Phil,
On 16/06/2021 23:43, Philippe Mathieu-Daudé wrote: > There is already a section with various SEV commands / types, > so move the SEV guest attestation together. > I have two questions (regarding several qapi patches in this series): 1. Should we extract all the SEV commands/types to a separate file? Maybe sev.json, or confidential-guest-sev.json -- anticipating the other platforms. 2. I see that some qapi types/commands are conditioned on `defined(CONFIG_...)`. For example in qapi/tpm.json we have: { 'command': 'query-tpm-types', 'returns': ['TpmType'], 'if': 'defined(CONFIG_TPM)' } I wonder if the same applies to SEV. -Dov > Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com> > --- > qapi/misc-target.json | 81 +++++++++++++++++++++---------------------- > 1 file changed, 40 insertions(+), 41 deletions(-) > > diff --git a/qapi/misc-target.json b/qapi/misc-target.json > index 81646126267..7db94206212 100644 > --- a/qapi/misc-target.json > +++ b/qapi/misc-target.json > @@ -219,6 +219,46 @@ > 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' }, > 'if': 'defined(TARGET_I386)' } > > +## > +# @SevAttestationReport: > +# > +# The struct describes attestation report for a Secure Encrypted > +# Virtualization feature. > +# > +# @data: guest attestation report (base64 encoded) > +# > +# > +# Since: 6.1 > +## > +{ 'struct': 'SevAttestationReport', > + 'data': { 'data': 'str'}, > + 'if': 'defined(TARGET_I386)' } > + > +## > +# @query-sev-attestation-report: > +# > +# This command is used to get the SEV attestation report, and is > +# supported on AMD X86 platforms only. > +# > +# @mnonce: a random 16 bytes value encoded in base64 (it will be > +# included in report) > +# > +# Returns: SevAttestationReport objects. > +# > +# Since: 6.1 > +# > +# Example: > +# > +# -> { "execute" : "query-sev-attestation-report", > +# "arguments": { "mnonce": "aaaaaaa" } } > +# <- { "return" : { "data": "aaaaaaaabbbddddd"} } > +# > +## > +{ 'command': 'query-sev-attestation-report', > + 'data': { 'mnonce': 'str' }, > + 'returns': 'SevAttestationReport', > + 'if': 'defined(TARGET_I386)' } > + > ## > # @dump-skeys: > # > @@ -285,44 +325,3 @@ > ## > { 'command': 'query-gic-capabilities', 'returns': ['GICCapability'], > 'if': 'defined(TARGET_ARM)' } > - > - > -## > -# @SevAttestationReport: > -# > -# The struct describes attestation report for a Secure Encrypted > -# Virtualization feature. > -# > -# @data: guest attestation report (base64 encoded) > -# > -# > -# Since: 6.1 > -## > -{ 'struct': 'SevAttestationReport', > - 'data': { 'data': 'str'}, > - 'if': 'defined(TARGET_I386)' } > - > -## > -# @query-sev-attestation-report: > -# > -# This command is used to get the SEV attestation report, and is > -# supported on AMD X86 platforms only. > -# > -# @mnonce: a random 16 bytes value encoded in base64 (it will be > -# included in report) > -# > -# Returns: SevAttestationReport objects. > -# > -# Since: 6.1 > -# > -# Example: > -# > -# -> { "execute" : "query-sev-attestation-report", > - "arguments": { "mnonce": "aaaaaaa" } } > -# <- { "return" : { "data": "aaaaaaaabbbddddd"} } > -# > -## > -{ 'command': 'query-sev-attestation-report', > - 'data': { 'mnonce': 'str' }, > - 'returns': 'SevAttestationReport', > - 'if': 'defined(TARGET_I386)' } >