On Fri, Dec 03, 2021 at 05:44:24PM -0700, Jim Fehlig wrote:
On 12/3/21 08:10, Daniel P. Berrangé wrote:
On Tue, Nov 30, 2021 at 04:52:00PM -0700, Jim Fehlig wrote:
Set a launch secret in guest memory using the sev-inject-launch-secret QMP API. Only supported for SEV-enabled guests.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> --- src/qemu/qemu_driver.c | 78 ++++++++++++++++++++++++++++++++++++ src/qemu/qemu_monitor.c | 12 ++++++ src/qemu/qemu_monitor.h | 6 +++ src/qemu/qemu_monitor_json.c | 34 ++++++++++++++++ src/qemu/qemu_monitor_json.h | 5 +++ 5 files changed, 135 insertions(+)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 4e680bc0a7..b6ee41b29e 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -20056,6 +20056,83 @@ qemuDomainGetLaunchSecurityInfo(virDomainPtr domain, return ret; } + +static int +qemuDomainSetLaunchSecurityState(virDomainPtr domain, + virTypedParameterPtr params, + int nparams, + unsigned int flags) +{ + virQEMUDriver *driver = domain->conn->privateData; + virDomainObj *vm; + int ret = -1; + size_t i; + g_autofree char *secrethdr = NULL; + g_autofree char *secret = NULL; + long long setaddr = -1;
unsigned, but would need to defaut to 0 then i guess.
As Peter mentioned, 0 may be a valid injection address
https://listman.redhat.com/archives/libvir-list/2021-November/msg00463.html
The address in optional in the qemu API, in which case it is retrieved from ovmf IIUC. I used a signed variable here to distinguish between user not providing an address and providing one, including a valid value of 0.
In terms of the API / RPC we can already distinguish the two scenarios. - If there is a parameter for the address with a value of 0, then it is an explicit address - If there is no parameter set at all, then we rely no the ovmf magic lookup. All we're missing is a way to distinguish the two scenarios when inside the QEMU driver. That's doable with just a 'bool hasSetaddr' parameter, which defaults to false, and gets set to true, if-and-only-if the VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_SET_ADDRESS param is present. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|