[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 32/49] i386/sev: Don't return launch measurements for SEV-
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [PATCH v3 32/49] i386/sev: Don't return launch measurements for SEV-SNP guests |
|
Date: |
Wed, 20 Mar 2024 12:27:50 +0000 |
|
User-agent: |
Mutt/2.2.12 (2023-09-09) |
On Wed, Mar 20, 2024 at 12:15:00PM +0000, Daniel P. Berrangé wrote:
> On Wed, Mar 20, 2024 at 03:39:28AM -0500, Michael Roth wrote:
> > For SEV-SNP guests, launch measurement is queried from within the guest
> > during attestation, so don't attempt to return it as part of
> > query-sev-launch-measure.
> >
> > Signed-off-by: Michael Roth <michael.roth@amd.com>
> > ---
> > target/i386/sev.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/target/i386/sev.c b/target/i386/sev.c
> > index b03d70a3d1..0c8e4bdb4c 100644
> > --- a/target/i386/sev.c
> > +++ b/target/i386/sev.c
> > @@ -803,7 +803,9 @@ sev_launch_get_measure(Notifier *notifier, void *unused)
> >
> > static char *sev_get_launch_measurement(void)
> > {
> > - SevGuestState *sev_guest = SEV_GUEST(MACHINE(qdev_get_machine())->cgs);
> > + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs;
> > + SevGuestState *sev_guest =
> > + (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST);
> >
> > if (sev_guest &&
> > SEV_COMMON(sev_guest)->state >= SEV_STATE_LAUNCH_SECRET) {
>
> The QAPI docs for query-sev-launch-measurement should be updated
> to reflect that this command is only valid to call for SEV/SEV-ES,
> not SNP.
Also, the same question about whether query-sev-attestation-report
and sev-inject-launch-secret need updating to declare them SEV/SEV-ES
only, or if they are expected work with SNP too ?
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- [PATCH v3 29/49] i386/sev: Don't disable block discarding for SNP, (continued)
- [PATCH v3 29/49] i386/sev: Don't disable block discarding for SNP, Michael Roth, 2024/03/20
- [PATCH v3 30/49] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled, Michael Roth, 2024/03/20
- [PATCH v3 02/49] scripts/update-linux-headers: Add setup_data.h to import list, Michael Roth, 2024/03/20
- [PATCH v3 31/49] i386/sev: Update query-sev QAPI format to handle SEV-SNP, Michael Roth, 2024/03/20
- [PATCH v3 32/49] i386/sev: Don't return launch measurements for SEV-SNP guests, Michael Roth, 2024/03/20
- [PATCH v3 33/49] kvm: Make kvm_convert_memory() non-static, Michael Roth, 2024/03/20
- [PATCH v3 34/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes, Michael Roth, 2024/03/20
- [PATCH v3 35/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes (MSR-based), Michael Roth, 2024/03/20
- [PATCH v3 36/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Extended Guest Requests, Michael Roth, 2024/03/20
- [PATCH v3 37/49] i386/sev: Add the SNP launch start context, Michael Roth, 2024/03/20
- [PATCH v3 38/49] i386/sev: Add handling to encrypt/finalize guest launch data, Michael Roth, 2024/03/20
- [PATCH v3 39/49] i386/sev: Set CPU state to protected once SNP guest payload is finalized, Michael Roth, 2024/03/20