mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-03 03:25:20 +00:00
libvirt: Introduce virNodeGetSEVInfo public API
The API can be used by application to retrieve the Platform Diffie-Hellman Key and Platform Certificate chain. Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
This commit is contained in:
parent
5dca09c170
commit
45422935c3
@ -432,6 +432,48 @@ typedef virNodeCPUStats *virNodeCPUStatsPtr;
|
||||
|
||||
typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* SEV Parameters
|
||||
*/
|
||||
|
||||
/**
|
||||
* VIR_NODE_SEV_PDH:
|
||||
*
|
||||
* Macro represents the Platform Diffie-Hellman key, as VIR_TYPED_PARAMS_STRING.
|
||||
*/
|
||||
# define VIR_NODE_SEV_PDH "pdh"
|
||||
|
||||
/**
|
||||
* VIR_NODE_SEV_CERT_CHAIN:
|
||||
*
|
||||
* Macro represents the platform certificate chain that includes the platform
|
||||
* endorsement key (PEK), owner certificate authority (OCD) and chip
|
||||
* endorsement key (CEK), as VIR_TYPED_PARAMS_STRING.
|
||||
*/
|
||||
# define VIR_NODE_SEV_CERT_CHAIN "cert-chain"
|
||||
|
||||
/**
|
||||
* VIR_NODE_SEV_CBITPOS:
|
||||
*
|
||||
* Macro represents the CBit Position used by hypervisor when SEV is enabled.
|
||||
*/
|
||||
# define VIR_NODE_SEV_CBITPOS "cbitpos"
|
||||
|
||||
/**
|
||||
* VIR_NODE_SEV_REDUCED_PHYS_BITS:
|
||||
*
|
||||
* Macro represents the number of bits we lose in physical address space
|
||||
* when SEV is enabled in the guest.
|
||||
*/
|
||||
# define VIR_NODE_SEV_REDUCED_PHYS_BITS "reduced-phys-bits"
|
||||
|
||||
int virNodeGetSEVInfo (virConnectPtr conn,
|
||||
virTypedParameterPtr *params,
|
||||
int *nparams,
|
||||
unsigned int flags);
|
||||
|
||||
/**
|
||||
* virConnectFlags
|
||||
*
|
||||
|
@ -1309,6 +1309,11 @@ typedef int
|
||||
unsigned int action,
|
||||
unsigned int flags);
|
||||
|
||||
typedef int
|
||||
(*virDrvNodeGetSEVInfo)(virConnectPtr conn,
|
||||
virTypedParameterPtr *params,
|
||||
int *nparams,
|
||||
unsigned int flags);
|
||||
|
||||
typedef struct _virHypervisorDriver virHypervisorDriver;
|
||||
typedef virHypervisorDriver *virHypervisorDriverPtr;
|
||||
@ -1558,6 +1563,7 @@ struct _virHypervisorDriver {
|
||||
virDrvDomainSetLifecycleAction domainSetLifecycleAction;
|
||||
virDrvConnectCompareHypervisorCPU connectCompareHypervisorCPU;
|
||||
virDrvConnectBaselineHypervisorCPU connectBaselineHypervisorCPU;
|
||||
virDrvNodeGetSEVInfo nodeGetSEVInfo;
|
||||
};
|
||||
|
||||
|
||||
|
@ -1639,3 +1639,52 @@ virNodeAllocPages(virConnectPtr conn,
|
||||
virDispatchError(conn);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* virNodeGetSEVInfo:
|
||||
* @conn: pointer to the hypervisor connection
|
||||
* @params: where to store SEV information
|
||||
* @nparams: pointer to number of SEV parameters returned in @params
|
||||
* @flags: extra flags; not used yet, so callers should always pass 0
|
||||
*
|
||||
* If hypervisor supports AMD's SEV feature, then @params will contain various
|
||||
* platform specific information like PDH and certificate chain. Caller is
|
||||
* responsible for freeing @params.
|
||||
*
|
||||
* Returns 0 in case of success, and -1 in case of failure.
|
||||
*/
|
||||
int
|
||||
virNodeGetSEVInfo(virConnectPtr conn,
|
||||
virTypedParameterPtr *params,
|
||||
int *nparams,
|
||||
unsigned int flags)
|
||||
{
|
||||
VIR_DEBUG("conn=%p, params=%p, nparams=%p, flags=0x%x",
|
||||
conn, params, nparams, flags);
|
||||
|
||||
virResetLastError();
|
||||
|
||||
virCheckConnectReturn(conn, -1);
|
||||
virCheckNonNullArgGoto(nparams, error);
|
||||
virCheckNonNegativeArgGoto(*nparams, error);
|
||||
virCheckReadOnlyGoto(conn->flags, error);
|
||||
|
||||
if (VIR_DRV_SUPPORTS_FEATURE(conn->driver, conn,
|
||||
VIR_DRV_FEATURE_TYPED_PARAM_STRING))
|
||||
flags |= VIR_TYPED_PARAM_STRING_OKAY;
|
||||
|
||||
if (conn->driver->nodeGetSEVInfo) {
|
||||
int ret;
|
||||
ret = conn->driver->nodeGetSEVInfo(conn, params, nparams, flags);
|
||||
if (ret < 0)
|
||||
goto error;
|
||||
return ret;
|
||||
}
|
||||
|
||||
virReportUnsupportedError();
|
||||
|
||||
error:
|
||||
virDispatchError(conn);
|
||||
return -1;
|
||||
}
|
||||
|
@ -796,6 +796,7 @@ LIBVIRT_4.5.0 {
|
||||
global:
|
||||
virGetLastErrorCode;
|
||||
virGetLastErrorDomain;
|
||||
virNodeGetSEVInfo;
|
||||
} LIBVIRT_4.4.0;
|
||||
|
||||
# .... define new API here using predicted next version number ....
|
||||
|
Loading…
Reference in New Issue
Block a user