[PATCH v6 9/9] virsh: implement new command for launch security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Add new 'launch-security' command, the command can be used to get or set
the launch security information when booting encrypted VMs.

Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
---
 tools/virsh-domain.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 tools/virsh.pod      |  5 ++++
 2 files changed, 86 insertions(+)

diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index cfbbf5a7bc39..27bb702c8bb7 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -13870,6 +13870,81 @@ cmdDomFSInfo(vshControl *ctl, const vshCmd *cmd)
     return ret >= 0;
 }
 
+/*
+ * "launch-security" command
+ */
+static const vshCmdInfo info_launch_security[] = {
+    {.name = "help",
+        .data = N_("Get or set launch-security information")
+    },
+    {.name = "desc",
+        .data = N_("Get or set the current launch-security information for "
+                   "a guest domain.\n"
+                   "    To get the launch-security information use following"
+                   "    command: \n\n"
+                   "    virsh # launch-security <domain>")
+    },
+    {.name = NULL}
+};
+
+static const vshCmdOptDef opts_launch_security[] = {
+    VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+    VIRSH_COMMON_OPT_DOMAIN_CONFIG,
+    VIRSH_COMMON_OPT_DOMAIN_LIVE,
+    VIRSH_COMMON_OPT_DOMAIN_CURRENT,
+    {.name = NULL}
+};
+
+static void
+virshPrintLaunchSecurityInfo(vshControl *ctl, virTypedParameterPtr params,
+                             int nparams)
+{
+    size_t i;
+
+    for (i = 0; i < nparams; i++) {
+        if (params[i].type == VIR_TYPED_PARAM_STRING)
+            vshPrintExtra(ctl, "%-15s: %s\n", params[i].field, params[i].value.s);
+    }
+}
+
+static bool
+cmdLaunchSecurity(vshControl *ctl, const vshCmd *cmd)
+{
+    virDomainPtr dom;
+    int nparams = 0;
+    virTypedParameterPtr params = NULL;
+    bool ret = false;
+    unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
+    bool current = vshCommandOptBool(cmd, "current");
+    bool config = vshCommandOptBool(cmd, "config");
+    bool live = vshCommandOptBool(cmd, "live");
+
+    VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
+    VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
+
+    if (config)
+        flags |= VIR_DOMAIN_AFFECT_CONFIG;
+    if (live)
+        flags |= VIR_DOMAIN_AFFECT_LIVE;
+
+    if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
+        return false;
+
+    if (virDomainGetLaunchSecurityInfo(dom, &params, &nparams, flags) != 0) {
+        vshError(ctl, "%s", _("Unable to get launch security info"));
+        goto cleanup;
+    }
+
+    virshPrintLaunchSecurityInfo(ctl, params, nparams);
+
+    ret = true;
+ cleanup:
+    virTypedParamsFree(params, nparams);
+    virshDomainFree(dom);
+    return ret;
+}
+
+
 const vshCmdDef domManagementCmds[] = {
     {.name = "attach-device",
      .handler = cmdAttachDevice,
@@ -14485,5 +14560,11 @@ const vshCmdDef domManagementCmds[] = {
      .info = info_domblkthreshold,
      .flags = 0
     },
+    {.name = "launch-security-info",
+     .handler = cmdLaunchSecurity,
+     .opts = opts_launch_security,
+     .info = info_launch_security,
+     .flags = 0
+    },
     {.name = NULL}
 };
diff --git a/tools/virsh.pod b/tools/virsh.pod
index 929958a9533c..31bb26bda2ac 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -2899,6 +2899,11 @@ See B<vcpupin> for information on I<cpulist>.
 Output the IP address and port number for the VNC display. If the information
 is not available the processes will provide an exit code of 1.
 
+=item B<launch-security-info> I<domain>
+
+Get the measurement of the memory contents encrypted through the launch
+sequence when I<launch-security> is provided.
+
 =back
 
 =head1 DEVICE COMMANDS
-- 
2.14.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux