[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 11/26] target/arm/kvm-rme: Add measurement algorithm prope
|
From: |
Markus Armbruster |
|
Subject: |
Re: [PATCH v3 11/26] target/arm/kvm-rme: Add measurement algorithm property |
|
Date: |
Tue, 26 Nov 2024 16:11:19 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Daniel P. Berrangé <berrange@redhat.com> writes:
> On Mon, Nov 25, 2024 at 07:56:10PM +0000, Jean-Philippe Brucker wrote:
[...]
>> diff --git a/qapi/qom.json b/qapi/qom.json
>> index f982850bca..901ba67634 100644
>> --- a/qapi/qom.json
>> +++ b/qapi/qom.json
>> @@ -1068,6 +1068,20 @@
>> 'data': { '*cpu-affinity': ['uint16'],
>> '*node-affinity': ['uint16'] } }
>>
>> +##
>> +# @RmeGuestMeasurementAlgorithm:
>> +#
>> +# @sha256: Use the SHA256 algorithm
>> +#
>> +# @sha512: Use the SHA512 algorithm
>> +#
>> +# Algorithm to use for realm measurements
>> +#
>> +# Since: 9.3
>> +##
>> +{ 'enum': 'RmeGuestMeasurementAlgorithm',
>> + 'data': ['sha256', 'sha512'] }
>
>
> A design question for Markus....
>
>
> We have a "QCryptoHashAlg" enum that covers both of these strings
> and more besides.
>
> We have a choice of using a dedicated enum strictly limited to
> just what RME needs, vs using the common enum type, but rejecting
> unsupported algorithms at runtime. Do we prefer duplication for
> improve specificity, or removal of duplication ?
With a dedicated enum, introspection shows precisely the accepted
values.
If we reuse a wider enum, introspection shows additional, invalid
values.
Say we later make one of these valid here. If we reuse the wider enum
now, nothing changes in introspection then, i.e. introspection cannot
tell us whether this particular QEMU supports this additional algorithm.
With a dedicated enum, it can. Whether that's needed in practice I find
hard to predict.
I lean towards lean towards dedicated enum.
Questions?
[...]
- Re: [PATCH v3 02/26] target/arm: Add confidential guest support, (continued)
- [PATCH v3 07/26] target/arm/kvm: Create scratch VM as Realm if necessary, Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 06/26] target/arm/kvm-rme: Initialize vCPU, Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 04/26] target/arm/kvm-rme: Initialize realm, Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 10/26] target/arm/kvm-rme: Add Realm Personalization Value parameter, Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 09/26] target/arm/kvm-rme: Initialize Realm memory, Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 11/26] target/arm/kvm-rme: Add measurement algorithm property, Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 12/26] target/arm/cpu: Set number of breakpoints and watchpoints in KVM, Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 13/26] target/arm/cpu: Set number of PMU counters in KVM, Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 14/26] target/arm/cpu: Inform about reading confidential CPU registers, Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 16/26] hw/arm/virt: Disable DTB randomness for confidential VMs, Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 08/26] hw/core/loader: Add ROM loader notifier, Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 19/26] hw/arm/virt: Move virt_flash_create() to machvirt_init(), Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 15/26] hw/arm/virt: Add support for Arm RME, Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 17/26] hw/arm/virt: Reserve one bit of guest-physical address for RME, Jean-Philippe Brucker, 2024/11/25
- [PATCH v3 18/26] hw/arm/boot: Mark all guest memory as RIPAS_RAM., Jean-Philippe Brucker, 2024/11/25