mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-05 22:05:47 +00:00
libvirt: Introduce virNodeGetSEVInfo public API
The API can be used by application to retrieve the Platform Diffie-Hellman Key and Platform Certificate chain. Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
This commit is contained in:
parent
5dca09c170
commit
45422935c3
@ -432,6 +432,48 @@ typedef virNodeCPUStats *virNodeCPUStatsPtr;
|
|||||||
|
|
||||||
typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
|
typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* SEV Parameters
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* VIR_NODE_SEV_PDH:
|
||||||
|
*
|
||||||
|
* Macro represents the Platform Diffie-Hellman key, as VIR_TYPED_PARAMS_STRING.
|
||||||
|
*/
|
||||||
|
# define VIR_NODE_SEV_PDH "pdh"
|
||||||
|
|
||||||
|
/**
|
||||||
|
* VIR_NODE_SEV_CERT_CHAIN:
|
||||||
|
*
|
||||||
|
* Macro represents the platform certificate chain that includes the platform
|
||||||
|
* endorsement key (PEK), owner certificate authority (OCD) and chip
|
||||||
|
* endorsement key (CEK), as VIR_TYPED_PARAMS_STRING.
|
||||||
|
*/
|
||||||
|
# define VIR_NODE_SEV_CERT_CHAIN "cert-chain"
|
||||||
|
|
||||||
|
/**
|
||||||
|
* VIR_NODE_SEV_CBITPOS:
|
||||||
|
*
|
||||||
|
* Macro represents the CBit Position used by hypervisor when SEV is enabled.
|
||||||
|
*/
|
||||||
|
# define VIR_NODE_SEV_CBITPOS "cbitpos"
|
||||||
|
|
||||||
|
/**
|
||||||
|
* VIR_NODE_SEV_REDUCED_PHYS_BITS:
|
||||||
|
*
|
||||||
|
* Macro represents the number of bits we lose in physical address space
|
||||||
|
* when SEV is enabled in the guest.
|
||||||
|
*/
|
||||||
|
# define VIR_NODE_SEV_REDUCED_PHYS_BITS "reduced-phys-bits"
|
||||||
|
|
||||||
|
int virNodeGetSEVInfo (virConnectPtr conn,
|
||||||
|
virTypedParameterPtr *params,
|
||||||
|
int *nparams,
|
||||||
|
unsigned int flags);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* virConnectFlags
|
* virConnectFlags
|
||||||
*
|
*
|
||||||
|
@ -1309,6 +1309,11 @@ typedef int
|
|||||||
unsigned int action,
|
unsigned int action,
|
||||||
unsigned int flags);
|
unsigned int flags);
|
||||||
|
|
||||||
|
typedef int
|
||||||
|
(*virDrvNodeGetSEVInfo)(virConnectPtr conn,
|
||||||
|
virTypedParameterPtr *params,
|
||||||
|
int *nparams,
|
||||||
|
unsigned int flags);
|
||||||
|
|
||||||
typedef struct _virHypervisorDriver virHypervisorDriver;
|
typedef struct _virHypervisorDriver virHypervisorDriver;
|
||||||
typedef virHypervisorDriver *virHypervisorDriverPtr;
|
typedef virHypervisorDriver *virHypervisorDriverPtr;
|
||||||
@ -1558,6 +1563,7 @@ struct _virHypervisorDriver {
|
|||||||
virDrvDomainSetLifecycleAction domainSetLifecycleAction;
|
virDrvDomainSetLifecycleAction domainSetLifecycleAction;
|
||||||
virDrvConnectCompareHypervisorCPU connectCompareHypervisorCPU;
|
virDrvConnectCompareHypervisorCPU connectCompareHypervisorCPU;
|
||||||
virDrvConnectBaselineHypervisorCPU connectBaselineHypervisorCPU;
|
virDrvConnectBaselineHypervisorCPU connectBaselineHypervisorCPU;
|
||||||
|
virDrvNodeGetSEVInfo nodeGetSEVInfo;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -1639,3 +1639,52 @@ virNodeAllocPages(virConnectPtr conn,
|
|||||||
virDispatchError(conn);
|
virDispatchError(conn);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* virNodeGetSEVInfo:
|
||||||
|
* @conn: pointer to the hypervisor connection
|
||||||
|
* @params: where to store SEV information
|
||||||
|
* @nparams: pointer to number of SEV parameters returned in @params
|
||||||
|
* @flags: extra flags; not used yet, so callers should always pass 0
|
||||||
|
*
|
||||||
|
* If hypervisor supports AMD's SEV feature, then @params will contain various
|
||||||
|
* platform specific information like PDH and certificate chain. Caller is
|
||||||
|
* responsible for freeing @params.
|
||||||
|
*
|
||||||
|
* Returns 0 in case of success, and -1 in case of failure.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
virNodeGetSEVInfo(virConnectPtr conn,
|
||||||
|
virTypedParameterPtr *params,
|
||||||
|
int *nparams,
|
||||||
|
unsigned int flags)
|
||||||
|
{
|
||||||
|
VIR_DEBUG("conn=%p, params=%p, nparams=%p, flags=0x%x",
|
||||||
|
conn, params, nparams, flags);
|
||||||
|
|
||||||
|
virResetLastError();
|
||||||
|
|
||||||
|
virCheckConnectReturn(conn, -1);
|
||||||
|
virCheckNonNullArgGoto(nparams, error);
|
||||||
|
virCheckNonNegativeArgGoto(*nparams, error);
|
||||||
|
virCheckReadOnlyGoto(conn->flags, error);
|
||||||
|
|
||||||
|
if (VIR_DRV_SUPPORTS_FEATURE(conn->driver, conn,
|
||||||
|
VIR_DRV_FEATURE_TYPED_PARAM_STRING))
|
||||||
|
flags |= VIR_TYPED_PARAM_STRING_OKAY;
|
||||||
|
|
||||||
|
if (conn->driver->nodeGetSEVInfo) {
|
||||||
|
int ret;
|
||||||
|
ret = conn->driver->nodeGetSEVInfo(conn, params, nparams, flags);
|
||||||
|
if (ret < 0)
|
||||||
|
goto error;
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
virReportUnsupportedError();
|
||||||
|
|
||||||
|
error:
|
||||||
|
virDispatchError(conn);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
@ -796,6 +796,7 @@ LIBVIRT_4.5.0 {
|
|||||||
global:
|
global:
|
||||||
virGetLastErrorCode;
|
virGetLastErrorCode;
|
||||||
virGetLastErrorDomain;
|
virGetLastErrorDomain;
|
||||||
|
virNodeGetSEVInfo;
|
||||||
} LIBVIRT_4.4.0;
|
} LIBVIRT_4.4.0;
|
||||||
|
|
||||||
# .... define new API here using predicted next version number ....
|
# .... define new API here using predicted next version number ....
|
||||||
|
Loading…
Reference in New Issue
Block a user