Re: [RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

On 4/20/22 5:45 AM, Daniel P. Berrangé wrote: On Thu, Apr 14, 2022 at 02:46:38PM -0400, Tyler Fanelli wrote: On 4/11/22 10:57 AM, Cole Robinson wrote: Maybe the extra key signing is a security fix or something. I haven't figured it out. Signing with the PEK also allows a user to verify

Re: [RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

On 4/11/22 10:57 AM, Cole Robinson wrote: On 3/23/22 3:36 PM, Tyler Fanelli wrote: This an RFC discussing a new API, virDomainGetSevAttestationReport (along with a virsh command "domgetsevreport"), with initial QEMU support via the "query-sev-attestation-report" QAPI m

Re: [RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

Just a quick ping so this patchset doesn't get lost in the list -- may I receive a review on this? On 3/23/22 3:36 PM, Tyler Fanelli wrote: This an RFC discussing a new API, virDomainGetSevAttestationReport (along with a virsh command "domgetsevreport"), with initial QEMU s

[RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

much of the APIs I've noticed, which use a virTypedParameterPtr for either input or output, but not both. This patch is not final, as I still would like some human-readable outputting and storage of the attestation report. Looking for thoughts on the design of this API, as well as suggested impr

[PATCH 2/5] remote: add RPC support for the virDomainGetSevAttestationReport API

Signed-off-by: Tyler Fanelli --- src/remote/remote_daemon_dispatch.c | 44 +++ src/remote/remote_driver.c | 55 + src/remote/remote_protocol.x| 21 ++- src/remote_protocol-structs | 12 +++ 4 files changed, 131

[PATCH 5/5] tools: add domgetsevreport virsh command

After domlaunchsecinfo is used to attest a VM, domgetsevreport can be used to get a full SEV attestation report from the guest. Signed-off-by: Tyler Fanelli --- docs/manpages/virsh.rst | 18 +++ tools/virsh-domain.c| 68 + 2 files changed, 86

[PATCH 4/5] qemu: Implement the virDomainGetSevAttestationReport API

Get a SEV attestation report using the query-sev-attestation-report QMP API. Signed-off-by: Tyler Fanelli --- include/libvirt/libvirt-domain.h | 8 +++ src/driver-hypervisor.h | 4 +- src/qemu/qemu_driver.c | 86 src/qemu/qemu_monitor.c

[PATCH 3/5] qemu_capabilities: Introduce QEMU_CAPS_SEV_GET_ATTESTATION_REPORT

The 'query-sev-attestation-report' qmp command is only available with qemu >= 6.1.0. Introduce a capability for query-sev-attestation-report. Signed-off-by: Tyler Fanelli --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + te

[PATCH 1/5] libvirt: Introduce virDomainGetSevAttestationReport public API

/55766_SEV-KM_API_Specification.pdf Signed-off-by: Tyler Fanelli --- include/libvirt/libvirt-domain.h | 14 +++ src/driver-hypervisor.h | 7 src/libvirt-domain.c | 63 src/libvirt_public.syms | 4 ++ 4 files changed, 88 insertions(+)