Xiaoyao Li <[email protected]> writes:
> From: Isaku Yamahata <[email protected]>
>
> Three sha384 hash values, mrconfigid, mrowner and mrownerconfig, of a TD
> can be provided for TDX attestation. Detailed meaning of them can be
> found:
> https://lore.kernel.org/qemu-devel/[email protected]/
>
> Allow user to specify those values via property mrconfigid, mrowner and
> mrownerconfig. They are all in base64 format.
>
> example
> -object tdx-guest, \
>
> mrconfigid=ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v,\
> mrowner=ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v,\
>
> mrownerconfig=ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v
>
> Signed-off-by: Isaku Yamahata <[email protected]>
> Co-developed-by: Xiaoyao Li <[email protected]>
> Signed-off-by: Xiaoyao Li <[email protected]>
>
> ---
> Changes in v4:
> - describe more of there fields in qom.json
> - free the old value before set new value to avoid memory leak in
> _setter(); (Daniel)
>
> Changes in v3:
> - use base64 encoding instread of hex-string;
> ---
> qapi/qom.json | 14 ++++++-
> target/i386/kvm/tdx.c | 87 +++++++++++++++++++++++++++++++++++++++++++
> target/i386/kvm/tdx.h | 3 ++
> 3 files changed, 103 insertions(+), 1 deletion(-)
>
> diff --git a/qapi/qom.json b/qapi/qom.json
> index 2177f3101382..15445f9e41fc 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -905,10 +905,22 @@
> # pages. Some guest OS (e.g., Linux TD guest) may require this to
> # be set, otherwise they refuse to boot.
> #
> +# @mrconfigid: ID for non-owner-defined configuration of the guest TD,
> +# e.g., run-time or OS configuration. base64 encoded SHA384 digest.
"base64 encoded SHA384" is not a sentence.
Double-checking: the data being hashed here is the "non-owner-defined
configuration of the guest TD", and the resulting hash is the "ID"?
> +#
> +# @mrowner: ID for the guest TD’s owner. base64 encoded SHA384 digest.
Likewise.
> +#
> +# @mrownerconfig: ID for owner-defined configuration of the guest TD,
> +# e.g., specific to the workload rather than the run-time or OS.
> +# base64 encoded SHA384 digest.
Likewise.
> +#
> # Since: 9.0
> ##
> { 'struct': 'TdxGuestProperties',
> - 'data': { '*sept-ve-disable': 'bool' } }
> + 'data': { '*sept-ve-disable': 'bool',
> + '*mrconfigid': 'str',
> + '*mrowner': 'str',
> + '*mrownerconfig': 'str' } }
The new members are optional, but their description in the doc comment
doesn't explain behavior when present vs. behavior when absent.
>
> ##
> # @ThreadContextProperties:
[...]
