
  qemu_capabilities: Introduce QEMU_CAPS_SEV_GET_ATTESTATION_REPORT
  qemu: Implement the virDomainGetSevAttestationReport API
  tools: add domgetsevreport virsh command

 docs/manpages/virsh.rst                       | 18 ++++
 include/libvirt/libvirt-domain.h              | 22 +++++
 src/driver-hypervisor.h                       |  7 ++
 src/libvirt-domain.c                          | 63 ++++++++++++++
 src/libvirt_public.syms                       |  4 +
 src/qemu/qemu_capabilities.c                  |  2 +
 src/qemu/qemu_capabilities.h                  |  1 +
 src/qemu/qemu_driver.c                        | 86 +++++++++++++++++++
 src/qemu/qemu_monitor.c                       | 11 +++
 src/qemu/qemu_monitor.h                       |  5 ++
 src/qemu/qemu_monitor_json.c                  | 40 +++++++++
 src/qemu/qemu_monitor_json.h                  |  5 ++
 src/remote/remote_daemon_dispatch.c           | 44 ++++++++++
 src/remote/remote_driver.c                    | 55 ++++++++++++
 src/remote/remote_protocol.x                  | 21 ++++-
 src/remote_protocol-structs                   | 12 +++
 .../caps_6.1.0.x86_64.xml                     |  1 +
 .../caps_6.2.0.x86_64.xml                     |  1 +
 .../caps_7.0.0.x86_64.xml                     |  1 +
 tools/virsh-domain.c                          | 68 +++++++++++++++
 20 files changed, 466 insertions(+), 1 deletion(-)

-- 
2.34.1

More information about the libvir-list mailing list