On Wed, Dec 08, 2021 at 18:44:31 +0000, Daniel P. Berrangé wrote: > We're only returning the set of fields needed to perform an > attestation, per the SEV API docs. > > Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> > --- > src/qemu/qemu_monitor.c | 13 +++++++++++ > src/qemu/qemu_monitor.h | 9 ++++++++ > src/qemu/qemu_monitor_json.c | 45 ++++++++++++++++++++++++++++++++++++ > src/qemu/qemu_monitor_json.h | 8 +++++++ > 4 files changed, 75 insertions(+) > diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c > index e00d785c20..423bae49d2 100644 > --- a/src/qemu/qemu_monitor_json.c > +++ b/src/qemu/qemu_monitor_json.c > @@ -8216,6 +8216,51 @@ qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon) > } > > > +/** > + * Retrive info about the SEV setup, returning those fields that > + * are required to do a launch attestation, as per > + * > + * HMAC(0x04 || API_MAJOR || API_MINOR || BUILD || GCTX.POLICY || GCTX.LD || MNONCE; GCTX.TIK) > + * > + * specified in section 6.5.1 of AMD Secure Encrypted > + * Virtualization API. > + * > + * { "execute": "query-sev" } > + * { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0, > + * "build-id" : 0, "policy" : 0, "state" : "running", > + * "handle" : 1 } } > + */ > +int qemuMonitorJSONGetSEVInfo(qemuMonitor *mon, > + unsigned int *apiMajor, > + unsigned int *apiMinor, > + unsigned int *buildID, > + unsigned int *policy) Please use consistent (with what you've added in the header file) and modern header formatting. > +{ > + g_autoptr(virJSONValue) cmd = NULL; > + g_autoptr(virJSONValue) reply = NULL; > + virJSONValue *data; > + > + if (!(cmd = qemuMonitorJSONMakeCommand("query-sev", NULL))) > + return -1; > + > + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) > + return -1; > + > + if (qemuMonitorJSONCheckReply(cmd, reply, VIR_JSON_TYPE_OBJECT) < 0) > + return -1; > + > + data = virJSONValueObjectGetObject(reply, "return"); > + > + if (virJSONValueObjectGetNumberUint(data, "api-major", apiMajor) < 0 || > + virJSONValueObjectGetNumberUint(data, "api-minor", apiMinor) < 0 || > + virJSONValueObjectGetNumberUint(data, "build-id", buildID) < 0 || > + virJSONValueObjectGetNumberUint(data, "policy", policy) < 0) > + return -1; > + > + return 0; > +} > + > + > /* > * Example return data > * > diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h > index 0984717675..163be25c32 100644 > --- a/src/qemu/qemu_monitor_json.h > +++ b/src/qemu/qemu_monitor_json.h > @@ -369,6 +369,14 @@ int qemuMonitorJSONSystemWakeup(qemuMonitor *mon); > > char *qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon); > > +int qemuMonitorJSONGetSEVInfo(qemuMonitor *mon, > + unsigned int *apiMajor, > + unsigned int *apiMinor, > + unsigned int *buildID, > + unsigned int *policy) > + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) > + ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5); Preferrably use modern header formatting. > + > int qemuMonitorJSONGetVersion(qemuMonitor *mon, > int *major, > int *minor, qemumonitorjsontest? Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>