Just a quick ping so this patchset doesn't get lost in the list -- may I
receive a review on this?
On 3/23/22 3:36 PM, Tyler Fanelli wrote:
This an RFC discussing a new API, virDomainGetSevAttestationReport
(along with a
virsh command "domgetsevreport"), with initial QEMU support via the
"query-sev-attestation-report" QAPI mechanism.
"query-sev-attestation-report" is
supplied a base64-encoded 16 byte "mnonce" string as input, with a purpose of
being embedded into the attestation report to provide protection.
My main point of concern is the design/communication of the virTypedParameterPtr
exchanged between the client and libvirtd and how they interact together, as I
have seen no other API follow the method I used. Namely, the same
virTypedParameterPtr is used for both input _AND_ output. The same
virTypedParameterPtr containing the original mnonce string inputted to the API is
also used to contain the attestation report upon being returned from the API.
This contrasts with much of the APIs I've noticed, which use a
virTypedParameterPtr for either input or output, but not both.
This patch is not final, as I still would like some human-readable outputting
and storage of the attestation report.
Looking for thoughts on the design of this API, as well as suggested
improvements.
Tyler Fanelli (5):
libvirt: Introduce virDomainGetSevAttestationReport public API
remote: add RPC support for the virDomainGetSevAttestationReport API
qemu_capabilities: Introduce QEMU_CAPS_SEV_GET_ATTESTATION_REPORT
qemu: Implement the virDomainGetSevAttestationReport API
tools: add domgetsevreport virsh command
docs/manpages/virsh.rst | 18 ++++
include/libvirt/libvirt-domain.h | 22 +++++
src/driver-hypervisor.h | 7 ++
src/libvirt-domain.c | 63 ++++++++++++++
src/libvirt_public.syms | 4 +
src/qemu/qemu_capabilities.c | 2 +
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_driver.c | 86 +++++++++++++++++++
src/qemu/qemu_monitor.c | 11 +++
src/qemu/qemu_monitor.h | 5 ++
src/qemu/qemu_monitor_json.c | 40 +++++++++
src/qemu/qemu_monitor_json.h | 5 ++
src/remote/remote_daemon_dispatch.c | 44 ++++++++++
src/remote/remote_driver.c | 55 ++++++++++++
src/remote/remote_protocol.x | 21 ++++-
src/remote_protocol-structs | 12 +++
.../caps_6.1.0.x86_64.xml | 1 +
.../caps_6.2.0.x86_64.xml | 1 +
.../caps_7.0.0.x86_64.xml | 1 +
tools/virsh-domain.c | 68 +++++++++++++++
20 files changed, 466 insertions(+), 1 deletion(-)
--
Tyler Fanelli (tfanelli)