On 04/02/2018 10:18 AM, Brijesh Singh wrote:
> The API can be used outside the libvirt to get the launch security
> information. When SEV is enabled, the API can be used to get the
> measurement of the launch process.
>
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> ---
> include/libvirt/libvirt-domain.h | 17 ++++++++++++++
> src/driver-hypervisor.h | 7 ++++++
> src/libvirt-domain.c | 48 ++++++++++++++++++++++++++++++++++++++++
> src/libvirt_public.syms | 5 +++++
> 4 files changed, 77 insertions(+)
>
> diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
> index 12fd340..6870a1a 100644
> --- a/include/libvirt/libvirt-domain.h
> +++ b/include/libvirt/libvirt-domain.h
> @@ -4764,4 +4764,21 @@ int virDomainSetLifecycleAction(virDomainPtr domain,
> unsigned int action,
> unsigned int flags);
>
> +/**
> + * Launch Security API
> + */
> +
> +/**
> + * VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT:
> + *
> + * Macro represents the launch measurement of the SEV guest,
> + * as VIR_TYPED_PARAM_STRING.
> + */
> +#define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement"
syntax-check tells you that this is incorrectly spaced - should be "#
define"
> +
> +int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
> + virTypedParameterPtr *params,
> + int *nparams,
> + unsigned int flags);
> +
> #endif /* __VIR_LIBVIRT_DOMAIN_H__ */
> diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
> index ce0e2b2..b066413 100644
> --- a/src/driver-hypervisor.h
> +++ b/src/driver-hypervisor.h
> @@ -1283,6 +1283,12 @@ typedef int
> unsigned int action,
> unsigned int flags);
>
> +typedef int
> +(*virDrvDomainGetLaunchSecurityInfo)(virDomainPtr domain,
> + virTypedParameterPtr *params,
> + int *nparams,
> + unsigned int flags);
> +
>
> typedef struct _virHypervisorDriver virHypervisorDriver;
> typedef virHypervisorDriver *virHypervisorDriverPtr;
> @@ -1528,6 +1534,7 @@ struct _virHypervisorDriver {
> virDrvDomainSetVcpu domainSetVcpu;
> virDrvDomainSetBlockThreshold domainSetBlockThreshold;
> virDrvDomainSetLifecycleAction domainSetLifecycleAction;
> + virDrvDomainGetLaunchSecurityInfo domainGetLaunchSecurityInfo;
> };
>
>
> diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
> index 63d2ae2..5b63a3c 100644
> --- a/src/libvirt-domain.c
> +++ b/src/libvirt-domain.c
> @@ -12101,3 +12101,51 @@ int virDomainSetLifecycleAction(virDomainPtr domain,
> virDispatchError(domain->conn);
> return -1;
> }
> +
> +/**
> + * virDomainGetLaunchSecurityInfo:
> + * @domain: a domain object
> + * @params: where to store security info
> + * @nparams: number of items in @params
> + * @flags: currently used, set to 0.
> + *
> + * Get the launch security info. In case of the SEV guest, this will
> + * return the launch measurement.
> + *
> + * Returns -1 in case of failure, 0 in case of success.
> + */
> +int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
> + virTypedParameterPtr *params,
> + int *nparams,
> + unsigned int flags)
> +{
> + virConnectPtr conn = domain->conn;
> +
> + VIR_DOMAIN_DEBUG(domain, "params=%p, nparams=%p flags=0x%x",
> + params, nparams, flags);
> +
> + virResetLastError();
> +
> + virCheckDomainReturn(domain, -1);
> + virCheckNonNullArgGoto(params, error);
> + virCheckNonNullArgGoto(nparams, error);
> + virCheckReadOnlyGoto(conn->flags, error);
> +
> + if (VIR_DRV_SUPPORTS_FEATURE(domain->conn->driver, domain->conn,
> + VIR_DRV_FEATURE_TYPED_PARAM_STRING))
> + flags |= VIR_TYPED_PARAM_STRING_OKAY;
> +
> + if (conn->driver->domainGetLaunchSecurityInfo) {
> + int ret;
> + ret = conn->driver->domainGetLaunchSecurityInfo(domain, params,
> + nparams, flags);
> + if (ret < 0)
> + goto error;
> + return ret;
> + }
> + virReportUnsupportedError();
> +
> + error:
> + virDispatchError(domain->conn);
> + return -1;
> +}
> diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
> index 95df3a0..caba286 100644
> --- a/src/libvirt_public.syms
> +++ b/src/libvirt_public.syms
> @@ -785,4 +785,9 @@ LIBVIRT_4.1.0 {
> virStoragePoolLookupByTargetPath;
> } LIBVIRT_3.9.0;
>
> +LIBVIRT_4.2.0 {
It's 4.3.0 now...
Otherwise, I think this looks fine.
John
> + global:
> + virDomainGetLaunchSecurityInfo;
> +} LIBVIRT_4.1.0;
> +
> # .... define new API here using predicted next version number ....
>
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
