diff options
author | Jim Fehlig <jfehlig@suse.com> | 2021-11-09 16:28:55 -0700 |
---|---|---|
committer | Jim Fehlig <jfehlig@suse.com> | 2022-01-04 10:56:00 -0700 |
commit | d46142a2f91b911cbe6306dd7f1b1486251e3644 (patch) | |
tree | 232101b46453279a1a207ca6538d5eec943e6175 /include | |
parent | 4c7316b2f00c847bc5dc9c8218c2585d2d04636a (diff) | |
download | libvirt-d46142a2f91b911cbe6306dd7f1b1486251e3644.tar.gz |
libvirt: Introduce virDomainSetLaunchSecurityState public API
This API allows setting a launch secret within a guests's memory. The
launch secret is created by the guest owner after retrieving and
verifying the launch measurement with virDomainGetLaunchSecurityInfo.
The API uses virTypedParameter for input, allowing it to be expanded
to support other confidential computing technologies. In the case of
SEV, a basic guest launch workflow is described in the SEV API spec
in section "1.3.1 Launch"
https://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/libvirt/libvirt-domain.h | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h index 5d3e15766e..5f0a9b7572 100644 --- a/include/libvirt/libvirt-domain.h +++ b/include/libvirt/libvirt-domain.h @@ -5102,6 +5102,7 @@ int virDomainSetLifecycleAction(virDomainPtr domain, # define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement" /** + * VIR_DOMAIN_LAUNCH_SECURITY_SEV_API_MAJOR: * * Macro represents the API major version of the SEV host, @@ -5133,11 +5134,46 @@ int virDomainSetLifecycleAction(virDomainPtr domain, */ # define VIR_DOMAIN_LAUNCH_SECURITY_SEV_POLICY "sev-policy" +/** + * VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_HEADER: + * + * A macro used to represent the SEV launch secret header. The secret header + * is a base64-encoded VIR_TYPED_PARAM_STRING containing artifacts needed by + * the SEV firmware to recover the plain text of the launch secret. See + * section "6.6 LAUNCH_SECRET" in the SEV API specification for a detailed + * description of the secret header. + */ +# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_HEADER "sev-secret-header" + +/** + * VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET: + * + * A macro used to represent the SEV launch secret. The secret is a + * base64-encoded VIR_TYPED_PARAM_STRING containing an encrypted launch + * secret. The secret is created by the domain owner after the SEV launch + * measurement is retrieved and verified. + */ +# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET "sev-secret" + +/** + * VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_SET_ADDRESS: + * + * A macro used to represent the physical address within the guest's memory + * where the secret will be set, as VIR_TYPED_PARAM_ULLONG. If not specified, + * the address will be determined by the hypervisor. + */ +# define VIR_DOMAIN_LAUNCH_SECURITY_SEV_SECRET_SET_ADDRESS "sev-secret-set-address" + int virDomainGetLaunchSecurityInfo(virDomainPtr domain, virTypedParameterPtr *params, int *nparams, unsigned int flags); +int virDomainSetLaunchSecurityState(virDomainPtr domain, + virTypedParameterPtr params, + int nparams, + unsigned int flags); + typedef enum { VIR_DOMAIN_GUEST_INFO_USERS = (1 << 0), /* return active users */ VIR_DOMAIN_GUEST_INFO_OS = (1 << 1), /* return OS information */ |