From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Roy Hopkins" <roy.hopkins@randomman.co.uk>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Stefano Garzarella" <sgarzare@redhat.com>,
"Ani Sinha" <anisinha@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Gerd Hoffman" <kraxel@redhat.com>
Subject: [PULL 28/77] backends/confidential-guest-support: Add set_guest_policy() function
Date: Mon, 14 Jul 2025 13:03:17 +0200 [thread overview]
Message-ID: <20250714110406.117772-29-pbonzini@redhat.com> (raw)
In-Reply-To: <20250714110406.117772-1-pbonzini@redhat.com>
From: Roy Hopkins <roy.hopkins@randomman.co.uk>
For confidential guests a policy can be provided that defines the
security level, debug status, expected launch measurement and other
parameters that define the configuration of the confidential platform.
This commit adds a new function named set_guest_policy() that can be
implemented by each confidential platform, such as AMD SEV to set the
policy. This will allow configuration of the policy from a
multi-platform resource such as an IGVM file without the IGVM processor
requiring specific implementation details for each platform.
Signed-off-by: Roy Hopkins <roy.hopkins@randomman.co.uk>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Ani Sinha <anisinha@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Gerd Hoffman <kraxel@redhat.com>
Link: https://lore.kernel.org/r/d3888a2eb170c8d8c85a1c4b7e99accf3a15589c.1751554099.git.roy.hopkins@randomman.co.uk
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
include/system/confidential-guest-support.h | 21 +++++++++++++++++++++
backends/confidential-guest-support.c | 12 ++++++++++++
2 files changed, 33 insertions(+)
diff --git a/include/system/confidential-guest-support.h b/include/system/confidential-guest-support.h
index 79ecd21f42f..0cc8b26e644 100644
--- a/include/system/confidential-guest-support.h
+++ b/include/system/confidential-guest-support.h
@@ -57,6 +57,10 @@ typedef enum ConfidentialGuestPageType {
CGS_PAGE_TYPE_REQUIRED_MEMORY,
} ConfidentialGuestPageType;
+typedef enum ConfidentialGuestPolicyType {
+ GUEST_POLICY_SEV,
+} ConfidentialGuestPolicyType;
+
struct ConfidentialGuestSupport {
Object parent;
@@ -123,6 +127,23 @@ typedef struct ConfidentialGuestSupportClass {
ConfidentialGuestPageType memory_type,
uint16_t cpu_index, Error **errp);
+ /*
+ * Set the guest policy. The policy can be used to configure the
+ * confidential platform, such as if debug is enabled or not and can contain
+ * information about expected launch measurements, signed verification of
+ * guest configuration and other platform data.
+ *
+ * The format of the policy data is specific to each platform. For example,
+ * SEV-SNP uses a policy bitfield in the 'policy' argument and provides an
+ * ID block and ID authentication in the 'policy_data' parameters. The type
+ * of policy data is identified by the 'policy_type' argument.
+ */
+ int (*set_guest_policy)(ConfidentialGuestPolicyType policy_type,
+ uint64_t policy,
+ void *policy_data1, uint32_t policy_data1_size,
+ void *policy_data2, uint32_t policy_data2_size,
+ Error **errp);
+
/*
* Iterate the system memory map, getting the entry with the given index
* that can be populated into guest memory.
