1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-25 10:03:49 +03:00

Support cpu0-id of Qemu QMP query-sev-capabilities

It allows libvirt to provide the value of cpu0-id retuned by the Qemu QMP
 command query-sev-capabilities as implemented by the Qemu Patch [1] which
 is merged to Qemu master branch and should be available with Qemu 7.1.
 This is used to get the signed Chip Endorsement Key (CEK) of the CPU of AMD
 system from AMD's Key Distribution Service (KDS).

Similar to  cbitpos, reducedPhysBits, maxGuests & maxESGuests;
 the value of cpu0-id is also provided using 'virsh domcapability'.

[1] https://lore.kernel.org/all/20220228093014.882288-1-dovmurik@linux.ibm.com/

Signed-off-by: Niteesh Dubey <niteesh@linux.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Niteesh Dubey 2022-04-27 19:57:12 +00:00 committed by Michal Privoznik
parent b6bd6eabc0
commit 0236e6154c
6 changed files with 39 additions and 0 deletions

View File

@ -537,6 +537,17 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
*/
# define VIR_NODE_SEV_CERT_CHAIN "cert-chain"
/**
* VIR_NODE_SEV_CPU0_ID:
*
* Macro represents the unique ID of CPU0 (socket 0) needed to retrieve
* the signed CEK of the CPU from AMD's Key Distribution Service (KDS),
* as VIR_TYPED_PARAMS_STRING.
*
* Since: 8.4.0
*/
# define VIR_NODE_SEV_CPU0_ID "cpu0-id"
/**
* VIR_NODE_SEV_CBITPOS:
*

View File

@ -601,6 +601,10 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf,
sev->max_guests);
virBufferAsprintf(buf, "<maxESGuests>%d</maxESGuests>\n",
sev->max_es_guests);
if (sev->cpu0_id != NULL) {
virBufferAsprintf(buf, "<cpu0Id>%s</cpu0Id>\n",
sev->cpu0_id);
}
virBufferAdjustIndent(buf, -2);
virBufferAddLit(buf, "</sev>\n");
}

View File

@ -185,6 +185,7 @@ typedef struct _virSEVCapability virSEVCapability;
struct _virSEVCapability {
char *pdh;
char *cert_chain;
char *cpu0_id;
unsigned int cbitpos;
unsigned int reduced_phys_bits;
unsigned int max_guests;

View File

@ -1957,6 +1957,9 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst,
tmp->pdh = g_strdup(src->pdh);
tmp->cert_chain = g_strdup(src->cert_chain);
if (src->cpu0_id != NULL) {
tmp->cpu0_id = g_strdup(src->cpu0_id);
}
tmp->cbitpos = src->cbitpos;
tmp->reduced_phys_bits = src->reduced_phys_bits;
@ -4693,6 +4696,11 @@ virQEMUCapsFormatSEVInfo(virQEMUCaps *qemuCaps, virBuffer *buf)
virBufferEscapeString(buf, "<pdh>%s</pdh>\n", sev->pdh);
virBufferEscapeString(buf, "<certChain>%s</certChain>\n",
sev->cert_chain);
if (sev->cpu0_id != NULL) {
virBufferEscapeString(buf, "<cpu0Id>%s</cpu0Id>\n",
sev->cpu0_id);
}
virBufferAdjustIndent(buf, -2);
virBufferAddLit(buf, "</sev>\n");
}
@ -6478,6 +6486,10 @@ virQEMUCapsFillDomainFeatureSEVCaps(virQEMUCaps *qemuCaps,
domCaps->sev->pdh = g_strdup(cap->pdh);
domCaps->sev->cert_chain = g_strdup(cap->cert_chain);
if (cap->cpu0_id != NULL) {
domCaps->sev->cpu0_id = g_strdup(cap->cpu0_id);
}
domCaps->sev->cbitpos = cap->cbitpos;
domCaps->sev->reduced_phys_bits = cap->reduced_phys_bits;
domCaps->sev->max_guests = cap->max_guests;

View File

@ -19861,6 +19861,11 @@ qemuGetSEVInfoToParams(virQEMUCaps *qemuCaps,
VIR_NODE_SEV_CERT_CHAIN, sev->cert_chain) < 0)
goto cleanup;
if ((sev->cpu0_id != NULL) &&
(virTypedParamsAddString(&sevParams, &n, &maxpar,
VIR_NODE_SEV_CPU0_ID, sev->cpu0_id) < 0))
goto cleanup;
if (virTypedParamsAddUInt(&sevParams, &n, &maxpar,
VIR_NODE_SEV_CBITPOS, sev->cbitpos) < 0)
goto cleanup;

View File

@ -6400,6 +6400,7 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon,
virJSONValue *caps;
const char *pdh = NULL;
const char *cert_chain = NULL;
const char *cpu0_id = NULL;
unsigned int cbitpos;
unsigned int reduced_phys_bits;
g_autoptr(virSEVCapability) capability = NULL;
@ -6457,6 +6458,11 @@ qemuMonitorJSONGetSEVCapabilities(qemuMonitor *mon,
capability->cert_chain = g_strdup(cert_chain);
cpu0_id = virJSONValueObjectGetString(caps, "cpu0-id");
if (cpu0_id != NULL) {
capability->cpu0_id = g_strdup(cpu0_id);
}
capability->cbitpos = cbitpos;
capability->reduced_phys_bits = reduced_phys_bits;
*capabilities = g_steal_pointer(&capability);