The API can be used by application to retrieve the Platform Diffie-Hellman Key and Platform Certificate chain. Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx> Reviewed-by: Erik Skultety <eskultet@xxxxxxxxxx> --- include/libvirt/libvirt-host.h | 42 ++++++++++++++++++++++++++++++++++++ src/driver-hypervisor.h | 6 ++++++ src/libvirt-host.c | 49 ++++++++++++++++++++++++++++++++++++++++++ src/libvirt_public.syms | 1 + 4 files changed, 98 insertions(+) diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h index 84f4858..a04d669 100644 --- a/include/libvirt/libvirt-host.h +++ b/include/libvirt/libvirt-host.h @@ -432,6 +432,48 @@ typedef virNodeCPUStats *virNodeCPUStatsPtr; typedef virNodeMemoryStats *virNodeMemoryStatsPtr; + +/** + * + * SEV Parameters + */ + +/** + * VIR_NODE_SEV_PDH: + * + * Macro represents the Platform Diffie-Hellman key, as VIR_TYPED_PARAMS_STRING. + */ +# define VIR_NODE_SEV_PDH "pdh" + +/** + * VIR_NODE_SEV_CERT_CHAIN: + * + * Macro represents the platform certificate chain that includes the platform + * endorsement key (PEK), owner certificate authority (OCD) and chip + * endorsement key (CEK), as VIR_TYPED_PARAMS_STRING. + */ +# define VIR_NODE_SEV_CERT_CHAIN "cert-chain" + +/** + * VIR_NODE_SEV_CBITPOS: + * + * Macro represents the CBit Position used by hypervisor when SEV is enabled. + */ +# define VIR_NODE_SEV_CBITPOS "cbitpos" + +/** + * VIR_NODE_SEV_REDUCED_PHYS_BITS: + * + * Macro represents the number of bits we lose in physical address space + * when SEV is enabled in the guest. + */ +# define VIR_NODE_SEV_REDUCED_PHYS_BITS "reduced-phys-bits" + +int virNodeGetSEVInfo (virConnectPtr conn, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags); + /** * virConnectFlags * diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h index aa99cbb..c50d2a0 100644 --- a/src/driver-hypervisor.h +++ b/src/driver-hypervisor.h @@ -1309,6 +1309,11 @@ typedef int unsigned int action, unsigned int flags); +typedef int +(*virDrvNodeGetSEVInfo)(virConnectPtr conn, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags); typedef struct _virHypervisorDriver virHypervisorDriver; typedef virHypervisorDriver *virHypervisorDriverPtr; @@ -1558,6 +1563,7 @@ struct _virHypervisorDriver { virDrvDomainSetLifecycleAction domainSetLifecycleAction; virDrvConnectCompareHypervisorCPU connectCompareHypervisorCPU; virDrvConnectBaselineHypervisorCPU connectBaselineHypervisorCPU; + virDrvNodeGetSEVInfo nodeGetSEVInfo; }; diff --git a/src/libvirt-host.c b/src/libvirt-host.c index 3aaf558..e20d6ee 100644 --- a/src/libvirt-host.c +++ b/src/libvirt-host.c @@ -1639,3 +1639,52 @@ virNodeAllocPages(virConnectPtr conn, virDispatchError(conn); return -1; } + + +/* + * virNodeGetSEVInfo: + * @conn: pointer to the hypervisor connection + * @params: where to store SEV information + * @nparams: pointer to number of SEV parameters returned in @params + * @flags: extra flags; not used yet, so callers should always pass 0 + * + * If hypervisor supports AMD's SEV feature, then @params will contain various + * platform specific information like PDH and certificate chain. Caller is + * responsible for freeing @params. + * + * Returns 0 in case of success, and -1 in case of failure. + */ +int +virNodeGetSEVInfo(virConnectPtr conn, + virTypedParameterPtr *params, + int *nparams, + unsigned int flags) +{ + VIR_DEBUG("conn=%p, params=%p, nparams=%p, flags=0x%x", + conn, params, nparams, flags); + + virResetLastError(); + + virCheckConnectReturn(conn, -1); + virCheckNonNullArgGoto(nparams, error); + virCheckNonNegativeArgGoto(*nparams, error); + virCheckReadOnlyGoto(conn->flags, error); + + if (VIR_DRV_SUPPORTS_FEATURE(conn->driver, conn, + VIR_DRV_FEATURE_TYPED_PARAM_STRING)) + flags |= VIR_TYPED_PARAM_STRING_OKAY; + + if (conn->driver->nodeGetSEVInfo) { + int ret; + ret = conn->driver->nodeGetSEVInfo(conn, params, nparams, flags); + if (ret < 0) + goto error; + return ret; + } + + virReportUnsupportedError(); + + error: + virDispatchError(conn); + return -1; +} diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index 4f54b84..524d5fd 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -796,6 +796,7 @@ LIBVIRT_4.5.0 { global: virGetLastErrorCode; virGetLastErrorDomain; + virNodeGetSEVInfo; } LIBVIRT_4.4.0; # .... define new API here using predicted next version number .... -- 2.7.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list