diff --git a/backends/confidential-guest-support.c b/backends/confidential-guest-support.c
index c5bef1fbfa8..156dd15e667 100644
--- a/backends/confidential-guest-support.c
+++ b/backends/confidential-guest-support.c
@@ -38,6 +38,17 @@ static int set_guest_state(hwaddr gpa, uint8_t *ptr, uint64_t len,
return -1;
}
+static int set_guest_policy(ConfidentialGuestPolicyType policy_type,
+ uint64_t policy,
+ void *policy_data1, uint32_t policy_data1_size,
+ void *policy_data2, uint32_t policy_data2_size,
+ Error **errp)
+{
+ error_setg(errp,
+ "Setting confidential guest policy is not supported for this platform");
+ return -1;
+}
+
static int get_mem_map_entry(int index, ConfidentialGuestMemoryMapEntry *entry,
Error **errp)
{
@@ -53,6 +64,7 @@ static void confidential_guest_support_class_init(ObjectClass *oc,
ConfidentialGuestSupportClass *cgsc = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc);
cgsc->check_support = check_support;
cgsc->set_guest_state = set_guest_state;
+ cgsc->set_guest_policy = set_guest_policy;
cgsc->get_mem_map_entry = get_mem_map_entry;
}
--
2.50.0
next prev parent reply other threads:[~2025-07-14 11:12 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-14 11:02 [PULL 00/77] Rust, target/i386 changes for QEMU 10.1 soft freeze Paolo Bonzini
2025-07-14 11:02 ` [PULL 01/77] rust/qemu-api: Fix binding path in source directory Paolo Bonzini
2025-07-14 11:02 ` [PULL 02/77] rust/qemu-api-macros: use syn::Error directly Paolo Bonzini
2025-07-14 11:02 ` [PULL 03/77] rust/bindings: allow unnecessary_transmutes (1.88) Paolo Bonzini
2025-07-14 11:02 ` [PULL 04/77] rust/qemu-api-macros: normalize TryInto output Paolo Bonzini
2025-07-14 11:02 ` [PULL 05/77] rust/qemu-api-macros: add unit tests Paolo Bonzini
2025-07-14 11:02 ` [PULL 06/77] rust/qemu-api: log: implement io::Write Paolo Bonzini
2025-07-14 11:02 ` [PULL 07/77] target/i386: move max_features to class Paolo Bonzini
2025-07-14 11:02 ` [PULL 08/77] target/i386: nvmm, whpx: add accel/CPU class that sets host vendor Paolo Bonzini
2025-07-14 11:02 ` [PULL 09/77] target/i386: allow reordering max_x86_cpu_initfn vs accel CPU init Paolo Bonzini
2025-07-14 11:02 ` [PULL 10/77] target/i386: move accel_cpu_instance_init to .instance_init Paolo Bonzini
2025-07-14 11:03 ` [PULL 11/77] target/i386: merge host_cpu_instance_init() and host_cpu_max_instance_init() Paolo Bonzini
2025-07-14 11:03 ` [PULL 12/77] i386/tdx: Remove enumeration of GetQuote in tdx_handle_get_tdvmcall_info() Paolo Bonzini
2025-07-14 11:03 ` [PULL 13/77] update Linux headers to KVM tree master Paolo Bonzini
2025-07-14 11:03 ` [PULL 14/77] i386/tdx: Set value of <GetTdVmCallInfo> based on capabilities of both KVM and QEMU Paolo Bonzini
2025-07-14 11:03 ` [PULL 15/77] i386/tdx: handle TDVMCALL_SETUP_EVENT_NOTIFY_INTERRUPT Paolo Bonzini
2025-07-17 9:46 ` Peter Maydell
2025-07-17 10:19 ` Xiaoyao Li
2025-07-14 11:03 ` [PULL 16/77] i386/tdx: Fix the report of gpa in QAPI Paolo Bonzini
2025-07-14 11:03 ` [PULL 17/77] meson: Add optional dependency on IGVM library Paolo Bonzini
2025-07-16 11:31 ` Daniel P. Berrangé
2025-07-17 13:30 ` Stefano Garzarella
2025-07-17 13:33 ` Daniel P. Berrangé
2025-07-17 15:47 ` Peter Maydell
