From: Eric Blake <eblake@redhat.com>
To: Tobin Feldman-Fitzthum <tobin@linux.vnet.ibm.com>,
jejb@linux.ibm.com, qemu-devel@nongnu.org
Cc: tobin@ibm.com
Subject: Re: [PATCH 1/2] sev: add sev-inject-launch-secret
Date: Thu, 28 May 2020 16:42:53 -0500 [thread overview]
Message-ID: <1f13641f-c4d9-3414-2afc-f89df39e7967@redhat.com> (raw)
In-Reply-To: <20200528205114.42078-2-tobin@linux.vnet.ibm.com>
On 5/28/20 3:51 PM, Tobin Feldman-Fitzthum wrote:
> From: Tobin Feldman-Fitzthum <tobin@ibm.com>
>
> AMD SEV allows a guest owner to inject a secret blob
> into the memory of a virtual machine. The secret is
> encrypted with the SEV Transport Encryption Key and
> integrity is guaranteed with the Transport Integrity
> Key. Although QEMU faciliates the injection of the
> launch secret, it cannot access the secret.
>
> Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.vnet.ibm.com>
> ---
> +++ b/qapi/misc-target.json
> @@ -200,6 +200,26 @@
> { 'command': 'query-sev-capabilities', 'returns': 'SevCapability',
> 'if': 'defined(TARGET_I386)' }
>
> +##
> +# @sev-inject-launch-secret:
> +#
> +# This command injects a secret blob into memory of SEV guest.
> +#
> +# @packet-header: the launch secret packet header encoded in base64
> +#
> +# @secret: the launch secret data to be injected encoded in base64
> +#
> +# @gpa: the guest physical address where secret will be injected.
> + GPA provided here will be ignored if guest ROM specifies
> + the a launch secret GPA.
Missing # on the wrapped lines.
> +#
> +# Since: 5.0.0
You've missed 5.0, and more sites tend to use x.y instead of x.y.z
(although we aren't consistent); this should be 'Since: 5.1'
> +#
> +##
> +{ 'command': 'sev-inject-launch-secret',
> + 'data': { 'packet_hdr': 'str', 'secret': 'str', 'gpa': 'uint64' },
This does not match your documentation above, which named it
'packet-header'. Should 'gpa' be optional, to account for the case
where ROM specifies it?
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
next prev parent reply other threads:[~2020-05-28 21:47 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-28 20:51 [PATCH 0/2] Add support for SEV Launch Secret Injection Tobin Feldman-Fitzthum
2020-05-28 20:51 ` [PATCH 1/2] sev: add sev-inject-launch-secret Tobin Feldman-Fitzthum
2020-05-28 21:00 ` James Bottomley
2020-05-29 18:09 ` tobin
2020-05-28 21:42 ` Eric Blake [this message]
2020-05-29 18:04 ` tobin
2020-05-28 20:51 ` [PATCH 2/2] sev: scan guest ROM for launch secret address Tobin Feldman-Fitzthum
2020-05-29 19:08 ` Tom Lendacky
2020-05-29 3:32 ` [PATCH 0/2] Add support for SEV Launch Secret Injection no-reply
2020-05-29 3:35 ` no-reply
2020-05-29 3:36 ` no-reply
2020-05-29 3:39 ` no-reply
2020-06-01 18:51 ` Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1f13641f-c4d9-3414-2afc-f89df39e7967@redhat.com \
--to=eblake@redhat.com \
--cc=jejb@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=tobin@ibm.com \
--cc=tobin@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).