| Message ID | 20180207160638.98872-26-brijesh.singh@amd.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 02/07/2018 10:06 AM, Brijesh Singh wrote: > The command can be used by libvirt to retrieve the measurement of SEV guest. > This measurement is a signature of the memory contents that was encrypted > through the LAUNCH_UPDATE_DATA. > > Cc: "Daniel P. Berrangé" <berrange@redhat.com> > Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com> > Cc: Markus Armbruster <armbru@redhat.com> > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > --- > qapi-schema.json | 30 ++++++++++++++++++++++++++++++ > qmp.c | 14 ++++++++++++++ > 2 files changed, 44 insertions(+) > > diff --git a/qapi-schema.json b/qapi-schema.json > index 447ebb15266e..19331bff8883 100644 > --- a/qapi-schema.json > +++ b/qapi-schema.json > @@ -3236,3 +3236,33 @@ > # > ## > { 'command': 'query-sev', 'returns': 'SevInfo' } > + > +## > +# @SevLaunchMeasureInfo: > +# > +# SEV Guest Launch measurement information > +# > +# @data: the measurement value encoded in base64 > +# > +# Since: 2.12 > +# > +# Notes: If measurement is not available then a null measurement is returned. Null measurement, as in empty string? Would it be better to have query-sev-launch-measure return an error instead of an SevLaunchMeasureInfo with a null measurement in that case? > +## > +{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'} } > + > +## > +# @query-sev-launch-measure: > +# > +# Query the SEV guest launch information. > +# > +# Returns: The @SevLaunchMeasureInfo for the guest > +# > +# Since: 2.12 > +# > +# Example: > +# > +# -> { "execute": "query-sev-launch-measure" } > +# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } > +#
On 02/07/2018 10:29 AM, Eric Blake wrote: ... >> +# >> +# Since: 2.12 >> +# >> +# Notes: If measurement is not available then a null measurement is >> returned. > > Null measurement, as in empty string? Would it be better to have > query-sev-launch-measure return an error instead of an > SevLaunchMeasureInfo with a null measurement in that case? > Yes, an empty string when measurement is not available. I can certainly change it to return an error when measurement is not available. >> +## >> +{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'} } >> + >> +## >> +# @query-sev-launch-measure: >> +# >> +# Query the SEV guest launch information. >> +# >> +# Returns: The @SevLaunchMeasureInfo for the guest >> +# >> +# Since: 2.12 >> +# >> +# Example: >> +# >> +# -> { "execute": "query-sev-launch-measure" } >> +# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } >> +# > >
diff --git a/qapi-schema.json b/qapi-schema.json index 447ebb15266e..19331bff8883 100644 --- a/qapi-schema.json +++ b/qapi-schema.json @@ -3236,3 +3236,33 @@ # ## { 'command': 'query-sev', 'returns': 'SevInfo' } + +## +# @SevLaunchMeasureInfo: +# +# SEV Guest Launch measurement information +# +# @data: the measurement value encoded in base64 +# +# Since: 2.12 +# +# Notes: If measurement is not available then a null measurement is returned. +## +{ 'struct': 'SevLaunchMeasureInfo', 'data': {'data': 'str'} } + +## +# @query-sev-launch-measure: +# +# Query the SEV guest launch information. +# +# Returns: The @SevLaunchMeasureInfo for the guest +# +# Since: 2.12 +# +# Example: +# +# -> { "execute": "query-sev-launch-measure" } +# <- { "return": { "data": "4l8LXeNlSPUDlXPJG5966/8%YZ" } } +# +## +{ 'command': 'query-sev-launch-measure', 'returns': 'SevLaunchMeasureInfo' } diff --git a/qmp.c b/qmp.c index 1a5cfad09dd0..5fb19b9d0db3 100644 --- a/qmp.c +++ b/qmp.c @@ -733,3 +733,17 @@ SevInfo *qmp_query_sev(Error **errp) return info; } + +SevLaunchMeasureInfo *qmp_query_sev_launch_measure(Error **errp) +{ + SevLaunchMeasureInfo *info = NULL; + + if (sev_enabled()) { + info = g_malloc0(sizeof(*info)); + info->data = sev_get_launch_measurement(); + } else { + error_setg(errp, "SEV is not enabled"); + } + + return info; +}
The command can be used by libvirt to retrieve the measurement of SEV guest. This measurement is a signature of the memory contents that was encrypted through the LAUNCH_UPDATE_DATA. Cc: "Daniel P. Berrangé" <berrange@redhat.com> Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- qapi-schema.json | 30 ++++++++++++++++++++++++++++++ qmp.c | 14 ++++++++++++++ 2 files changed, 44 insertions(+)