Re: [libvirt PATCH v3 12/13] qemu: probe for sev-guest.kernel-hashes property
On Tue, Dec 14, 2021 at 12:04:17PM +0100, Peter Krempa wrote:
On Fri, Dec 10, 2021 at 16:47:12 +0000, Daniel P. Berrangé wrote:
> This sev-guest object property indicates whether QEMU should
> expose the kernel, ramdisk, cmdline hashes to the firmware
> for measurement.
>
> The 6.2.0 capabilities are hacked to look as if they were
> generated with sev-guest support.
>
> Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> ---
> src/qemu/qemu_capabilities.c | 8 ++
> src/qemu/qemu_capabilities.h | 1 +
> .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 7 +-
> .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 7 +-
> tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 7 +-
> .../caps_2.12.0.x86_64.replies | 97 ++++++++++++----
> .../caps_3.0.0.x86_64.replies | 97 ++++++++++++----
> .../caps_3.1.0.x86_64.replies | 97 ++++++++++++----
> .../caps_4.0.0.x86_64.replies | 97 ++++++++++++----
> .../caps_4.1.0.x86_64.replies | 89 ++++++++++----
> .../caps_4.2.0.x86_64.replies | 89 ++++++++++----
> .../caps_5.0.0.x86_64.replies | 89 ++++++++++----
> .../caps_5.1.0.x86_64.replies | 89 ++++++++++----
> .../caps_5.2.0.x86_64.replies | 89 ++++++++++----
> .../caps_6.0.0.x86_64.replies | 89 ++++++++++----
> .../caps_6.1.0.x86_64.replies | 89 ++++++++++----
> .../caps_6.2.0.x86_64.replies | 109 ++++++++++++++----
> .../caps_6.2.0.x86_64.xml | 8 ++
> 18 files changed, 895 insertions(+), 263 deletions(-)
>
> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> index ddd61ecfc9..9553e6e5b8 100644
> --- a/src/qemu/qemu_capabilities.c
> +++ b/src/qemu/qemu_capabilities.c
> @@ -652,6 +652,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
> "device.json", /* QEMU_CAPS_DEVICE_JSON */
> "query-dirty-rate", /* QEMU_CAPS_QUERY_DIRTY_RATE */
> "rbd-encryption", /* QEMU_CAPS_RBD_ENCRYPTION */
> + "sev-guest-kernel-hashes", /*
QEMU_CAPS_SEV_GUEST_KERNEL_HASHES */
> );
>
>
> @@ -1718,6 +1719,10 @@ static struct virQEMUCapsStringFlags
virQEMUCapsObjectPropsMaxCPU[] = {
> { "migratable", QEMU_CAPS_CPU_MIGRATABLE },
> };
>
> +static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsSEVGuest[] = {
> + { "kernel-hashes", QEMU_CAPS_SEV_GUEST_KERNEL_HASHES },
> +};
> +
> static virQEMUCapsObjectTypeProps virQEMUCapsObjectProps[] = {
> { "memory-backend-file", virQEMUCapsObjectPropsMemoryBackendFile,
> G_N_ELEMENTS(virQEMUCapsObjectPropsMemoryBackendFile),
> @@ -1731,6 +1736,9 @@ static virQEMUCapsObjectTypeProps virQEMUCapsObjectProps[] =
{
> { "max-arm-cpu", virQEMUCapsObjectPropsMaxCPU,
> G_N_ELEMENTS(virQEMUCapsObjectPropsMaxCPU),
> QEMU_CAPS_ARM_MAX_CPU },
> + { "sev-guest", virQEMUCapsObjectPropsSEVGuest,
> + G_N_ELEMENTS(virQEMUCapsObjectPropsSEVGuest),
> + QEMU_CAPS_SEV_GUEST },
Actually, when reviewing the last patch I've noticed that 'sev-guest'
which you are querying is actually an '-object', so you don't need any
of this complicated query machinery which modifies all .replies files
but rather it's enough to use the QMP schema query:
Once you add to virQEMUCapsQMPSchemaQueries[] the following line:
{ "object-add/arg-type/+sev-guest/kernel-hashes",
QEMU_CAPS_SEV_GUEST_KERNEL_HASHES },
The result is the same information. I actually see you also hacked the
schema to add the field because I presume the QAPI schema validation
failed if that was not the case.
Oh right, we don't need to query objects anymore since Kevin's recentish
work to map QOM into QAPI.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|