[PATCH v8 03/11] libvirt: add new public API to get SEV Info

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The API can be used by application to retrieve the Platform Diffie-Hellman
Key and Platform Certificate chain.

Signed-off-by: Brijesh Singh <<brijesh.singh@xxxxxxx>>
---
 include/libvirt/libvirt-host.h | 42 +++++++++++++++++++++++++++++++++++++
 src/driver-hypervisor.h        |  6 ++++++
 src/libvirt-host.c             | 47 ++++++++++++++++++++++++++++++++++++++++++
 src/libvirt_public.syms        |  1 +
 4 files changed, 96 insertions(+)

diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
index 84f4858..e46f88b 100644
--- a/include/libvirt/libvirt-host.h
+++ b/include/libvirt/libvirt-host.h
@@ -432,6 +432,48 @@ typedef virNodeCPUStats *virNodeCPUStatsPtr;
 
 typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
 
+
+/**
+ *
+ * SEV Parameters
+ */
+
+/**
+ * VIR_NODE_SEV_PDH:
+ *
+ * Marco represents the Platform Diffie-Hellman key, as VIR_TYPED_PARAMS_STRING.
+ */
+# define VIR_NODE_SEV_PDH               "pdh"
+
+/**
+ * VIR_NODE_SEV_CERT_CHAIN:
+ *
+ * Marco represents the Platform certificate chain that includes the
+ * endorsement key (PEK), owner certificate authority (OCD) and chip
+ * endorsement key (CEK), as VIR_TYPED_PARAMS_STRING.
+ */
+# define VIR_NODE_SEV_CERT_CHAIN        "cert-chain"
+
+/**
+ * VIR_NODE_SEV_CBITPOS:
+ *
+ * Marco represents the CBit Position used by hypervisor when SEV is enabled.
+ */
+# define VIR_NODE_SEV_CBITPOS        "cbitpos"
+
+/**
+ * VIR_NODE_SEV_REDUCED_PHYS_BITS:
+ *
+ * Marco represents the number of bits we lose in physical address space
+ * when SEV is enabled in the guest.
+ */
+# define VIR_NODE_SEV_REDUCED_PHYS_BITS        "reduced-phys-bits"
+
+int virNodeGetSEVInfo (virConnectPtr conn,
+                       virTypedParameterPtr *params,
+                       int *nparams,
+                       unsigned int flags);
+
 /**
  * virConnectFlags
  *
diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
index aa99cbb..c50d2a0 100644
--- a/src/driver-hypervisor.h
+++ b/src/driver-hypervisor.h
@@ -1309,6 +1309,11 @@ typedef int
                                   unsigned int action,
                                   unsigned int flags);
 
+typedef int
+(*virDrvNodeGetSEVInfo)(virConnectPtr conn,
+                        virTypedParameterPtr *params,
+                        int *nparams,
+                        unsigned int flags);
 
 typedef struct _virHypervisorDriver virHypervisorDriver;
 typedef virHypervisorDriver *virHypervisorDriverPtr;
@@ -1558,6 +1563,7 @@ struct _virHypervisorDriver {
     virDrvDomainSetLifecycleAction domainSetLifecycleAction;
     virDrvConnectCompareHypervisorCPU connectCompareHypervisorCPU;
     virDrvConnectBaselineHypervisorCPU connectBaselineHypervisorCPU;
+    virDrvNodeGetSEVInfo nodeGetSEVInfo;
 };
 
 
diff --git a/src/libvirt-host.c b/src/libvirt-host.c
index 3aaf558..2a633f0 100644
--- a/src/libvirt-host.c
+++ b/src/libvirt-host.c
@@ -1639,3 +1639,50 @@ virNodeAllocPages(virConnectPtr conn,
     virDispatchError(conn);
     return -1;
 }
+
+/*
+ * virNodeGetSEVInfo:
+ * @conn: pointer to the hypervisor connection
+ * @params: where to store  SEV information; output
+ * @nparams: pointer to number of SEV parameters; output
+ * @flags: extra flags; not used yet, so callers should always pass 0
+ *
+ * If hypervisor supports SEV then @params will contains PDH and
+ * certificate chain.
+ *
+ * Returns 0 in case of success, and -1 in case of failure.
+ */
+int
+virNodeGetSEVInfo(virConnectPtr conn,
+                  virTypedParameterPtr *params,
+                  int *nparams,
+                  unsigned int flags)
+{
+    VIR_DEBUG("conn=%p, params=%p, nparams=%p, flags=0x%x",
+              conn, params, nparams, flags);
+
+    virResetLastError();
+
+    virCheckConnectReturn(conn, -1);
+    virCheckNonNullArgGoto(nparams, error);
+    virCheckNonNegativeArgGoto(*nparams, error);
+    virCheckReadOnlyGoto(conn->flags, error);
+
+    if (VIR_DRV_SUPPORTS_FEATURE(conn->driver, conn,
+                                 VIR_DRV_FEATURE_TYPED_PARAM_STRING))
+        flags |= VIR_TYPED_PARAM_STRING_OKAY;
+
+    if (conn->driver->nodeGetSEVInfo) {
+        int ret;
+        ret = conn->driver->nodeGetSEVInfo(conn, params, nparams, flags);
+        if (ret < 0)
+            goto error;
+        return ret;
+    }
+
+    virReportUnsupportedError();
+
+ error:
+    virDispatchError(conn);
+    return -1;
+}
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index 4f54b84..524d5fd 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -796,6 +796,7 @@ LIBVIRT_4.5.0 {
     global:
         virGetLastErrorCode;
         virGetLastErrorDomain;
+        virNodeGetSEVInfo;
 } LIBVIRT_4.4.0;
 
 # .... define new API here using predicted next version number ....
-- 
2.7.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux