mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-05 22:05:47 +00:00
qemu: report new launch security parameters
Report extra info about the SEV setup, returning those fields that are required to calculate the expected launch measurement HMAC(0x04 || API_MAJOR || API_MINOR || BUILD || GCTX.POLICY || GCTX.LD || MNONCE; GCTX.TIK) specified in section 6.5.1 of AMD Secure Encrypted Virtualization API. Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
cc9679ef14
commit
8c071180cf
@ -19960,14 +19960,19 @@ qemuNodeGetSEVInfo(virConnectPtr conn,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuDomainGetSEVMeasurement(virQEMUDriver *driver,
|
qemuDomainGetSEVInfo(virQEMUDriver *driver,
|
||||||
virDomainObj *vm,
|
virDomainObj *vm,
|
||||||
virTypedParameterPtr *params,
|
virTypedParameterPtr *params,
|
||||||
int *nparams,
|
int *nparams,
|
||||||
unsigned int flags)
|
unsigned int flags)
|
||||||
{
|
{
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
int rv;
|
||||||
g_autofree char *tmp = NULL;
|
g_autofree char *tmp = NULL;
|
||||||
|
unsigned int apiMajor = 0;
|
||||||
|
unsigned int apiMinor = 0;
|
||||||
|
unsigned int buildID = 0;
|
||||||
|
unsigned int policy = 0;
|
||||||
int maxpar = 0;
|
int maxpar = 0;
|
||||||
|
|
||||||
virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1);
|
virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1);
|
||||||
@ -19984,15 +19989,39 @@ qemuDomainGetSEVMeasurement(virQEMUDriver *driver,
|
|||||||
qemuDomainObjEnterMonitor(driver, vm);
|
qemuDomainObjEnterMonitor(driver, vm);
|
||||||
tmp = qemuMonitorGetSEVMeasurement(QEMU_DOMAIN_PRIVATE(vm)->mon);
|
tmp = qemuMonitorGetSEVMeasurement(QEMU_DOMAIN_PRIVATE(vm)->mon);
|
||||||
|
|
||||||
|
|
||||||
|
if (!tmp) {
|
||||||
|
qemuDomainObjExitMonitor(driver, vm);
|
||||||
|
goto endjob;
|
||||||
|
}
|
||||||
|
|
||||||
|
rv = qemuMonitorGetSEVInfo(QEMU_DOMAIN_PRIVATE(vm)->mon,
|
||||||
|
&apiMajor, &apiMinor, &buildID, &policy);
|
||||||
qemuDomainObjExitMonitor(driver, vm);
|
qemuDomainObjExitMonitor(driver, vm);
|
||||||
|
|
||||||
if (!tmp)
|
if (rv < 0)
|
||||||
goto endjob;
|
goto endjob;
|
||||||
|
|
||||||
if (virTypedParamsAddString(params, nparams, &maxpar,
|
if (virTypedParamsAddString(params, nparams, &maxpar,
|
||||||
VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT,
|
VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT,
|
||||||
tmp) < 0)
|
tmp) < 0)
|
||||||
goto endjob;
|
goto endjob;
|
||||||
|
if (virTypedParamsAddUInt(params, nparams, &maxpar,
|
||||||
|
VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MAJOR,
|
||||||
|
apiMajor) < 0)
|
||||||
|
goto endjob;
|
||||||
|
if (virTypedParamsAddUInt(params, nparams, &maxpar,
|
||||||
|
VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MINOR,
|
||||||
|
apiMinor) < 0)
|
||||||
|
goto endjob;
|
||||||
|
if (virTypedParamsAddUInt(params, nparams, &maxpar,
|
||||||
|
VIR_DOMAIN_LAUNCH_SECURITY_SEV_BUILD_ID,
|
||||||
|
buildID) < 0)
|
||||||
|
goto endjob;
|
||||||
|
if (virTypedParamsAddUInt(params, nparams, &maxpar,
|
||||||
|
VIR_DOMAIN_LAUNCH_SECURITY_SEV_POLICY,
|
||||||
|
policy) < 0)
|
||||||
|
goto endjob;
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
@ -20020,7 +20049,7 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr domain,
|
|||||||
|
|
||||||
if (vm->def->sec &&
|
if (vm->def->sec &&
|
||||||
vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_SEV) {
|
vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_SEV) {
|
||||||
if (qemuDomainGetSEVMeasurement(driver, vm, params, nparams, flags) < 0)
|
if (qemuDomainGetSEVInfo(driver, vm, params, nparams, flags) < 0)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user