[PATCH] ch: Enable SEV SNP support
Enable SEV-SNP support for ch guests.
Co-Authored-by: Smit Gardhariya <sgardhariya(a)microsoft.com>
Signed-off-by: Praveen K Paladugu <praveenkpaladugu(a)gmail.com>
---
src/ch/ch_monitor.c | 74 +++++++++++++++++++++++++++++++++++++--------
1 file changed, 62 insertions(+), 12 deletions(-)
diff --git a/src/ch/ch_monitor.c b/src/ch/ch_monitor.c
index bedcde2dde..1d9e45219e 100644
--- a/src/ch/ch_monitor.c
+++ b/src/ch/ch_monitor.c
@@ -130,29 +130,60 @@ static int
virCHMonitorBuildPayloadJson(virJSONValue *content, virDomainDef *vmdef)
{
g_autoptr(virJSONValue) payload = virJSONValueNewObject();
-
+ g_autofree unsigned char *tmp = NULL;
+ size_t len;
+ g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
+ g_autofree char *host_data = NULL;
+ size_t host_data_len = 32;
if (vmdef->os.kernel == NULL) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Kernel image path in this domain is not defined"));
+ _("Kernel image path in this domain is not defined. With
sev_snp=on, pass an igvm path"));
return -1;
- } else {
- if (virJSONValueObjectAppendString(payload, "kernel",
vmdef->os.kernel) < 0)
- return -1;
}
- if (vmdef->os.cmdline) {
- if (virJSONValueObjectAppendString(payload, "cmdline",
vmdef->os.cmdline) < 0)
+ if (vmdef->sec &&
+ vmdef->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP) {
+ if (virJSONValueObjectAppendString(payload, "igvm",
vmdef->os.kernel) < 0)
return -1;
- }
-
- if (vmdef->os.initrd != NULL) {
- if (virJSONValueObjectAppendString(payload, "initramfs",
vmdef->os.initrd) < 0)
+ if (vmdef->sec->data.sev_snp.host_data) {
+ /* Libvirt provided host_data is base64 encoded and cloud-hypervisor
+ requires host_data as hex encoded. Base64 decode and hex encode
+ before sending to cloud-hypervisor.*/
+ tmp = g_base64_decode(vmdef->sec->data.sev_snp.host_data, &len);
+ if (len != host_data_len) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Invalid host_data provdied. Expected 32
bytes"));
+ return -1;
+ }
+ while (len > 0) {
+ virBufferAsprintf(&buf, "%02x", tmp[host_data_len-len]);
+ len--;
+ }
+ host_data = virBufferContentAndReset(&buf);
+ if (virJSONValueObjectAppendString(payload, "host_data",
+ host_data) < 0)
+ return -1;
+ }
+ } else {
+ if (virJSONValueObjectAppendString(payload, "kernel",
+ vmdef->os.kernel) < 0)
return -1;
+ if (vmdef->os.cmdline) {
+ if (virJSONValueObjectAppendString(payload, "cmdline",
+ vmdef->os.cmdline) < 0)
+ return -1;
+ }
+
+ if (vmdef->os.initrd != NULL) {
+ if (virJSONValueObjectAppendString(payload, "initramfs",
+ vmdef->os.initrd) < 0)
+ return -1;
+ }
}
if (virJSONValueObjectAppend(content, "payload", &payload) < 0)
- return -1;
+ return -1;
return 0;
}
@@ -426,6 +457,23 @@ virCHMonitorBuildDevicesJson(virJSONValue *content,
return 0;
}
+static int
+virCHMonitorBuildPlatformJson(virJSONValue *content, virDomainDef *vmdef)
+{
+ g_autoptr(virJSONValue) platform = virJSONValueNewObject();
+
+ if (vmdef->sec &&
+ vmdef->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_SEV_SNP) {
+ if (virJSONValueObjectAppendBoolean(platform, "sev_snp", 1) < 0)
+ return -1;
+
+ if (virJSONValueObjectAppend(content, "platform", &platform) <
0)
+ return -1;
+ }
+
+ return 0;
+}
+
static int
virCHMonitorBuildVMJson(virCHDriver *driver, virDomainDef *vmdef,
char **jsonstr)
@@ -454,6 +502,8 @@ virCHMonitorBuildVMJson(virCHDriver *driver, virDomainDef *vmdef,
return -1;
}
+ if (virCHMonitorBuildPlatformJson(content, vmdef) < 0)
+ return -1;
if (virCHMonitorBuildDisksJson(content, vmdef) < 0)
return -1;
--
2.47.0