External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-22 04:25:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: add monitor APIs for query-sev

Browse Source 
We're only returning the set of fields needed to perform an
attestation, per the SEV API docs.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2021-12-08 07:05:44 -05:00
parent 5842163910
commit cc9679ef14
5 changed files with 120 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/qemu/qemu_monitor.c
View File

@ -4366,6 +4366,19 @@ qemuMonitorGetSEVMeasurement(qemuMonitor *mon)
} }
int
qemuMonitorGetSEVInfo(qemuMonitor *mon,
unsigned int *apiMajor,
unsigned int *apiMinor,
unsigned int *buildID,
unsigned int *policy)
{
QEMU_CHECK_MONITOR(mon);
return qemuMonitorJSONGetSEVInfo(mon, apiMajor, apiMinor, buildID, policy);
}
int int
qemuMonitorGetPRManagerInfo(qemuMonitor *mon, qemuMonitorGetPRManagerInfo(qemuMonitor *mon,
GHashTable **retinfo) GHashTable **retinfo)

9
src/qemu/qemu_monitor.h
View File

@ -1445,6 +1445,15 @@ int qemuMonitorBlockdevMediumInsert(qemuMonitor *mon,
char * char *
qemuMonitorGetSEVMeasurement(qemuMonitor *mon); qemuMonitorGetSEVMeasurement(qemuMonitor *mon);
int
qemuMonitorGetSEVInfo(qemuMonitor *mon,
unsigned int *apiMajor,
unsigned int *apiMinor,
unsigned int *buildID,
unsigned int *policy)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
typedef struct _qemuMonitorPRManagerInfo qemuMonitorPRManagerInfo; typedef struct _qemuMonitorPRManagerInfo qemuMonitorPRManagerInfo;
struct _qemuMonitorPRManagerInfo { struct _qemuMonitorPRManagerInfo {
bool connected; bool connected;

46
src/qemu/qemu_monitor_json.c
View File

@ -8216,6 +8216,52 @@ qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon)
} }
/**
* Retrive info about the SEV setup, returning those fields that
* are required to do a launch attestation, as per
*
* HMAC(0x04 || API_MAJOR || API_MINOR || BUILD || GCTX.POLICY || GCTX.LD || MNONCE; GCTX.TIK)
*
* specified in section 6.5.1 of AMD Secure Encrypted
* Virtualization API.
*
* { "execute": "query-sev" }
* { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0,
* "build-id" : 0, "policy" : 0, "state" : "running",
* "handle" : 1 } }
*/
int
qemuMonitorJSONGetSEVInfo(qemuMonitor *mon,
unsigned int *apiMajor,
unsigned int *apiMinor,
unsigned int *buildID,
unsigned int *policy)
{
g_autoptr(virJSONValue) cmd = NULL;
g_autoptr(virJSONValue) reply = NULL;
virJSONValue *data;
if (!(cmd = qemuMonitorJSONMakeCommand("query-sev", NULL)))
return -1;
if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
return -1;
if (qemuMonitorJSONCheckReply(cmd, reply, VIR_JSON_TYPE_OBJECT) < 0)
return -1;
data = virJSONValueObjectGetObject(reply, "return");
if (virJSONValueObjectGetNumberUint(data, "api-major", apiMajor) < 0 ||
virJSONValueObjectGetNumberUint(data, "api-minor", apiMinor) < 0 ||
virJSONValueObjectGetNumberUint(data, "build-id", buildID) < 0 ||
virJSONValueObjectGetNumberUint(data, "policy", policy) < 0)
return -1;
return 0;
}
/* /*
* Example return data * Example return data
* *

9
src/qemu/qemu_monitor_json.h
View File

@ -459,6 +459,15 @@ qemuMonitorJSONSystemWakeup(qemuMonitor *mon);
char * char *
qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon); qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon);
int
qemuMonitorJSONGetSEVInfo(qemuMonitor *mon,
unsigned int *apiMajor,
unsigned int *apiMinor,
unsigned int *buildID,
unsigned int *policy)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
int int
qemuMonitorJSONGetVersion(qemuMonitor *mon, qemuMonitorJSONGetVersion(qemuMonitor *mon,
int *major, int *major,

43
tests/qemumonitorjsontest.c
View File

@ -2884,6 +2884,48 @@ testQemuMonitorJSONqemuMonitorJSONGetCPUModelBaseline(const void *opaque)
} }
static int
testQemuMonitorJSONGetSEVInfo(const void *opaque)
{
const testGenericData *data = opaque;
virDomainXMLOption *xmlopt = data->xmlopt;
g_autoptr(qemuMonitorTest) test = NULL;
unsigned int apiMajor = 0;
unsigned int apiMinor = 0;
unsigned int buildID = 0;
unsigned int policy = 0;
if (!(test = qemuMonitorTestNewSchema(xmlopt, data->schema)))
return -1;
if (qemuMonitorTestAddItem(test, "query-sev",
"{"
" \"return\": {"
" \"enabled\": false,"
" \"api-minor\": 8,"
" \"handle\": 0,"
" \"state\": \"uninit\","
" \"api-major\": 1,"
" \"build-id\": 834,"
" \"policy\": 3"
" },"
" \"id\": \"libvirt-15\""
"}") < 0)
return -1;
if (qemuMonitorGetSEVInfo(qemuMonitorTestGetMonitor(test),
&apiMajor, &apiMinor, &buildID, &policy) < 0)
return -1;
if (apiMajor != 1 || apiMinor != 8 || buildID != 834 || policy != 3) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
"Unexpected SEV info values");
return -1;
}
return 0;
}
static int static int
mymain(void) mymain(void)
{ {
@ -2979,6 +3021,7 @@ mymain(void)
DO_TEST(CPU); DO_TEST(CPU);
DO_TEST(GetNonExistingCPUData); DO_TEST(GetNonExistingCPUData);
DO_TEST(GetIOThreads); DO_TEST(GetIOThreads);
DO_TEST(GetSEVInfo);
DO_TEST(Transaction); DO_TEST(Transaction);
DO_TEST(BlockExportAdd); DO_TEST(BlockExportAdd);
DO_TEST(BlockdevReopen); DO_TEST(BlockdevReopen);