Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
libvirt.11701
bfaa61c8-backend-virDomainGetLaunchSecurityInfo...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bfaa61c8-backend-virDomainGetLaunchSecurityInfo.patch of Package libvirt.11701
commit bfaa61c83c3b204fe311d5f719d3afe9202990ba Author: Brijesh Singh <brijesh.singh@amd.com> Date: Fri Jun 8 09:41:01 2018 -0500 qemu: Implement the driver backend for virDomainGetLaunchSecurityInfo This patch implements the internal driver API for launch event into qemu driver. When SEV is enabled, execute 'query-sev-launch-measurement' to get the measurement of memory encrypted through launch sequence. Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Erik Skultety <eskultet@redhat.com> Index: libvirt-4.0.0/src/qemu/qemu_driver.c =================================================================== --- libvirt-4.0.0.orig/src/qemu/qemu_driver.c +++ libvirt-4.0.0/src/qemu/qemu_driver.c @@ -21200,6 +21200,74 @@ qemuNodeGetSEVInfo(virConnectPtr conn, } +static int +qemuDomainGetSEVMeasurement(virQEMUDriverPtr driver, + virDomainObjPtr vm, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags) +{ + int ret = -1; + char *tmp; + int maxpar = 0; + + virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1); + + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0) + return -1; + + if (qemuDomainObjEnterMonitorAsync(driver, vm, QEMU_ASYNC_JOB_NONE) < 0) + goto endjob; + + tmp = qemuMonitorGetSEVMeasurement(QEMU_DOMAIN_PRIVATE(vm)->mon); + if (tmp == NULL) + goto endjob; + + if (qemuDomainObjExitMonitor(driver, vm) < 0) + goto endjob; + + if (virTypedParamsAddString(params, nparams, &maxpar, + VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT, + tmp) < 0) + goto endjob; + + VIR_FREE(tmp); + ret = 0; + + endjob: + qemuDomainObjEndJob(driver, vm); + return ret; +} + + +static int +qemuDomainGetLaunchSecurityInfo(virDomainPtr domain, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags) +{ + virQEMUDriverPtr driver = domain->conn->privateData; + virDomainObjPtr vm; + int ret = -1; + + if (!(vm = qemuDomObjFromDomain(domain))) + goto cleanup; + + if (virDomainGetLaunchSecurityInfoEnsureACL(domain->conn, vm->def) < 0) + goto cleanup; + + if (vm->def->sev) { + if (qemuDomainGetSEVMeasurement(driver, vm, params, nparams, flags) < 0) + goto cleanup; + } + + ret = 0; + + cleanup: + virDomainObjEndAPI(&vm); + return ret; +} + static virHypervisorDriver qemuHypervisorDriver = { .name = QEMU_DRIVER_NAME, .connectOpen = qemuConnectOpen, /* 0.2.0 */ @@ -21420,6 +21488,7 @@ static virHypervisorDriver qemuHyperviso .domainSetBlockThreshold = qemuDomainSetBlockThreshold, /* 3.2.0 */ .domainSetLifecycleAction = qemuDomainSetLifecycleAction, /* 3.9.0 */ .nodeGetSEVInfo = qemuNodeGetSEVInfo, /* 4.0.0 */ + .domainGetLaunchSecurityInfo = qemuDomainGetLaunchSecurityInfo, /* 4.0.0 */ }; Index: libvirt-4.0.0/src/qemu/qemu_monitor.c =================================================================== --- libvirt-4.0.0.orig/src/qemu/qemu_monitor.c +++ libvirt-4.0.0/src/qemu/qemu_monitor.c @@ -4369,3 +4369,11 @@ qemuMonitorSetWatchdogAction(qemuMonitor return qemuMonitorJSONSetWatchdogAction(mon, action); } + +char * +qemuMonitorGetSEVMeasurement(qemuMonitorPtr mon) +{ + QEMU_CHECK_MONITOR_NULL(mon); + + return qemuMonitorJSONGetSEVMeasurement(mon); +} Index: libvirt-4.0.0/src/qemu/qemu_monitor.h =================================================================== --- libvirt-4.0.0.orig/src/qemu/qemu_monitor.h +++ libvirt-4.0.0/src/qemu/qemu_monitor.h @@ -1149,4 +1149,7 @@ virJSONValuePtr qemuMonitorQueryNamedBlo int qemuMonitorSetWatchdogAction(qemuMonitorPtr mon, const char *action); +char * +qemuMonitorGetSEVMeasurement(qemuMonitorPtr mon); + #endif /* QEMU_MONITOR_H */ Index: libvirt-4.0.0/src/qemu/qemu_monitor_json.c =================================================================== --- libvirt-4.0.0.orig/src/qemu/qemu_monitor_json.c +++ libvirt-4.0.0/src/qemu/qemu_monitor_json.c @@ -7861,3 +7861,45 @@ qemuMonitorJSONSetWatchdogAction(qemuMon virJSONValueFree(reply); return ret; } + +/** + * The function is used to retrieve the measurement of a SEV guest. + * The measurement is signature of the memory contents that was encrypted + * through the SEV launch flow. + * + * A example JSON output: + * + * { "execute" : "query-sev-launch-measure" } + * { "return" : { "data" : "4l8LXeNlSPUDlXPJG5966/8%YZ" } } + */ +char * +qemuMonitorJSONGetSEVMeasurement(qemuMonitorPtr mon) +{ + const char *tmp; + char *measurement = NULL; + virJSONValuePtr cmd; + virJSONValuePtr reply = NULL; + virJSONValuePtr data; + + if (!(cmd = qemuMonitorJSONMakeCommand("query-sev-launch-measure", NULL))) + return NULL; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + goto cleanup; + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + goto cleanup; + + data = virJSONValueObjectGetObject(reply, "return"); + + if (!(tmp = virJSONValueObjectGetString(data, "data"))) + goto cleanup; + + if (VIR_STRDUP(measurement, tmp) < 0) + goto cleanup; + + cleanup: + virJSONValueFree(cmd); + virJSONValueFree(reply); + return measurement; +} Index: libvirt-4.0.0/src/qemu/qemu_monitor_json.h =================================================================== --- libvirt-4.0.0.orig/src/qemu/qemu_monitor_json.h +++ libvirt-4.0.0/src/qemu/qemu_monitor_json.h @@ -339,6 +339,8 @@ int qemuMonitorJSONGetBlockIoThrottle(qe int qemuMonitorJSONSystemWakeup(qemuMonitorPtr mon); +char *qemuMonitorJSONGetSEVMeasurement(qemuMonitorPtr mon); + int qemuMonitorJSONGetVersion(qemuMonitorPtr mon, int *major, int *minor,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
