[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 02/10] backends/confidential-guest-support: Add IGVM file
From: |
Daniel P . Berrangé |
Subject: |
Re: [PATCH v2 02/10] backends/confidential-guest-support: Add IGVM file parameter |
Date: |
Tue, 16 Apr 2024 14:29:19 +0100 |
User-agent: |
Mutt/2.2.12 (2023-09-09) |
On Wed, Apr 03, 2024 at 12:11:33PM +0100, Roy Hopkins wrote:
> In order to add support for parsing IGVM files for secure virtual
> machines, a the path to an IGVM file needs to be specified as
> part of the guest configuration. It makes sense to add this to
> the ConfidentialGuestSupport object as this is common to all secure
> virtual machines that potentially could support IGVM based
> configuration.
>
> This patch allows the filename to be configured via the QEMU
> object model in preparation for subsequent patches that will read and
> parse the IGVM file.
>
> Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
> ---
> backends/confidential-guest-support.c | 21 +++++++++++++++++++++
> include/exec/confidential-guest-support.h | 9 +++++++++
> qapi/qom.json | 13 +++++++++++++
> qemu-options.hx | 8 +++++++-
> 4 files changed, 50 insertions(+), 1 deletion(-)
>
> diff --git a/backends/confidential-guest-support.c
> b/backends/confidential-guest-support.c
> index 052fde8db0..da436fb736 100644
> --- a/backends/confidential-guest-support.c
> +++ b/backends/confidential-guest-support.c
> @@ -20,8 +20,29 @@ OBJECT_DEFINE_ABSTRACT_TYPE(ConfidentialGuestSupport,
> CONFIDENTIAL_GUEST_SUPPORT,
> OBJECT)
>
> +#if defined(CONFIG_IGVM)
> +static char *get_igvm(Object *obj, Error **errp)
> +{
> + ConfidentialGuestSupport *cgs = CONFIDENTIAL_GUEST_SUPPORT(obj);
> + return g_strdup(cgs->igvm_filename);
> +}
> +
> +static void set_igvm(Object *obj, const char *value, Error **errp)
> +{
> + ConfidentialGuestSupport *cgs = CONFIDENTIAL_GUEST_SUPPORT(obj);
> + g_free(cgs->igvm_filename);
> + cgs->igvm_filename = g_strdup(value);
> +}
> +#endif
> +
> static void confidential_guest_support_class_init(ObjectClass *oc, void
> *data)
> {
> +#if defined(CONFIG_IGVM)
> + object_class_property_add_str(oc, "igvm-file",
> + get_igvm, set_igvm);
> + object_class_property_set_description(oc, "igvm-file",
> + "Set the IGVM filename to use");
> +#endif
> }
>
> static void confidential_guest_support_init(Object *obj)
> diff --git a/include/exec/confidential-guest-support.h
> b/include/exec/confidential-guest-support.h
> index ba2dd4b5df..ec74da8877 100644
> --- a/include/exec/confidential-guest-support.h
> +++ b/include/exec/confidential-guest-support.h
> @@ -51,6 +51,15 @@ struct ConfidentialGuestSupport {
> * so 'ready' is not set, we'll abort.
> */
> bool ready;
> +
> +#if defined(CONFIG_IGVM)
> + /*
> + * igvm_filename: Optional filename that specifies a file that contains
> + * the configuration of the guest in Independent Guest
> + * Virtual Machine (IGVM) format.
> + */
> + char *igvm_filename;
> +#endif
> };
>
> typedef struct ConfidentialGuestSupportClass {
> diff --git a/qapi/qom.json b/qapi/qom.json
> index 85e6b4f84a..5935e1b7a6 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -874,6 +874,18 @@
> 'base': 'RngProperties',
> 'data': { '*filename': 'str' } }
>
> +##
> +# @ConfidentialGuestProperties:
> +#
> +# Properties common to objects that are derivatives of
> confidential-guest-support.
> +#
> +# @igvm-file: IGVM file to use to configure guest (default: none)
> +#
> +# Since: 9.1
> +##
> +{ 'struct': 'ConfidentialGuestProperties',
> + 'data': { '*igvm-file': 'str' } }
Since the rest of this patch is conditional on CONFIG_IGVM,
this property should be too, so apps can probe for whether
QEMU is built with IGVM support or not.
> +
> ##
> # @SevGuestProperties:
> #
> @@ -901,6 +913,7 @@
> # Since: 2.12
> ##
> { 'struct': 'SevGuestProperties',
> + 'base': 'ConfidentialGuestProperties',
> 'data': { '*sev-device': 'str',
> '*dh-cert-file': 'str',
> '*session-file': 'str',
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|