From: "Daniel P. Berrange" <berrange@redhat.com>
To: Brijesh Singh <brijesh.singh@amd.com>
Cc: "Relph, Richard" <Richard.Relph@amd.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"libvir-list@redhat.com" <libvir-list@redhat.com>,
"Lendacky, Thomas" <Thomas.Lendacky@amd.com>
Subject: Re: [Qemu-devel] libvirt/QEMU/SEV interaction
Date: Fri, 8 Sep 2017 16:51:43 +0100 [thread overview]
Message-ID: <20170908155143.GK32645@redhat.com> (raw)
In-Reply-To: <82d6b8f0-7101-1d59-5489-43b66107fbe0@amd.com>
On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
> > So I could see a flow like the following:
>
>
> The flow looks good
>
> >
> >
> > 1. mgmt tool calls virConnectGetCapabilities. This returns an XML
> > document that includes the following
> >
> > <host>
> > ...other bits...
> > <sev>
> > <platform-key>...hex encoded PDH key...</platform-key>
> > </sev>
> > </host>
> >
> > 2. mgmt tool requests to start a guest calling virCreateXML(),
> > passing VIR_DOMAIN_START_PAUSED. The XML would include
> >
> > <sev>
> > <owner-key>...hex encode DH key...</owner-key>
> > <session-info>..hex encode info...</session-info>
> > <policy>...int32 value..</policy>
> > </sev>
> >
> >
> > if <sev> is provided and VIR_DOMAIN_START_PAUSED is missing,
> > libvirt would report an error and refuse to start the guest
> >
>
>
> One thing which is not clear to me is, how do we know that we are asked
> to launch SEV guest? Are you thinking that <sev> tag in the XML will
> hint libvirt that GO has asked to launch a SEV guest?
Yes, the existance of the <sev> tag is the indicator that informs
libvirt that SEV *must* be used for the guest.
> > 3. Libvirt generates the QEMU cli arg to enable SEV using
> > the XML data and starts QEMU, leaving CPUs paused
> >
>
>
> I am looking at [1] to get the feel for how do we model it in the XML.
> As you can see I am using ad-hoc <qemu:args> to create the sev-guest
> object. Currently, sev-guest object accepts the following properties:
>
> dh-cert-file: <file containing the GO DH key>
> session-info-file: <file contain the GO session info>
> policy: <int32 GO policy>
>
> I believe the new XML model will influence the property input type,
> Any recommendation on how do model this part ? thank you so much.
That looks ok to me - even if QEMU wants the data provided in
files on disk, libvirt can just create the files on the fly
from the data it has in the <sev> element in the XML file.
Since they're only needed during startup, libvirt can then
easily delete the files the moment QEMU has completed its
startup.
>
> [1] https://libvirt.org/formatdomain.html#elementsCPU
>
>
> > 4. QEMU emits a SEV_MEASURE event containing the measurement
> > blob
> >
> > 5. Libvirt catches the QEMU event and emits its own
> > VIR_CONNECT_DOMAIN_EVENT_SEV_MEASURE event containing
> > the measurement blob
> >
> > 6. GO does its validation of the measurement
> >
> > 7a If validation failed, then virDomainDestroy() to stop QEMU
> >
> > 7b If validation succeeed
> >
> > Optionally call
> >
> > virDomainSetSEVSecret()
> >
> > providing the optional secret, then
> >
> > virDomainResume()
> >
> > to let QEMU continue
> >
> >
> >
> >
> > Regards,
> > Daniel
> >
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2017-09-08 15:51 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-08 11:57 [Qemu-devel] libvirt/QEMU/SEV interaction Brijesh Singh
2017-09-08 13:15 ` Daniel P. Berrange
2017-09-08 13:45 ` Relph, Richard
2017-09-08 14:52 ` Daniel P. Berrange
2017-09-08 15:48 ` Brijesh Singh
2017-09-08 15:51 ` Daniel P. Berrange [this message]
2017-09-08 16:10 ` Brijesh Singh
2017-09-08 16:11 ` Laszlo Ersek
2017-10-18 4:21 ` Michael S. Tsirkin
2017-10-18 19:18 ` Dr. David Alan Gilbert
2017-10-19 1:35 ` Michael S. Tsirkin
2017-10-20 14:26 ` Richard Relph
2017-09-18 9:43 ` [Qemu-devel] [libvirt] " Erik Skultety
2017-09-18 9:47 ` Daniel P. Berrange
2017-09-18 12:41 ` Richard Relph
2017-09-18 13:51 ` Erik Skultety
2017-09-26 14:36 ` [Qemu-devel] " Michael S. Tsirkin
2017-09-27 11:06 ` Dr. David Alan Gilbert
2017-09-27 13:39 ` Brijesh Singh
2017-09-27 16:12 ` Michael S. Tsirkin
2017-09-27 19:06 ` Richard Relph
2017-09-29 19:34 ` Michael S. Tsirkin
2017-09-29 19:48 ` Richard Relph
2017-09-29 20:07 ` Richard Relph
2017-09-29 21:35 ` Michael S. Tsirkin
2017-10-01 2:54 ` Michael S. Tsirkin
2017-10-01 2:59 ` Michael S. Tsirkin
2017-09-29 21:16 ` Michael S. Tsirkin
2017-09-29 22:15 ` Laszlo Ersek
2017-10-02 9:15 ` Daniel P. Berrange
2017-10-02 9:11 ` Daniel P. Berrange
2017-09-29 21:58 ` Laszlo Ersek
2017-10-01 0:09 ` Brijesh Singh
2017-10-01 9:17 ` Laszlo Ersek
2017-10-01 9:56 ` Laszlo Ersek
2017-10-03 16:03 ` Brijesh Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170908155143.GK32645@redhat.com \
--to=berrange@redhat.com \
--cc=Richard.Relph@amd.com \
--cc=Thomas.Lendacky@amd.com \
--cc=brijesh.singh@amd.com \
--cc=libvir-list@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).