[RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This an RFC discussing a new API, virDomainGetSevAttestationReport (along with a
virsh command "domgetsevreport"), with initial QEMU support via the
"query-sev-attestation-report" QAPI mechanism. "query-sev-attestation-report" is
supplied a base64-encoded 16 byte "mnonce" string as input, with a purpose of
being embedded into the attestation report to provide protection.

My main point of concern is the design/communication of the virTypedParameterPtr
exchanged between the client and libvirtd and how they interact together, as I
have seen no other API follow the method I used. Namely, the same
virTypedParameterPtr is used for both input _AND_ output. The same
virTypedParameterPtr containing the original mnonce string inputted to the API is
also used to contain the attestation report upon being returned from the API.

This contrasts with much of the APIs I've noticed, which use a
virTypedParameterPtr for either input or output, but not both.

This patch is not final, as I still would like some human-readable outputting
and storage of the attestation report.

Looking for thoughts on the design of this API, as well as suggested
improvements.


Tyler Fanelli (5):
  libvirt: Introduce virDomainGetSevAttestationReport public API
  remote: add RPC support for the virDomainGetSevAttestationReport API
  qemu_capabilities: Introduce QEMU_CAPS_SEV_GET_ATTESTATION_REPORT
  qemu: Implement the virDomainGetSevAttestationReport API
  tools: add domgetsevreport virsh command

 docs/manpages/virsh.rst                       | 18 ++++
 include/libvirt/libvirt-domain.h              | 22 +++++
 src/driver-hypervisor.h                       |  7 ++
 src/libvirt-domain.c                          | 63 ++++++++++++++
 src/libvirt_public.syms                       |  4 +
 src/qemu/qemu_capabilities.c                  |  2 +
 src/qemu/qemu_capabilities.h                  |  1 +
 src/qemu/qemu_driver.c                        | 86 +++++++++++++++++++
 src/qemu/qemu_monitor.c                       | 11 +++
 src/qemu/qemu_monitor.h                       |  5 ++
 src/qemu/qemu_monitor_json.c                  | 40 +++++++++
 src/qemu/qemu_monitor_json.h                  |  5 ++
 src/remote/remote_daemon_dispatch.c           | 44 ++++++++++
 src/remote/remote_driver.c                    | 55 ++++++++++++
 src/remote/remote_protocol.x                  | 21 ++++-
 src/remote_protocol-structs                   | 12 +++
 .../caps_6.1.0.x86_64.xml                     |  1 +
 .../caps_6.2.0.x86_64.xml                     |  1 +
 .../caps_7.0.0.x86_64.xml                     |  1 +
 tools/virsh-domain.c                          | 68 +++++++++++++++
 20 files changed, 466 insertions(+), 1 deletion(-)

-- 
2.34.1
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux