Re: [libvirt PATCH 3/6] qemu: add monitor APIs for query-sev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Dec 09, 2021 at 09:36:03AM +0100, Peter Krempa wrote:
> On Wed, Dec 08, 2021 at 18:44:31 +0000, Daniel P. Berrangé wrote:
> > We're only returning the set of fields needed to perform an
> > attestation, per the SEV API docs.
> > 
> > Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
> > ---
> >  src/qemu/qemu_monitor.c      | 13 +++++++++++
> >  src/qemu/qemu_monitor.h      |  9 ++++++++
> >  src/qemu/qemu_monitor_json.c | 45 ++++++++++++++++++++++++++++++++++++
> >  src/qemu/qemu_monitor_json.h |  8 +++++++
> >  4 files changed, 75 insertions(+)
> 
> 
> > diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
> > index e00d785c20..423bae49d2 100644
> > --- a/src/qemu/qemu_monitor_json.c
> > +++ b/src/qemu/qemu_monitor_json.c
> > @@ -8216,6 +8216,51 @@ qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon)
> >  }
> >  
> >  
> > +/**
> > + * Retrive info about the SEV setup, returning those fields that
> > + * are required to do a launch attestation, as per
> > + *
> > + * HMAC(0x04 || API_MAJOR || API_MINOR || BUILD || GCTX.POLICY || GCTX.LD || MNONCE; GCTX.TIK)
> > + *
> > + * specified in section 6.5.1 of AMD Secure Encrypted
> > + * Virtualization API.
> > + *
> > + *  { "execute": "query-sev" }
> > + *  { "return": { "enabled": true, "api-major" : 0, "api-minor" : 0,
> > + *                "build-id" : 0, "policy" : 0, "state" : "running",
> > + *                "handle" : 1 } }
> > + */
> > +int qemuMonitorJSONGetSEVInfo(qemuMonitor *mon,
> > +                              unsigned int *apiMajor,
> > +                              unsigned int *apiMinor,
> > +                              unsigned int *buildID,
> > +                              unsigned int *policy)
> 
> Please use consistent (with what you've added in the header file) and
> modern header formatting.
> 
> > +{
> > +    g_autoptr(virJSONValue) cmd = NULL;
> > +    g_autoptr(virJSONValue) reply = NULL;
> > +    virJSONValue *data;
> > +
> > +    if (!(cmd = qemuMonitorJSONMakeCommand("query-sev", NULL)))
> > +        return -1;
> > +
> > +    if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
> > +        return -1;
> > +
> > +    if (qemuMonitorJSONCheckReply(cmd, reply, VIR_JSON_TYPE_OBJECT) < 0)
> > +        return -1;
> > +
> > +    data = virJSONValueObjectGetObject(reply, "return");
> > +
> > +    if (virJSONValueObjectGetNumberUint(data, "api-major", apiMajor) < 0 ||
> > +        virJSONValueObjectGetNumberUint(data, "api-minor", apiMinor) < 0 ||
> > +        virJSONValueObjectGetNumberUint(data, "build-id", buildID) < 0 ||
> > +        virJSONValueObjectGetNumberUint(data, "policy", policy) < 0)
> > +        return -1;
> > +
> > +    return 0;
> > +}
> > +
> > +
> >  /*
> >   * Example return data
> >   *
> > diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
> > index 0984717675..163be25c32 100644
> > --- a/src/qemu/qemu_monitor_json.h
> > +++ b/src/qemu/qemu_monitor_json.h
> > @@ -369,6 +369,14 @@ int qemuMonitorJSONSystemWakeup(qemuMonitor *mon);
> >  
> >  char *qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon);
> >  
> > +int qemuMonitorJSONGetSEVInfo(qemuMonitor *mon,
> > +                              unsigned int *apiMajor,
> > +                              unsigned int *apiMinor,
> > +                              unsigned int *buildID,
> > +                              unsigned int *policy)
> > +    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
> > +    ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
> 
> Preferrably use modern header formatting.

Almost everything in this header uses the style matching
this patch. IMHO divering in style is worse.

> >  int qemuMonitorJSONGetVersion(qemuMonitor *mon,
> >                                int *major,
> >                                int *minor,
> 
> qemumonitorjsontest?
> 
> Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx>
> 

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux