This command reports the launch security parameters for a guest, allowing an external tool to perform a launch attestation. Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> --- docs/manpages/virsh.rst | 17 +++++++++++++ tools/virsh-domain.c | 53 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index 275f416090..1a74217625 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -2057,6 +2057,23 @@ destination hosts have synchronized time (i.e., NTP daemon is running on both of them). +domlaunchsecinfo +---------------- + +**Syntax:** + +:: + + domlaunchsecinfo domain + +Returns information about the launch security parameters associated +with a running domain. + +The set of parameters reported will vary depending on which type of +launch security protection is active. If none is active, no parameters +will be reported. + + dommemstat ---------- diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 8379f9f135..1560a8ea0d 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -9525,6 +9525,53 @@ cmdNumatune(vshControl * ctl, const vshCmd * cmd) goto cleanup; } +/* + * "domlaunchsecinfo" command + */ +static const vshCmdInfo info_domlaunchsecinfo[] = { + {.name = "help", + .data = N_("Get domain launch security info") + }, + {.name = "desc", + .data = N_("Get the launch security parameters for a guest domain") + }, + {.name = NULL} +}; + +static const vshCmdOptDef opts_domlaunchsecinfo[] = { + VIRSH_COMMON_OPT_DOMAIN_FULL(0), + {.name = NULL} +}; + +static bool +cmdDomLaunchSecInfo(vshControl * ctl, const vshCmd * cmd) +{ + g_autoptr(virshDomain) dom = NULL; + size_t i; + int nparams = 0; + virTypedParameterPtr params = NULL; + bool ret = false; + + if (!(dom = virshCommandOptDomain(ctl, cmd, NULL))) + return false; + + if (virDomainGetLaunchSecurityInfo(dom, ¶ms, &nparams, 0) != 0) { + vshError(ctl, "%s", _("Unable to get launch security parameters")); + goto cleanup; + } + + for (i = 0; i < nparams; i++) { + g_autofree char *str = vshGetTypedParamValue(ctl, ¶ms[i]); + vshPrint(ctl, "%-15s: %s\n", params[i].field, str); + } + + ret = true; + + cleanup: + virTypedParamsFree(params, nparams); + return ret; +} + /* * "qemu-monitor-command" command */ @@ -14544,6 +14591,12 @@ const vshCmdDef domManagementCmds[] = { .info = info_domjobinfo, .flags = 0 }, + {.name = "domlaunchsecinfo", + .handler = cmdDomLaunchSecInfo, + .opts = opts_domlaunchsecinfo, + .info = info_domlaunchsecinfo, + .flags = 0 + }, {.name = "domname", .handler = cmdDomname, .opts = opts_domname, -- 2.33.1