| Message ID | 20180129174132.108925-18-brijesh.singh@amd.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Brijesh Singh <brijesh.singh@amd.com> writes: > Add SEV_MEASUREMENT event which can be used by libvirt to get the > measurement of the memory regions encrypted through the SEV launch > flow. The measurement value is base64 encoded. > > Cc: Daniel P. Berrange <berrange@redhat.com> > Cc: Eric Blake <eblake@redhat.com> > Cc: Markus Armbruster <armbru@redhat.com> > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > --- > qapi-schema.json | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/qapi-schema.json b/qapi-schema.json > index 2046c96669bf..e1f5d14e2e3f 100644 > --- a/qapi-schema.json > +++ b/qapi-schema.json > @@ -3192,3 +3192,16 @@ > # Since: 2.11 > ## > { 'command': 'watchdog-set-action', 'data' : {'action': 'WatchdogAction'} } > + > +## > +# @SEV_MEASUREMENT: > +# > +# Emitted when measurement is available for the SEV guest. > +# > +# @value: measurement value encoded in base64 > +# > +# Since: 2.12 > +# > +## > +{ 'event' : 'SEV_MEASUREMENT', > + 'data' : { 'value' : 'str' } } New event -> automatic question: do we need a way to poll for this information? Say when an event could get lost during a libvirt restart.
On 01/31/2018 11:45 AM, Markus Armbruster wrote: > Brijesh Singh <brijesh.singh@amd.com> writes: > >> Add SEV_MEASUREMENT event which can be used by libvirt to get the >> measurement of the memory regions encrypted through the SEV launch >> flow. The measurement value is base64 encoded. >> >> Cc: Daniel P. Berrange <berrange@redhat.com> >> Cc: Eric Blake <eblake@redhat.com> >> Cc: Markus Armbruster <armbru@redhat.com> >> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> >> --- >> qapi-schema.json | 13 +++++++++++++ >> 1 file changed, 13 insertions(+) >> >> diff --git a/qapi-schema.json b/qapi-schema.json >> index 2046c96669bf..e1f5d14e2e3f 100644 >> --- a/qapi-schema.json >> +++ b/qapi-schema.json >> @@ -3192,3 +3192,16 @@ >> # Since: 2.11 >> ## >> { 'command': 'watchdog-set-action', 'data' : {'action': 'WatchdogAction'} } >> + >> +## >> +# @SEV_MEASUREMENT: >> +# >> +# Emitted when measurement is available for the SEV guest. >> +# >> +# @value: measurement value encoded in base64 >> +# >> +# Since: 2.12 >> +# >> +## >> +{ 'event' : 'SEV_MEASUREMENT', >> + 'data' : { 'value' : 'str' } } > > New event -> automatic question: do we need a way to poll for this > information? Say when an event could get lost during a libvirt restart. > In our initial SEV patches for libvirt we ran into similar cases where the event was dropped on restart, and now leaning towards dropping this event patch and add a new QMP command which can be used by libvirt to retrieve the measurement.
On 02/01/2018 09:25 AM, Brijesh Singh wrote: >>> +{ 'event' : 'SEV_MEASUREMENT', >>> + 'data' : { 'value' : 'str' } } >> >> New event -> automatic question: do we need a way to poll for this >> information? Say when an event could get lost during a libvirt restart. >> > > > In our initial SEV patches for libvirt we ran into similar cases where > the event was dropped on restart, and now leaning towards dropping this > event patch and add a new QMP command which can be used by libvirt to > retrieve the measurement. An event may still be useful to minimize the amount of polling required when the connection is not broken. It's just that any setup that ONLY permits events (and not also polling) is fragile.
diff --git a/qapi-schema.json b/qapi-schema.json index 2046c96669bf..e1f5d14e2e3f 100644 --- a/qapi-schema.json +++ b/qapi-schema.json @@ -3192,3 +3192,16 @@ # Since: 2.11 ## { 'command': 'watchdog-set-action', 'data' : {'action': 'WatchdogAction'} } + +## +# @SEV_MEASUREMENT: +# +# Emitted when measurement is available for the SEV guest. +# +# @value: measurement value encoded in base64 +# +# Since: 2.12 +# +## +{ 'event' : 'SEV_MEASUREMENT', + 'data' : { 'value' : 'str' } }
Add SEV_MEASUREMENT event which can be used by libvirt to get the measurement of the memory regions encrypted through the SEV launch flow. The measurement value is base64 encoded. Cc: Daniel P. Berrange <berrange@redhat.com> Cc: Eric Blake <eblake@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- qapi-schema.json | 13 +++++++++++++ 1 file changed, 13 insertions(+)