tools: add 'domlaunchsecinfo' virsh command

This command reports the launch security parameters for a guest, allowing an external tool to perform a launch attestation. Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2024-12-22 05:35:25 +00:00 · 2021-12-08 07:53:00 -05:00 · 2021-12-08 07:53:00 -05:00 · ac79e9ff5c
commit ac79e9ff5c
parent 8c071180cf
2 changed files with 70 additions and 0 deletions
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@ -2057,6 +2057,23 @@ destination hosts have synchronized time (i.e., NTP daemon is running
 on both of them).


+domlaunchsecinfo
+----------------
+
+**Syntax:**
+
+::
+
+   domlaunchsecinfo domain
+
+Returns information about the launch security parameters associated
+with a running domain.
+
+The set of parameters reported will vary depending on which type of
+launch security protection is active. If none is active, no parameters
+will be reported.
+
+
 dommemstat
 ----------

--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@ -9523,6 +9523,53 @@ cmdNumatune(vshControl * ctl, const vshCmd * cmd)
    goto cleanup;
 }

+/*
+ * "domlaunchsecinfo" command
+ */
+static const vshCmdInfo info_domlaunchsecinfo[] = {
+    {.name = "help",
+     .data = N_("Get domain launch security info")
+    },
+    {.name = "desc",
+     .data = N_("Get the launch security parameters for a guest domain")
+    },
+    {.name = NULL}
+};
+
+static const vshCmdOptDef opts_domlaunchsecinfo[] = {
+    VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+    {.name = NULL}
+};
+
+static bool
+cmdDomLaunchSecInfo(vshControl * ctl, const vshCmd * cmd)
+{
+    g_autoptr(virshDomain) dom = NULL;
+    size_t i;
+    int nparams = 0;
+    virTypedParameterPtr params = NULL;
+    bool ret = false;
+
+    if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
+        return false;
+
+    if (virDomainGetLaunchSecurityInfo(dom, &params, &nparams, 0) != 0) {
+        vshError(ctl, "%s", _("Unable to get launch security parameters"));
+        goto cleanup;
+    }
+
+    for (i = 0; i < nparams; i++) {
+        g_autofree char *str = vshGetTypedParamValue(ctl, &params[i]);
+        vshPrint(ctl, "%-15s: %s\n", params[i].field, str);
+    }
+
+    ret = true;
+
+ cleanup:
+    virTypedParamsFree(params, nparams);
+    return ret;
+}
+
 /*
 * "qemu-monitor-command" command
 */
@ -14542,6 +14589,12 @@ const vshCmdDef domManagementCmds[] = {
     .info = info_domjobinfo,
     .flags = 0
    },
+    {.name = "domlaunchsecinfo",
+     .handler = cmdDomLaunchSecInfo,
+     .opts = opts_domlaunchsecinfo,
+     .info = info_domlaunchsecinfo,
+     .flags = 0
+    },
    {.name = "domname",
     .handler = cmdDomname,
     .opts = opts_domname,