static int
-virDomainSEVDefParseXML(virDomainSEVDef *def,
- xmlXPathContextPtr ctxt)
+virDomainSEVCommonDefParseXML(virDomainSEVCommonDef *def,
+ xmlXPathContextPtr ctxt)
{
int rc;
&def->kernel_hashes) < 0)
return -1;
- if (virXPathUIntBase("string(./policy)", ctxt, 16, &def->policy) < 0) {
- virReportError(VIR_ERR_XML_ERROR, "%s",
- _("failed to get launch security policy"));
- return -1;
- }
-
/* the following attributes are platform dependent and if missing, we can
* autofill them from domain capabilities later
*/
return -1;
}
+ return 0;
+}
+
+
+static int
+virDomainSEVDefParseXML(virDomainSEVDef *def,
+ xmlXPathContextPtr ctxt)
+{
+ if (virDomainSEVCommonDefParseXML(&def->common, ctxt) < 0)
+ return -1;
+
+ if (virXPathUIntBase("string(./policy)", ctxt, 16, &def->policy) < 0) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("failed to get launch security policy"));
+ return -1;
+ }
+
def->dh_cert = virXPathString("string(./dhCert)", ctxt);
def->session = virXPathString("string(./session)", ctxt);
}
+static void
+virDomainSEVCommonDefFormat(virBuffer *attrBuf,
+ virBuffer *childBuf,
+ virDomainSEVCommonDef *def)
+{
+ if (def->kernel_hashes != VIR_TRISTATE_BOOL_ABSENT)
+ virBufferAsprintf(attrBuf, " kernelHashes='%s'",
+ virTristateBoolTypeToString(def->kernel_hashes));
+
+ if (def->haveCbitpos)
+ virBufferAsprintf(childBuf, "<cbitpos>%d</cbitpos>\n", def->cbitpos);
+
+ if (def->haveReducedPhysBits)
+ virBufferAsprintf(childBuf, "<reducedPhysBits>%d</reducedPhysBits>\n",
+ def->reduced_phys_bits);
+}
+
+
static void
virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
{
case VIR_DOMAIN_LAUNCH_SECURITY_SEV: {
virDomainSEVDef *sev = &sec->data.sev;
- if (sev->kernel_hashes != VIR_TRISTATE_BOOL_ABSENT)
- virBufferAsprintf(&attrBuf, " kernelHashes='%s'",
- virTristateBoolTypeToString(sev->kernel_hashes));
-
- if (sev->haveCbitpos)
- virBufferAsprintf(&childBuf, "<cbitpos>%d</cbitpos>\n", sev->cbitpos);
+ virDomainSEVCommonDefFormat(&attrBuf, &childBuf, &sev->common);
- if (sev->haveReducedPhysBits)
- virBufferAsprintf(&childBuf, "<reducedPhysBits>%d</reducedPhysBits>\n",
- sev->reduced_phys_bits);
virBufferAsprintf(&childBuf, "<policy>0x%04x</policy>\n", sev->policy);
virBufferEscapeString(&childBuf, "<dhCert>%s</dhCert>\n", sev->dh_cert);
} virDomainLaunchSecurity;
-struct _virDomainSEVDef {
- char *dh_cert;
- char *session;
- unsigned int policy;
+struct _virDomainSEVCommonDef {
bool haveCbitpos;
unsigned int cbitpos;
bool haveReducedPhysBits;
virTristateBool kernel_hashes;
};
+
+struct _virDomainSEVDef {
+ virDomainSEVCommonDef common;
+ char *dh_cert;
+ char *session;
+ unsigned int policy;
+};
+
struct _virDomainSecDef {
virDomainLaunchSecurity sectype;
union {
</element>
</define>
+ <define name="launchSecuritySEVCommon">
+ <optional>
+ <element name="cbitpos">
+ <data type="unsignedInt"/>
+ </element>
+ </optional>
+ <optional>
+ <element name="reducedPhysBits">
+ <data type="unsignedInt"/>
+ </element>
+ </optional>
+ </define>
+
<define name="launchSecuritySEV">
<attribute name="type">
<value>sev</value>
</attribute>
</optional>
<interleave>
- <optional>
- <element name="cbitpos">
- <data type="unsignedInt"/>
- </element>
- </optional>
- <optional>
- <element name="reducedPhysBits">
- <data type="unsignedInt"/>
- </element>
- </optional>
+ <ref name="launchSecuritySEVCommon"/>
<element name="policy">
<ref name="hexuint"/>
</element>
typedef struct _virDomainResourceDef virDomainResourceDef;
+typedef struct _virDomainSEVCommonDef virDomainSEVCommonDef;
+
typedef struct _virDomainSEVDef virDomainSEVDef;
typedef struct _virDomainSecDef virDomainSecDef;
g_autofree char *sessionpath = NULL;
VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d",
- sev->policy, sev->cbitpos, sev->reduced_phys_bits);
+ sev->policy, sev->common.cbitpos, sev->common.reduced_phys_bits);
if (sev->dh_cert)
dhpath = g_strdup_printf("%s/dh_cert.base64", priv->libDir);
sessionpath = g_strdup_printf("%s/session.base64", priv->libDir);
if (qemuMonitorCreateObjectProps(&props, "sev-guest", "lsec0",
- "u:cbitpos", sev->cbitpos,
- "u:reduced-phys-bits", sev->reduced_phys_bits,
+ "u:cbitpos", sev->common.cbitpos,
+ "u:reduced-phys-bits", sev->common.reduced_phys_bits,
"u:policy", sev->policy,
"S:dh-cert-file", dhpath,
"S:session-file", sessionpath,
- "T:kernel-hashes", sev->kernel_hashes,
+ "T:kernel-hashes", sev->common.kernel_hashes,
NULL) < 0)
return -1;
* mandatory on QEMU cmdline
*/
sevCaps = virQEMUCapsGetSEVCapabilities(qemuCaps);
- if (!sev->haveCbitpos) {
- sev->cbitpos = sevCaps->cbitpos;
- sev->haveCbitpos = true;
+ if (!sev->common.haveCbitpos) {
+ sev->common.cbitpos = sevCaps->cbitpos;
+ sev->common.haveCbitpos = true;
}
- if (!sev->haveReducedPhysBits) {
- sev->reduced_phys_bits = sevCaps->reduced_phys_bits;
- sev->haveReducedPhysBits = true;
+ if (!sev->common.haveReducedPhysBits) {
+ sev->common.reduced_phys_bits = sevCaps->reduced_phys_bits;
+ sev->common.haveReducedPhysBits = true;
}
return 0;
return -1;
}
- if (def->sec->data.sev.kernel_hashes != VIR_TRISTATE_BOOL_ABSENT &&
+ if (def->sec->data.sev.common.kernel_hashes != VIR_TRISTATE_BOOL_ABSENT &&
!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST_KERNEL_HASHES)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("SEV measured direct kernel boot is not supported with this QEMU binary"));
projects / libvirt.git / commitdiff