diff mbox series

[v2,03/23] qapi/misc-target: Group SEV QAPI definitions

Message ID 20210616204328.2611406-4-philmd@redhat.com (mailing list archive)
State New, archived
Headers show
Series target/i386/sev: Housekeeping (OVMF + SEV-disabled binaries) | expand

Commit Message

Philippe Mathieu-Daudé June 16, 2021, 8:43 p.m. UTC
There is already a section with various SEV commands / types,
so move the SEV guest attestation together.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 qapi/misc-target.json | 81 +++++++++++++++++++++----------------------
 1 file changed, 40 insertions(+), 41 deletions(-)

Comments

Dov Murik June 24, 2021, 6:13 a.m. UTC | #1
Phil,


On 16/06/2021 23:43, Philippe Mathieu-Daudé wrote:
> There is already a section with various SEV commands / types,
> so move the SEV guest attestation together.
> 

I have two questions (regarding several qapi patches in this series):

1. Should we extract all the SEV commands/types to a separate file?
Maybe sev.json, or confidential-guest-sev.json -- anticipating the other
platforms.

2. I see that some qapi types/commands are conditioned on
`defined(CONFIG_...)`. For example in qapi/tpm.json we have:

  { 'command': 'query-tpm-types', 'returns': ['TpmType'],
    'if': 'defined(CONFIG_TPM)' }

I wonder if the same applies to SEV.

-Dov


> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  qapi/misc-target.json | 81 +++++++++++++++++++++----------------------
>  1 file changed, 40 insertions(+), 41 deletions(-)
> 
> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
> index 81646126267..7db94206212 100644
> --- a/qapi/misc-target.json
> +++ b/qapi/misc-target.json
> @@ -219,6 +219,46 @@
>    'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' },
>    'if': 'defined(TARGET_I386)' }
>  
> +##
> +# @SevAttestationReport:
> +#
> +# The struct describes attestation report for a Secure Encrypted
> +# Virtualization feature.
> +#
> +# @data:  guest attestation report (base64 encoded)
> +#
> +#
> +# Since: 6.1
> +##
> +{ 'struct': 'SevAttestationReport',
> +  'data': { 'data': 'str'},
> +  'if': 'defined(TARGET_I386)' }
> +
> +##
> +# @query-sev-attestation-report:
> +#
> +# This command is used to get the SEV attestation report, and is
> +# supported on AMD X86 platforms only.
> +#
> +# @mnonce: a random 16 bytes value encoded in base64 (it will be
> +#          included in report)
> +#
> +# Returns: SevAttestationReport objects.
> +#
> +# Since: 6.1
> +#
> +# Example:
> +#
> +# -> { "execute" : "query-sev-attestation-report",
> +#                  "arguments": { "mnonce": "aaaaaaa" } }
> +# <- { "return" : { "data": "aaaaaaaabbbddddd"} }
> +#
> +##
> +{ 'command': 'query-sev-attestation-report',
> +  'data': { 'mnonce': 'str' },
> +  'returns': 'SevAttestationReport',
> +  'if': 'defined(TARGET_I386)' }
> +
>  ##
>  # @dump-skeys:
>  #
> @@ -285,44 +325,3 @@
>  ##
>  { 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
>    'if': 'defined(TARGET_ARM)' }
> -
> -
> -##
> -# @SevAttestationReport:
> -#
> -# The struct describes attestation report for a Secure Encrypted
> -# Virtualization feature.
> -#
> -# @data:  guest attestation report (base64 encoded)
> -#
> -#
> -# Since: 6.1
> -##
> -{ 'struct': 'SevAttestationReport',
> -  'data': { 'data': 'str'},
> -  'if': 'defined(TARGET_I386)' }
> -
> -##
> -# @query-sev-attestation-report:
> -#
> -# This command is used to get the SEV attestation report, and is
> -# supported on AMD X86 platforms only.
> -#
> -# @mnonce: a random 16 bytes value encoded in base64 (it will be
> -#          included in report)
> -#
> -# Returns: SevAttestationReport objects.
> -#
> -# Since: 6.1
> -#
> -# Example:
> -#
> -# -> { "execute" : "query-sev-attestation-report",
> -                   "arguments": { "mnonce": "aaaaaaa" } }
> -# <- { "return" : { "data": "aaaaaaaabbbddddd"} }
> -#
> -##
> -{ 'command': 'query-sev-attestation-report',
> -  'data': { 'mnonce': 'str' },
> -  'returns': 'SevAttestationReport',
> -  'if': 'defined(TARGET_I386)' }
>
Philippe Mathieu-Daudé June 24, 2021, 7:52 a.m. UTC | #2
On 6/24/21 8:13 AM, Dov Murik wrote:
> Phil,
> 
> 
> On 16/06/2021 23:43, Philippe Mathieu-Daudé wrote:
>> There is already a section with various SEV commands / types,
>> so move the SEV guest attestation together.
>>
> 
> I have two questions (regarding several qapi patches in this series):
> 
> 1. Should we extract all the SEV commands/types to a separate file?
> Maybe sev.json, or confidential-guest-sev.json -- anticipating the other
> platforms.

