From 3fc65ae9e2a7b19fcd3366867d14e56dd591e4a8 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 14 Dec 2021 20:15:40 -0700
Subject: [PATCH] tools: Add domsetlaunchsecstate virsh command
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

After attesting a domain with the help of domlaunchsecinfo,
domsetlaunchsecstate can be used to set a secret in the guest
domain's memory prior to running the vcpus.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
 docs/manpages/virsh.rst |  25 ++++++++++
 tools/virsh-domain.c    | 107 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 132 insertions(+)

diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 9decdee925..dd534c10cb 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -2088,6 +2088,31 @@ launch security protection is active. If none is active, no parameters
 will be reported.
 
 
+domsetlaunchsecstate
+--------------------
+
+**Syntax:**
+
+::
+
+   domsetlaunchsecstate domain --secrethdr hdr-filename
+       --secret secret-filename [--set-address address]
+
+Set a launch security secret in the guest's memory. The guest must have a
+launchSecurity type enabled in its configuration and be in a paused state.
+On success, the guest can be transitioned to a running state. On failure,
+the guest should be destroyed.
+
+*--secrethdr* specifies a filename containing the base64-encoded secret header.
+The header includes artifacts needed by the hypervisor firmware to recover the
+plain text of the launch secret. *--secret* specifies the filename containing
+the base64-encoded encrypted launch secret.
+
+The *--set-address* option can be used to specify a physical address within
+the guest's memory to set the secret. If not specified, the address will be
+determined by the hypervisor.
+
+
 dommemstat
 ----------
 
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index f086c2dd4b..b56f6a90f5 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -9571,6 +9571,107 @@ cmdDomLaunchSecInfo(vshControl * ctl, const vshCmd * cmd)
     return ret;
 }
 
+/*
+ * "domsetlaunchsecstate" command
+ */
+static const vshCmdInfo info_domsetlaunchsecstate[] = {
+    {.name = "help",
+     .data = N_("Set domain launch security state")
+    },
+    {.name = "desc",
+     .data = N_("Set a secret in the guest domain's memory")
+    },
+    {.name = NULL}
+};
+
+static const vshCmdOptDef opts_domsetlaunchsecstate[] = {
+    VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+    {.name = "secrethdr",
+     .type = VSH_OT_STRING,
+     .flags = VSH_OFLAG_REQ_OPT,
+     .help = N_("path to file containing the secret header"),
+    },
+    {.name = "secret",
+     .type = VSH_OT_STRING,
+     .flags = VSH_OFLAG_REQ_OPT,
+     .help = N_("path to file containing the secret"),
+    },
+    {.name = "set-address",
+     .type = VSH_OT_INT,
+     .help = N_("physical address within the guest domain's memory to set the secret"),
+    },
+    {.name = NULL}
+};
+
+static bool
+cmdDomSetLaunchSecState(vshControl * ctl, const vshCmd * cmd)
+{
+    g_autoptr(virshDomain) dom = NULL;
+    const char *sechdrfile = NULL;
+    const char *secfile = NULL;
+    g_autofree char *sechdr = NULL;
+    g_autofree char *sec = NULL;
+    unsigned long long setaddr;
+    virTypedParameterPtr params = NULL;
+    int nparams = 0;
+    int maxparams = 0;
+    int rv;
+    bool ret = false;
+
+    if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
+        return false;
+
+    if (vshCommandOptStringReq(ctl, cmd, "secrethdr", &sechdrfile) < 0)
+        return false;
+
+    if (vshCommandOptStringReq(ctl, cmd, "secret", &secfile) < 0)
+        return false;
+
+    if (sechdrfile == NULL || secfile == NULL)
+        return false;
+
+    if (virFileReadAll(sechdrfile, 1024*64, &sechdr) < 0) {
+        vshSaveLibvirtError();
+        return false;
+    }
+
+    if (virFileReadAll(secfile, 1024*64, &sec) < 0) {
+        vshSaveLibvirtError();
+        return false;
+    }
+
+    if (virTypedParamsAddString(&params, &nparams, &maxparams,
+                                VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_HEADER,
+                                sechdr) < 0)
+        return false;
+
+    if (virTypedParamsAddString(&params, &nparams, &maxparams,
+                                VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET,
+                                sec) < 0)
+        return false;
+
+
+    if ((rv = vshCommandOptULongLong(ctl, cmd, "set-address", &setaddr)) < 0) {
+        return false;
+    } else if (rv > 0) {
+        if (virTypedParamsAddULLong(&params, &nparams, &maxparams,
+                                    VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_SET_ADDRESS,
+                                    setaddr) < 0)
+            return false;
+    }
+
+    if (virDomainSetLaunchSecurityState(dom, params, nparams, 0) != 0) {
+        vshError(ctl, "%s", _("Unable to set launch security state"));
+        goto cleanup;
+    }
+
+    ret = true;
+
+ cleanup:
+    virTypedParamsFree(params, nparams);
+    return ret;
+}
+
 /*
  * "qemu-monitor-command" command
  */
@@ -14596,6 +14697,12 @@ const vshCmdDef domManagementCmds[] = {
      .info = info_domlaunchsecinfo,
      .flags = 0
     },
+    {.name = "domsetlaunchsecstate",
+     .handler = cmdDomSetLaunchSecState,
+     .opts = opts_domsetlaunchsecstate,
+     .info = info_domsetlaunchsecstate,
+     .flags = 0
+    },
     {.name = "domname",
      .handler = cmdDomname,
      .opts = opts_domname,