Re: [libvirt PATCH v4 3/3] qemu: format sev-guest.kernel-hashes property

[Peter Krempa]

On Tue, Dec 14, 2021 at 16:07:06 +, Daniel P. Berrangé wrote:
> Set the kernel-hashes property on the sev-guest object if the config
> asked for it explicitly. While QEMU machine types currently default to
> having this setting off, it is not guaranteed to remain this way.
> 
> We can't assume that the QEMU capabilities were generated on an AMD host
> with SEV, so we must force set the QEMU_CAPS_SEV_GUEST. This also means
> that the 'sev' info in the qemuCaps struct might be NULL, but this is
> harmless from POV of testing the CLI generator.
> 
> Signed-off-by: Daniel P. Berrangé 
> ---
>  src/qemu/qemu_capabilities.c  |  5 +++
>  src/qemu/qemu_command.c   |  1 +
>  src/qemu/qemu_validate.c  |  7 
>  ...nch-security-sev-direct.x86_64-latest.args | 40 +++
>  .../launch-security-sev-direct.xml| 39 ++
>  tests/qemuxml2argvtest.c  |  5 +++
>  tests/testutilsqemu.c | 15 ---

Please split out the testutils change to a separate commit, you can use
my R-b for that without posting to the list.

>  7 files changed, 107 insertions(+), 5 deletions(-)
>  create mode 100644 
> tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args
>  create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.xml

Reviewed-by: Peter Krempa 

[libvirt PATCH v4 3/3] qemu: format sev-guest.kernel-hashes property

[Daniel P . Berrangé]

Set the kernel-hashes property on the sev-guest object if the config
asked for it explicitly. While QEMU machine types currently default to
having this setting off, it is not guaranteed to remain this way.

We can't assume that the QEMU capabilities were generated on an AMD host
with SEV, so we must force set the QEMU_CAPS_SEV_GUEST. This also means
that the 'sev' info in the qemuCaps struct might be NULL, but this is
harmless from POV of testing the CLI generator.

Signed-off-by: Daniel P. Berrangé 
---
 src/qemu/qemu_capabilities.c  |  5 +++
 src/qemu/qemu_command.c   |  1 +
 src/qemu/qemu_validate.c  |  7 
 ...nch-security-sev-direct.x86_64-latest.args | 40 +++
 .../launch-security-sev-direct.xml| 39 ++
 tests/qemuxml2argvtest.c  |  5 +++
 tests/testutilsqemu.c | 15 ---
 7 files changed, 107 insertions(+), 5 deletions(-)
 create mode 100644 
tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args
 create mode 100644 tests/qemuxml2argvdata/launch-security-sev-direct.xml

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index c1b06998af..4f63322a9e 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -1892,6 +1892,11 @@ virQEMUCapsSEVInfoCopy(virSEVCapability **dst,
 {
 g_autoptr(virSEVCapability) tmp = NULL;
 
+if (!src) {
+*dst = NULL;
+return 0;
+}
+
 tmp = g_new0(virSEVCapability, 1);
 
 tmp->pdh = g_strdup(src->pdh);
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 6d00105b24..4d5f7934cb 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9928,6 +9928,7 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
  "u:policy", sev->policy,
  "S:dh-cert-file", dhpath,
  "S:session-file", sessionpath,
+ "T:kernel-hashes", sev->kernel_hashes,
  NULL) < 0)
 return -1;
 
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index f9a195e991..c1924eb2ad 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1217,6 +1217,13 @@ qemuValidateDomainDef(const virDomainDef *def,
  "this QEMU binary"));
 return -1;
 }
+
+if (def->sec->data.sev.kernel_hashes != VIR_TRISTATE_BOOL_ABSENT &&
+!virQEMUCapsGet(qemuCaps, QEMU_CAPS_SEV_GUEST_KERNEL_HASHES)) {
+virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+   _("SEV measured direct kernel boot is not 
supported with this QEMU binary"));
+return -1;
+}
 break;
 case VIR_DOMAIN_LAUNCH_SECURITY_PV:
 if (!virQEMUCapsGet(qemuCaps, 
QEMU_CAPS_MACHINE_CONFIDENTAL_GUEST_SUPPORT) ||
diff --git 
a/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args 
b/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args
new file mode 100644
index 00..dac312e301
--- /dev/null
+++ b/tests/qemuxml2argvdata/launch-security-sev-direct.x86_64-latest.args
@@ -0,0 +1,40 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-QEMUGuest1 \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-QEMUGuest1/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-QEMUGuest1/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-QEMUGuest1/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=QEMUGuest1,debug-threads=on \
+-S \
+-object 
'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tmp/lib/domain--1-QEMUGuest1/master-key.aes"}'
 \
+-machine 
pc,usb=off,dump-guest-core=off,confidential-guest-support=lsec0,memory-backend=pc.ram
 \
+-accel kvm \
+-cpu qemu64 \
+-m 214 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":224395264}' \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot strict=on \
+-kernel /vmlinuz \
+-initrd /initrd \
+-append runme \
+-device 
'{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
+-blockdev 
'{"driver":"host_device","filename":"/dev/HostVG/QEMUGuest1","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}'
 \
+-blockdev 
'{"node-name":"libvirt-1-format","read-only":false,"driver":"raw","file":"libvirt-1-storage"}'
 \
+-device 
'{"driver":"ide-hd","bus":"ide.0","unit":0,"drive":"libvirt-1-format","id":"ide0-0-0","bootindex":1}'
 \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-object