It allows libvirt to provide the value of cpu0-id retuned by the Qemu QMP
command query-sev-capabilities as implemented by the Qemu Patch [1] which
is merged to Qemu master branch and should be available with Qemu 7.1.
This is used to get the signed Chip Endorsement Key (CEK) of the CPU of AMD
system from AMD's Key Distribution Service (KDS).
Similar to cbitpos, reducedPhysBits, maxGuests & maxESGuests;
the value of cpu0-id is also provided using 'virsh domcapability'.
[1] https://lore.kernel.org/all/
20220228093014.882288-1-dovmurik@linux.ibm.com/
Signed-off-by: Niteesh Dubey <niteesh@linux.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
*/
# define VIR_NODE_SEV_CERT_CHAIN "cert-chain"
+/**
+ * VIR_NODE_SEV_CPU0_ID:
+ *
+ * Macro represents the unique ID of CPU0 (socket 0) needed to retrieve
+ * the signed CEK of the CPU from AMD's Key Distribution Service (KDS),
+ * as VIR_TYPED_PARAMS_STRING.
+ *
+ * Since: 8.4.0
+ */
+# define VIR_NODE_SEV_CPU0_ID "cpu0-id"
+
/**
* VIR_NODE_SEV_CBITPOS:
*
sev->max_guests);
virBufferAsprintf(buf, "<maxESGuests>%d</maxESGuests>\n",
sev->max_es_guests);
+ if (sev->cpu0_id != NULL) {
+ virBufferAsprintf(buf, "<cpu0Id>%s</cpu0Id>\n",
+ sev->cpu0_id);
+ }
virBufferAdjustIndent(buf, -2);
virBufferAddLit(buf, "</sev>\n");
}
struct _virSEVCapability {
char *pdh;
char *cert_chain;
+ char *cpu0_id;
unsigned int cbitpos;
unsigned int reduced_phys_bits;
unsigned int max_guests;
tmp->pdh = g_strdup(src->pdh);
tmp->cert_chain = g_strdup(src->cert_chain);
+ if (src->cpu0_id != NULL) {
+ tmp->cpu0_id = g_strdup(src->cpu0_id);
+ }
tmp->cbitpos = src->cbitpos;
tmp->reduced_phys_bits = src->reduced_phys_bits;
virBufferEscapeString(buf, "<pdh>%s</pdh>\n", sev->pdh);
virBufferEscapeString(buf, "<certChain>%s</certChain>\n",
sev->cert_chain);
+ if (sev->cpu0_id != NULL) {
+ virBufferEscapeString(buf, "<cpu0Id>%s</cpu0Id>\n",
+ sev->cpu0_id);
+ }
+
virBufferAdjustIndent(buf, -2);
virBufferAddLit(buf, "</sev>\n");
}
domCaps->sev->pdh = g_strdup(cap->pdh);
domCaps->sev->cert_chain = g_strdup(cap->cert_chain);
+ if (cap->cpu0_id != NULL) {
+ domCaps->sev->cpu0_id = g_strdup(cap->cpu0_id);
+ }
+
domCaps->sev->cbitpos = cap->cbitpos;
domCaps->sev->reduced_phys_bits = cap->reduced_phys_bits;
domCaps->sev->max_guests = cap->max_guests;
VIR_NODE_SEV_CERT_CHAIN, sev->cert_chain) < 0)
goto cleanup;
+ if ((sev->cpu0_id != NULL) &&
+ (virTypedParamsAddString(&sevParams, &n, &maxpar,
+ VIR_NODE_SEV_CPU0_ID, sev->cpu0_id) < 0))
+ goto cleanup;
+
if (virTypedParamsAddUInt(&sevParams, &n, &maxpar,
VIR_NODE_SEV_CBITPOS, sev->cbitpos) < 0)
goto cleanup;
virJSONValue *caps;
const char *pdh = NULL;
const char *cert_chain = NULL;
+ const char *cpu0_id = NULL;
unsigned int cbitpos;
unsigned int reduced_phys_bits;
g_autoptr(virSEVCapability) capability = NULL;
capability->cert_chain = g_strdup(cert_chain);
+ cpu0_id = virJSONValueObjectGetString(caps, "cpu0-id");
+ if (cpu0_id != NULL) {
+ capability->cpu0_id = g_strdup(cpu0_id);
+ }
+
capability->cbitpos = cbitpos;
capability->reduced_phys_bits = reduced_phys_bits;
*capabilities = g_steal_pointer(&capability);
projects / libvirt.git / commitdiff