Re: [RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

2022-04-21 Thread Daniel P . Berrangé
On Thu, Apr 21, 2022 at 12:35:27PM -0400, Tyler Fanelli wrote: > On 4/20/22 5:45 AM, Daniel P. Berrangé wrote: > > > > But as is it's not clear what this buys us over the launch measurement > > > > we already report with virDomainGetLaunchSecurityInfo > > > > > > > > > > > > If we figure out

Re: [RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

2022-04-21 Thread Tyler Fanelli
On 4/20/22 5:45 AM, Daniel P. Berrangé wrote: On Thu, Apr 14, 2022 at 02:46:38PM -0400, Tyler Fanelli wrote: On 4/11/22 10:57 AM, Cole Robinson wrote: Maybe the extra key signing is a security fix or something. I haven't figured it out. Signing with the PEK also allows a user to verify the

Re: [RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

2022-04-20 Thread Daniel P . Berrangé
On Thu, Apr 14, 2022 at 02:46:38PM -0400, Tyler Fanelli wrote: > On 4/11/22 10:57 AM, Cole Robinson wrote: > > On 3/23/22 3:36 PM, Tyler Fanelli wrote: > > > This an RFC discussing a new API, virDomainGetSevAttestationReport (along > > > with a > > > virsh command "domgetsevreport"), with initial

Re: [RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

2022-04-19 Thread Cole Robinson
On 4/14/22 2:46 PM, Tyler Fanelli wrote: > On 4/11/22 10:57 AM, Cole Robinson wrote: >> On 3/23/22 3:36 PM, Tyler Fanelli wrote: >>> This an RFC discussing a new API, virDomainGetSevAttestationReport >>> (along with a >>> virsh command "domgetsevreport"), with initial QEMU support via the >>>

Re: [RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

2022-04-14 Thread Tyler Fanelli
On 4/11/22 10:57 AM, Cole Robinson wrote: On 3/23/22 3:36 PM, Tyler Fanelli wrote: This an RFC discussing a new API, virDomainGetSevAttestationReport (along with a virsh command "domgetsevreport"), with initial QEMU support via the "query-sev-attestation-report" QAPI mechanism.

Re: [RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

2022-04-11 Thread Cole Robinson
On 3/23/22 3:36 PM, Tyler Fanelli wrote: > This an RFC discussing a new API, virDomainGetSevAttestationReport (along > with a > virsh command "domgetsevreport"), with initial QEMU support via the > "query-sev-attestation-report" QAPI mechanism. "query-sev-attestation-report" > is > supplied a

Re: [RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

2022-04-04 Thread Tyler Fanelli
Just a quick ping so this patchset doesn't get lost in the list -- may I receive a review on this? On 3/23/22 3:36 PM, Tyler Fanelli wrote: This an RFC discussing a new API, virDomainGetSevAttestationReport (along with a virsh command "domgetsevreport"), with initial QEMU support via the

[RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API

2022-03-23 Thread Tyler Fanelli
This an RFC discussing a new API, virDomainGetSevAttestationReport (along with a virsh command "domgetsevreport"), with initial QEMU support via the "query-sev-attestation-report" QAPI mechanism. "query-sev-attestation-report" is supplied a base64-encoded 16 byte "mnonce" string as input, with a