Re: [RFC PATCH v2 31/44] target/i386/tdx: Allows mrconfigid/mrowner/mrownerconfig for TDX_INIT_VM

Eric Blake <eblake@xxxxxxxxxx> · Thu, 26 Aug 2021 10:13:58 -0500

On Wed, Jul 07, 2021 at 05:55:01PM -0700, isaku.yamahata@xxxxxxxxx wrote:
> From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> 
> When creating VM with TDX_INIT_VM, three sha384 hash values are accepted
> for TDX attestation.
> So far they were hard coded as 0. Now allow user to specify those values
> via property mrconfigid, mrowner and mrownerconfig.
> string for those property are hex string of 48 * 2 length.
> 
> example
> -device tdx-guest, \
>   mrconfigid=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef, \
>   mrowner=fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210, \
>   mrownerconfig=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
> 
> Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> ---
>  qapi/qom.json         | 11 ++++++++++-
>  target/i386/kvm/tdx.c | 17 +++++++++++++++++
>  target/i386/kvm/tdx.h |  3 +++
>  3 files changed, 30 insertions(+), 1 deletion(-)
> 
> diff --git a/qapi/qom.json b/qapi/qom.json
> index 70c70e3efe..8f8b7828b3 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -767,10 +767,19 @@
>  #
>  # @debug: enable debug mode (default: off)
>  #
> +# @mrconfigid: MRCONFIGID SHA384 hex string of 48 * 2 length (default: 0)
> +#
> +# @mrowner: MROWNER SHA384 hex string of 48 * 2 length (default: 0)
> +#
> +# @mrownerconfig: MROWNERCONFIG SHA384 hex string of 48 * 2 length (default: 0)
> +#
>  # Since: 6.0

As these are additions in a later release, they'll need a '(since 6.2)' tag.

>  ##
>  { 'struct': 'TdxGuestProperties',
> -  'data': { '*debug': 'bool' } }
> +  'data': { '*debug': 'bool',
> +            '*mrconfigid': 'str',
> +            '*mrowner': 'str',
> +            '*mrownerconfig': 'str' } }

Do we really want hex-encoded strings?  Elsewhere in QMP, we've
favored the more compact base64 encoding; if you have a strong
argument why hex representation is worth the break in consistency,
it's worth calling out in the commit message.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org