Re: [PATCH v2 02/10] backends/confidential-guest-support: Add IGVM file

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 02/10] backends/confidential-guest-support: Add IGVM file

From:	Daniel P . Berrangé
Subject:	Re: [PATCH v2 02/10] backends/confidential-guest-support: Add IGVM file parameter
Date:	Tue, 16 Apr 2024 14:29:19 +0100
User-agent:	Mutt/2.2.12 (2023-09-09)

On Wed, Apr 03, 2024 at 12:11:33PM +0100, Roy Hopkins wrote:
> In order to add support for parsing IGVM files for secure virtual
> machines, a the path to an IGVM file needs to be specified as
> part of the guest configuration. It makes sense to add this to
> the ConfidentialGuestSupport object as this is common to all secure
> virtual machines that potentially could support IGVM based
> configuration.
> 
> This patch allows the filename to be configured via the QEMU
> object model in preparation for subsequent patches that will read and
> parse the IGVM file.
> 
> Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
> ---
>  backends/confidential-guest-support.c     | 21 +++++++++++++++++++++
>  include/exec/confidential-guest-support.h |  9 +++++++++
>  qapi/qom.json                             | 13 +++++++++++++
>  qemu-options.hx                           |  8 +++++++-
>  4 files changed, 50 insertions(+), 1 deletion(-)
> 
> diff --git a/backends/confidential-guest-support.c 
> b/backends/confidential-guest-support.c
> index 052fde8db0..da436fb736 100644
> --- a/backends/confidential-guest-support.c
> +++ b/backends/confidential-guest-support.c
> @@ -20,8 +20,29 @@ OBJECT_DEFINE_ABSTRACT_TYPE(ConfidentialGuestSupport,
>                              CONFIDENTIAL_GUEST_SUPPORT,
>                              OBJECT)
>  
> +#if defined(CONFIG_IGVM)
> +static char *get_igvm(Object *obj, Error **errp)
> +{
> +    ConfidentialGuestSupport *cgs = CONFIDENTIAL_GUEST_SUPPORT(obj);
> +    return g_strdup(cgs->igvm_filename);
> +}
> +
> +static void set_igvm(Object *obj, const char *value, Error **errp)
> +{
> +    ConfidentialGuestSupport *cgs = CONFIDENTIAL_GUEST_SUPPORT(obj);
> +    g_free(cgs->igvm_filename);
> +    cgs->igvm_filename = g_strdup(value);
> +}
> +#endif
> +
>  static void confidential_guest_support_class_init(ObjectClass *oc, void 
> *data)
>  {
> +#if defined(CONFIG_IGVM)
> +    object_class_property_add_str(oc, "igvm-file",
> +        get_igvm, set_igvm);
> +    object_class_property_set_description(oc, "igvm-file",
> +        "Set the IGVM filename to use");
> +#endif
>  }
>  
>  static void confidential_guest_support_init(Object *obj)
> diff --git a/include/exec/confidential-guest-support.h 
> b/include/exec/confidential-guest-support.h
> index ba2dd4b5df..ec74da8877 100644
> --- a/include/exec/confidential-guest-support.h
> +++ b/include/exec/confidential-guest-support.h
> @@ -51,6 +51,15 @@ struct ConfidentialGuestSupport {
>       * so 'ready' is not set, we'll abort.
>       */
>      bool ready;
> +
> +#if defined(CONFIG_IGVM)
> +    /*
> +     * igvm_filename: Optional filename that specifies a file that contains
> +     *                the configuration of the guest in Independent Guest
> +     *                Virtual Machine (IGVM) format.
> +     */
> +    char *igvm_filename;
> +#endif
>  };
>  
>  typedef struct ConfidentialGuestSupportClass {
> diff --git a/qapi/qom.json b/qapi/qom.json
> index 85e6b4f84a..5935e1b7a6 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -874,6 +874,18 @@
>    'base': 'RngProperties',
>    'data': { '*filename': 'str' } }
>  
> +##
> +# @ConfidentialGuestProperties:
> +#
> +# Properties common to objects that are derivatives of 
> confidential-guest-support.
> +#
> +# @igvm-file: IGVM file to use to configure guest (default: none)
> +#
> +# Since: 9.1
> +##
> +{ 'struct': 'ConfidentialGuestProperties',
> +  'data': { '*igvm-file': 'str' } }

Since the rest of this patch is conditional on CONFIG_IGVM,
this property should be too, so apps can probe for whether
QEMU is built with IGVM support or not.

> +
>  ##
>  # @SevGuestProperties:
>  #
> @@ -901,6 +913,7 @@
>  # Since: 2.12
>  ##
>  { 'struct': 'SevGuestProperties',
> +  'base': 'ConfidentialGuestProperties',
>    'data': { '*sev-device': 'str',
>              '*dh-cert-file': 'str',
>              '*session-file': 'str',

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 02/10] backends/confidential-guest-support: Add IGVM file parameter, Roy Hopkins, 2024/04/03
- Re: [PATCH v2 02/10] backends/confidential-guest-support: Add IGVM file parameter, Daniel P . Berrangé <=

Prev by Date: Re: [QEMU][PATCH v3 5/7] memory: add MemoryRegion map and unmap callbacks
Next by Date: Re: [PATCH-for-9.1 v2 12/21] hw/i386/pc: Remove PCMachineClass::enforce_aligned_dimm
Previous by thread: [PATCH v2 02/10] backends/confidential-guest-support: Add IGVM file parameter
Next by thread: [PATCH v2 04/10] backends/igvm: Implement parsing and processing of IGVM files
Index(es):
- Date
- Thread