Certainly. "confidential-guest" matches QEMU naming, and I agree
having the implementation as extension (here "-sev") will reduce
the noise on other maintainers each time this file is modified.

> 2. I see that some qapi types/commands are conditioned on
> `defined(CONFIG_...)`. For example in qapi/tpm.json we have:
> 
>   { 'command': 'query-tpm-types', 'returns': ['TpmType'],
>     'if': 'defined(CONFIG_TPM)' }
> 
> I wonder if the same applies to SEV.

This part I am not sure so I'll defer to Markus / Paolo / anyone
who knows. My understanding is QAPI is generated at some point
in the buildsys process, so only the configuration features
passed via the ninja invocation can be used (see after NINJA
in ./configure). I hope I'm wrong and buildsys/QAPI works as
you expect, but haven't tried :)

Regards,

Phil.
diff mbox series

Patch

diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 81646126267..7db94206212 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -219,6 +219,46 @@ 
   'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' },
   'if': 'defined(TARGET_I386)' }
 
+##
+# @SevAttestationReport:
+#
+# The struct describes attestation report for a Secure Encrypted
+# Virtualization feature.
+#
+# @data:  guest attestation report (base64 encoded)
+#
+#
+# Since: 6.1
+##
+{ 'struct': 'SevAttestationReport',
+  'data': { 'data': 'str'},
+  'if': 'defined(TARGET_I386)' }
+
+##
+# @query-sev-attestation-report:
+#
+# This command is used to get the SEV attestation report, and is
+# supported on AMD X86 platforms only.
+#
+# @mnonce: a random 16 bytes value encoded in base64 (it will be
+#          included in report)
+#
+# Returns: SevAttestationReport objects.
+#
+# Since: 6.1
+#
+# Example:
+#
+# -> { "execute" : "query-sev-attestation-report",
+#                  "arguments": { "mnonce": "aaaaaaa" } }
+# <- { "return" : { "data": "aaaaaaaabbbddddd"} }
+#
+##
+{ 'command': 'query-sev-attestation-report',
+  'data': { 'mnonce': 'str' },
+  'returns': 'SevAttestationReport',
+  'if': 'defined(TARGET_I386)' }
+
 ##
 # @dump-skeys:
 #
@@ -285,44 +325,3 @@ 
 ##
 { 'command': 'query-gic-capabilities', 'returns': ['GICCapability'],
   'if': 'defined(TARGET_ARM)' }
-
-
-##
-# @SevAttestationReport:
-#
-# The struct describes attestation report for a Secure Encrypted
-# Virtualization feature.
-#
-# @data:  guest attestation report (base64 encoded)
-#
-#
-# Since: 6.1
-##
-{ 'struct': 'SevAttestationReport',
-  'data': { 'data': 'str'},
-  'if': 'defined(TARGET_I386)' }
-
-##
-# @query-sev-attestation-report:
-#
-# This command is used to get the SEV attestation report, and is
-# supported on AMD X86 platforms only.
-#
-# @mnonce: a random 16 bytes value encoded in base64 (it will be
-#          included in report)
-#
-# Returns: SevAttestationReport objects.
-#
-# Since: 6.1
-#
-# Example:
-#
-# -> { "execute" : "query-sev-attestation-report",
-                   "arguments": { "mnonce": "aaaaaaa" } }
-# <- { "return" : { "data": "aaaaaaaabbbddddd"} }
-#
-##
-{ 'command': 'query-sev-attestation-report',
-  'data': { 'mnonce': 'str' },
-  'returns': 'SevAttestationReport',
-  'if': 'defined(TARGET_I386)' }