On Wed, Dec 08, 2021 at 18:44:31 +0000, Daniel P. Berrangé wrote:
We're only returning the set of fields needed to perform an
attestation, per the SEV API docs.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/qemu/qemu_monitor.c | 13 +++++++++++
src/qemu/qemu_monitor.h | 9 ++++++++
src/qemu/qemu_monitor_json.c | 45 ++++++++++++++++++++++++++++++++++++
src/qemu/qemu_monitor_json.h | 8 +++++++
4 files changed, 75 insertions(+)
diff --git a/src/qemu/qemu_monitor_json.c
b/src/qemu/qemu_monitor_json.c
index e00d785c20..423bae49d2 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -8216,6 +8216,51 @@ qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon)
}
+/**
+ * Retrive info about the SEV setup, returning those fields that
+ * are required to do a launch attestation, as per
+ *
+ * HMAC(0x04 || API_MAJOR || API_MINOR || BUILD || GCTX.POLICY || GCTX.LD || MNONCE;
GCTX.TIK)
+ *
+ * specified in section 6.5.1 of AMD Secure Encrypted
+ * Virtualization API.
+ *
+ * { "execute": "query-sev" }
+ * { "return": { "enabled": true, "api-major" : 0,
"api-minor" : 0,
+ * "build-id" : 0, "policy" : 0, "state" :
"running",
+ * "handle" : 1 } }
+ */
+int qemuMonitorJSONGetSEVInfo(qemuMonitor *mon,
+ unsigned int *apiMajor,
+ unsigned int *apiMinor,
+ unsigned int *buildID,
+ unsigned int *policy)
Please use consistent (with what you've added in the header file) and
modern header formatting.
+{
+ g_autoptr(virJSONValue) cmd = NULL;
+ g_autoptr(virJSONValue) reply = NULL;
+ virJSONValue *data;
+
+ if (!(cmd = qemuMonitorJSONMakeCommand("query-sev", NULL)))
+ return -1;
+
+ if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+ return -1;
+
+ if (qemuMonitorJSONCheckReply(cmd, reply, VIR_JSON_TYPE_OBJECT) < 0)
+ return -1;
+
+ data = virJSONValueObjectGetObject(reply, "return");
+
+ if (virJSONValueObjectGetNumberUint(data, "api-major", apiMajor) < 0
||
+ virJSONValueObjectGetNumberUint(data, "api-minor", apiMinor) < 0
||
+ virJSONValueObjectGetNumberUint(data, "build-id", buildID) < 0 ||
+ virJSONValueObjectGetNumberUint(data, "policy", policy) < 0)
+ return -1;
+
+ return 0;
+}
+
+
/*
* Example return data
*
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 0984717675..163be25c32 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -369,6 +369,14 @@ int qemuMonitorJSONSystemWakeup(qemuMonitor *mon);
char *qemuMonitorJSONGetSEVMeasurement(qemuMonitor *mon);
+int qemuMonitorJSONGetSEVInfo(qemuMonitor *mon,
+ unsigned int *apiMajor,
+ unsigned int *apiMinor,
+ unsigned int *buildID,
+ unsigned int *policy)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+ ATTRIBUTE_NONNULL(4) ATTRIBUTE_NONNULL(5);
Preferrably use modern header formatting.
+
int qemuMonitorJSONGetVersion(qemuMonitor *mon,
int *major,
int *minor,
qemumonitorjsontest?
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>