2025-07-14 11:03 ` [PULL 18/77] backends/confidential-guest-support: Add functions to support IGVM Paolo Bonzini
2025-07-14 11:03 ` [PULL 19/77] backends/igvm: Add IGVM loader and configuration Paolo Bonzini
2025-07-14 11:03 ` [PULL 20/77] hw/i386: Add igvm-cfg object and processing for IGVM files Paolo Bonzini
2025-07-14 11:03 ` [PULL 21/77] i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with IGVM Paolo Bonzini
2025-07-14 11:03 ` [PULL 22/77] sev: Update launch_update_data functions to use Error handling Paolo Bonzini
2025-07-14 11:03 ` [PULL 23/77] target/i386: Allow setting of R_LDTR and R_TR with cpu_x86_load_seg_cache() Paolo Bonzini
2025-07-14 11:03 ` [PULL 24/77] i386/sev: Refactor setting of reset vector and initial CPU state Paolo Bonzini
2025-07-14 11:03 ` [PULL 25/77] i386/sev: Implement ConfidentialGuestSupport functions for SEV Paolo Bonzini
2025-07-14 11:03 ` [PULL 26/77] docs/system: Add documentation on support for IGVM Paolo Bonzini
2025-07-14 11:03 ` [PULL 27/77] docs/interop/firmware.json: Add igvm to FirmwareDevice Paolo Bonzini
2025-07-14 11:03 ` Paolo Bonzini [this message]
2025-07-14 11:03 ` [PULL 29/77] backends/igvm: Process initialization sections in IGVM file Paolo Bonzini
2025-07-14 11:03 ` [PULL 30/77] backends/igvm: Handle policy for SEV guests Paolo Bonzini
2025-07-14 11:03 ` [PULL 31/77] i386/sev: Add implementation of CGS set_guest_policy() Paolo Bonzini
2025-07-14 11:03 ` [PULL 32/77] sev: Provide sev_features flags from IGVM VMSA to KVM_SEV_INIT2 Paolo Bonzini
2025-07-14 11:03 ` [PULL 33/77] i386/cpu: Move the implementation of is_host_cpu_intel() host-cpu.c Paolo Bonzini
2025-07-14 11:03 ` [PULL 34/77] i386/cpu: Use CPUID_MODEL_ID_SZ instead of hardcoded 48 Paolo Bonzini
2025-07-14 11:03 ` [PULL 35/77] i386: Cleanup the usage of CPUID_VENDOR_INTEL_1 Paolo Bonzini
2025-07-14 11:03 ` [PULL 36/77] i386/kvm-cpu: Fix the indentation inside kvm_cpu_realizefn() Paolo Bonzini
2025-07-14 11:03 ` [PULL 37/77] i386/cpu: Unify family, model and stepping calculation for x86 CPU Paolo Bonzini
2025-07-14 11:03 ` [PULL 38/77] i386/tdx: Remove task->watch only when it's valid Paolo Bonzini
2025-07-14 11:03 ` [PULL 39/77] i386/tdx: Don't mask off CPUID_EXT_PDCM Paolo Bonzini
2025-07-14 11:03 ` [PULL 40/77] i386/cpu: Refine comment of CPUID2CacheDescriptorInfo Paolo Bonzini
2025-07-14 11:03 ` [PULL 41/77] i386/cpu: Add descriptor 0x49 for CPUID 0x2 encoding Paolo Bonzini
2025-07-14 11:03 ` [PULL 42/77] i386/cpu: Add default cache model for Intel CPUs with level < 4 Paolo Bonzini
2025-07-14 11:03 ` [PULL 43/77] i386/cpu: Present same cache model in CPUID 0x2 & 0x4 Paolo Bonzini
2025-07-14 11:03 ` [PULL 44/77] i386/cpu: Consolidate CPUID 0x4 leaf Paolo Bonzini
2025-07-14 11:03 ` [PULL 45/77] i386/cpu: Drop CPUID 0x2 specific cache info in X86CPUState Paolo Bonzini
2025-07-14 11:03 ` [PULL 46/77] i386/cpu: Add x-vendor-cpuid-only-v2 option for compatibility Paolo Bonzini
2025-07-14 11:03 ` [PULL 47/77] i386/cpu: Mark CPUID[0x80000005] as reserved for Intel Paolo Bonzini
2025-07-14 11:03 ` [PULL 48/77] i386/cpu: Rename AMD_ENC_ASSOC to X86_ENC_ASSOC Paolo Bonzini
2025-07-14 11:03 ` [PULL 49/77] i386/cpu: Fix CPUID[0x80000006] for Intel CPU Paolo Bonzini
