On Wed, Mar 20, 2024 at 12:15:00PM +0000, Daniel P. Berrangé wrote: > On Wed, Mar 20, 2024 at 03:39:28AM -0500, Michael Roth wrote: > > For SEV-SNP guests, launch measurement is queried from within the guest > > during attestation, so don't attempt to return it as part of > > query-sev-launch-measure. > > > > Signed-off-by: Michael Roth <michael.roth@xxxxxxx> > > --- > > target/i386/sev.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/target/i386/sev.c b/target/i386/sev.c > > index b03d70a3d1..0c8e4bdb4c 100644 > > --- a/target/i386/sev.c > > +++ b/target/i386/sev.c > > @@ -803,7 +803,9 @@ sev_launch_get_measure(Notifier *notifier, void *unused) > > > > static char *sev_get_launch_measurement(void) > > { > > - SevGuestState *sev_guest = SEV_GUEST(MACHINE(qdev_get_machine())->cgs); > > + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; > > + SevGuestState *sev_guest = > > + (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST); > > > > if (sev_guest && > > SEV_COMMON(sev_guest)->state >= SEV_STATE_LAUNCH_SECRET) { > > The QAPI docs for query-sev-launch-measurement should be updated > to reflect that this command is only valid to call for SEV/SEV-ES, > not SNP. Also, the same question about whether query-sev-attestation-report and sev-inject-launch-secret need updating to declare them SEV/SEV-ES only, or if they are expected work with SNP too ? With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|