Re: [RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Just a quick ping so this patchset doesn't get lost in the list -- may I receive a review on this? 


On 3/23/22 3:36 PM, Tyler Fanelli wrote:


This an RFC discussing a new API, virDomainGetSevAttestationReport (along with a
virsh command "domgetsevreport"), with initial QEMU support via the
"query-sev-attestation-report" QAPI mechanism. "query-sev-attestation-report" is
supplied a base64-encoded 16 byte "mnonce" string as input, with a purpose of
being embedded into the attestation report to provide protection.

My main point of concern is the design/communication of the virTypedParameterPtr
exchanged between the client and libvirtd and how they interact together, as I
have seen no other API follow the method I used. Namely, the same
virTypedParameterPtr is used for both input _AND_ output. The same
virTypedParameterPtr containing the original mnonce string inputted to the API is
also used to contain the attestation report upon being returned from the API.

This contrasts with much of the APIs I've noticed, which use a
virTypedParameterPtr for either input or output, but not both.

This patch is not final, as I still would like some human-readable outputting
and storage of the attestation report.

Looking for thoughts on the design of this API, as well as suggested
improvements.


Tyler Fanelli (5):
   libvirt: Introduce virDomainGetSevAttestationReport public API
   remote: add RPC support for the virDomainGetSevAttestationReport API
   qemu_capabilities: Introduce QEMU_CAPS_SEV_GET_ATTESTATION_REPORT
   qemu: Implement the virDomainGetSevAttestationReport API
   tools: add domgetsevreport virsh command

  docs/manpages/virsh.rst                       | 18 ++++
  include/libvirt/libvirt-domain.h              | 22 +++++
  src/driver-hypervisor.h                       |  7 ++
  src/libvirt-domain.c                          | 63 ++++++++++++++
  src/libvirt_public.syms                       |  4 +
  src/qemu/qemu_capabilities.c                  |  2 +
  src/qemu/qemu_capabilities.h                  |  1 +
  src/qemu/qemu_driver.c                        | 86 +++++++++++++++++++
  src/qemu/qemu_monitor.c                       | 11 +++
  src/qemu/qemu_monitor.h                       |  5 ++
  src/qemu/qemu_monitor_json.c                  | 40 +++++++++
  src/qemu/qemu_monitor_json.h                  |  5 ++
  src/remote/remote_daemon_dispatch.c           | 44 ++++++++++
  src/remote/remote_driver.c                    | 55 ++++++++++++
  src/remote/remote_protocol.x                  | 21 ++++-
  src/remote_protocol-structs                   | 12 +++
  .../caps_6.1.0.x86_64.xml                     |  1 +
  .../caps_6.2.0.x86_64.xml                     |  1 +
  .../caps_7.0.0.x86_64.xml                     |  1 +
  tools/virsh-domain.c                          | 68 +++++++++++++++
  20 files changed, 466 insertions(+), 1 deletion(-)



--
Tyler Fanelli (tfanelli)
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux