[libvirt] [PATCH v6 9/9] virsh: implement new command for launch security
Add new 'launch-security' command, the command can be used to get or set
the launch security information when booting encrypted VMs.
Signed-off-by: Brijesh Singh <brijesh.singh(a)amd.com>
---
tools/virsh-domain.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++
tools/virsh.pod | 5 ++++
2 files changed, 86 insertions(+)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index cfbbf5a7bc39..27bb702c8bb7 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -13870,6 +13870,81 @@ cmdDomFSInfo(vshControl *ctl, const vshCmd *cmd)
return ret >= 0;
}
+/*
+ * "launch-security" command
+ */
+static const vshCmdInfo info_launch_security[] = {
+ {.name = "help",
+ .data = N_("Get or set launch-security information")
+ },
+ {.name = "desc",
+ .data = N_("Get or set the current launch-security information for "
+ "a guest domain.\n"
+ " To get the launch-security information use following"
+ " command: \n\n"
+ " virsh # launch-security <domain>")
+ },
+ {.name = NULL}
+};
+
+static const vshCmdOptDef opts_launch_security[] = {
+ VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+ VIRSH_COMMON_OPT_DOMAIN_CONFIG,
+ VIRSH_COMMON_OPT_DOMAIN_LIVE,
+ VIRSH_COMMON_OPT_DOMAIN_CURRENT,
+ {.name = NULL}
+};
+
+static void
+virshPrintLaunchSecurityInfo(vshControl *ctl, virTypedParameterPtr params,
+ int nparams)
+{
+ size_t i;
+
+ for (i = 0; i < nparams; i++) {
+ if (params[i].type == VIR_TYPED_PARAM_STRING)
+ vshPrintExtra(ctl, "%-15s: %s\n", params[i].field,
params[i].value.s);
+ }
+}
+
+static bool
+cmdLaunchSecurity(vshControl *ctl, const vshCmd *cmd)
+{
+ virDomainPtr dom;
+ int nparams = 0;
+ virTypedParameterPtr params = NULL;
+ bool ret = false;
+ unsigned int flags = VIR_DOMAIN_AFFECT_CURRENT;
+ bool current = vshCommandOptBool(cmd, "current");
+ bool config = vshCommandOptBool(cmd, "config");
+ bool live = vshCommandOptBool(cmd, "live");
+
+ VSH_EXCLUSIVE_OPTIONS_VAR(current, live);
+ VSH_EXCLUSIVE_OPTIONS_VAR(current, config);
+
+ if (config)
+ flags |= VIR_DOMAIN_AFFECT_CONFIG;
+ if (live)
+ flags |= VIR_DOMAIN_AFFECT_LIVE;
+
+ if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
+ return false;
+
+ if (virDomainGetLaunchSecurityInfo(dom, ¶ms, &nparams, flags) != 0) {
+ vshError(ctl, "%s", _("Unable to get launch security
info"));
+ goto cleanup;
+ }
+
+ virshPrintLaunchSecurityInfo(ctl, params, nparams);
+
+ ret = true;
+ cleanup:
+ virTypedParamsFree(params, nparams);
+ virshDomainFree(dom);
+ return ret;
+}
+
+
const vshCmdDef domManagementCmds[] = {
{.name = "attach-device",
.handler = cmdAttachDevice,
@@ -14485,5 +14560,11 @@ const vshCmdDef domManagementCmds[] = {
.info = info_domblkthreshold,
.flags = 0
},
+ {.name = "launch-security-info",
+ .handler = cmdLaunchSecurity,
+ .opts = opts_launch_security,
+ .info = info_launch_security,
+ .flags = 0
+ },
{.name = NULL}
};
diff --git a/tools/virsh.pod b/tools/virsh.pod
index 929958a9533c..31bb26bda2ac 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -2899,6 +2899,11 @@ See B<vcpupin> for information on I<cpulist>.
Output the IP address and port number for the VNC display. If the information
is not available the processes will provide an exit code of 1.
+=item B<launch-security-info> I<domain>
+
+Get the measurement of the memory contents encrypted through the launch
+sequence when I<launch-security> is provided.
+
=back
=head1 DEVICE COMMANDS
--
2.14.3