On 11/23/21 10:28, Daniel P. Berrangé wrote:
On Tue, Nov 16, 2021 at 07:23:52PM -0700, Jim Fehlig wrote:
> An API inject a launch secret into the domain's memory.
>
> Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
> ---
> include/libvirt/libvirt-domain.h | 6 ++++
> src/driver-hypervisor.h | 8 +++++
> src/libvirt-domain.c | 50 ++++++++++++++++++++++++++++++++
> src/libvirt_public.syms | 5 ++++
> 4 files changed, 69 insertions(+)
>
> diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
> index 2f017c5b68..418ee4bd2d 100644
> --- a/include/libvirt/libvirt-domain.h
> +++ b/include/libvirt/libvirt-domain.h
> @@ -5091,6 +5091,12 @@ int virDomainGetLaunchSecurityInfo(virDomainPtr domain,
> int *nparams,
> unsigned int flags);
>
> +int virDomainInjectLaunchSecret(virDomainPtr domain,
> + const char *secrethdr,
> + const char *secret,
> + unsigned long long injectaddr,
> + unsigned int flags);
I thought of a better name at last, that shows its relation
to virDomainGetLaunchSecurityInfo without implying that they
are the direct inverse of each other:
virDomainSetLaunchSecurityState(...)
I need to get over my distaste for 'launch' in the API name.
virDomainGetLaunchSecurityInfo already exists, so no changing that. And not
including 'launch' in the Set API would be a source of confusion. If we were
creating the names anew, I'd prefer something like virDomain{Get,Set}PrestartSecret.
Also, we whould bear in mind that the set of state parameters
may be differnt for vendors other than AMD, and even later
generations of AMD SEV might want more parameters.
Nod.
So lets use a 'virTypedParameter' array for this methodeg
Right. I mentioned that in the cover letter. While hacking on patch3 I realized
explicit params was a no-go :-).
virDomainSetLaunchSecurityState(virDomainPtr dom,
virTypedParameterPtr params,
int nparams,
unsigned int flags);
Thanks! I'll include this in a V1.
Regards,
Jim