2025-07-14 11:03 ` [PULL 50/77] i386/cpu: Add legacy_intel_cache_info cache model Paolo Bonzini
2025-07-14 11:03 ` [PULL 51/77] i386/cpu: Add legacy_amd_cache_info " Paolo Bonzini
2025-07-14 11:03 ` [PULL 52/77] i386/cpu: Select legacy cache model based on vendor in CPUID 0x2 Paolo Bonzini
2025-07-14 11:03 ` [PULL 53/77] i386/cpu: Select legacy cache model based on vendor in CPUID 0x4 Paolo Bonzini
2025-07-14 11:03 ` [PULL 54/77] i386/cpu: Select legacy cache model based on vendor in CPUID 0x80000005 Paolo Bonzini
2025-07-14 11:03 ` [PULL 55/77] i386/cpu: Select legacy cache model based on vendor in CPUID 0x80000006 Paolo Bonzini
2025-07-14 11:03 ` [PULL 56/77] i386/cpu: Select legacy cache model based on vendor in CPUID 0x8000001D Paolo Bonzini
2025-07-14 11:03 ` [PULL 57/77] i386/cpu: Use a unified cache_info in X86CPUState Paolo Bonzini
2025-07-14 11:03 ` [PULL 58/77] i386/cpu: Introduce cache model for SierraForest Paolo Bonzini
2025-07-14 11:03 ` [PULL 59/77] i386/cpu: Introduce cache model for GraniteRapids Paolo Bonzini
2025-07-14 11:03 ` [PULL 60/77] i386/cpu: Introduce cache model for SapphireRapids Paolo Bonzini
2025-07-14 11:03 ` [PULL 61/77] i386/cpu: Introduce cache model for YongFeng Paolo Bonzini
2025-07-14 11:03 ` [PULL 62/77] i386/cpu: Add a "x-force-cpuid-0x1f" property Paolo Bonzini
2025-07-14 11:03 ` [PULL 63/77] i386/cpu: Enable 0x1f leaf for SierraForest by default Paolo Bonzini
2025-07-14 11:03 ` [PULL 64/77] " Paolo Bonzini
2025-07-14 11:03 ` [PULL 65/77] i386/cpu: Enable 0x1f leaf for GraniteRapids " Paolo Bonzini
2025-07-14 11:03 ` [PULL 66/77] i386/cpu: Enable 0x1f leaf for SapphireRapids " Paolo Bonzini
2025-07-14 11:03 ` [PULL 67/77] i386/cpu: Enable 0x1f leaf for YongFeng " Paolo Bonzini
2025-07-14 11:03 ` [PULL 68/77] i386/cpu: Mark EBX/ECX/EDX in CPUID 0x80000000 leaf as reserved for Intel Paolo Bonzini
2025-07-14 11:03 ` [PULL 69/77] i386/cpu: Mark CPUID 0x80000007[EBX] " Paolo Bonzini
2025-07-14 11:03 ` [PULL 70/77] i386/cpu: Mark CPUID 0x80000008 ECX bits[0:7] & [12:15] as reserved for Intel/Zhaoxin Paolo Bonzini
2025-07-14 11:04 ` [PULL 71/77] tests/functional: test_x86_cpu_model_versions: remove dead tests Paolo Bonzini
2025-07-14 11:04 ` [PULL 72/77] tests/vm: bump FreeBSD image to 14.3 Paolo Bonzini
2025-07-14 11:04 ` [PULL 73/77] i386/cpu: Reorder CPUID leaves in cpu_x86_cpuid() Paolo Bonzini
2025-07-14 11:04 ` [PULL 74/77] i386/cpu: Fix number of addressable IDs field for CPUID.01H.EBX[23:16] Paolo Bonzini
2025-07-14 11:04 ` [PULL 75/77] i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16] Paolo Bonzini
2025-07-14 11:04 ` [PULL 76/77] i386/cpu: Fix overflow of cache topology fields in CPUID.04H Paolo Bonzini
2025-07-14 11:04 ` [PULL 77/77] i386/cpu: Honor maximum value for CPUID.8000001DH.EAX[25:14] Paolo Bonzini
2025-07-15 19:50 ` [PULL 00/77] Rust, target/i386 changes for QEMU 10.1 soft freeze Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250714110406.117772-29-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=anisinha@redhat.com \
--cc=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=roy.hopkins@randomman.co.uk \
--cc=sgarzare@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).