On Fri, Jun 13, 2025 at 8:52 PM Roy Hopkins <[email protected]> wrote:
>
> The initialization sections in IGVM files contain configuration that
> should be applied to the guest platform before it is started. This
> includes guest policy and other information that can affect the security
> level and the startup measurement of a guest.
>
> This commit introduces handling of the initialization sections during
> processing of the IGVM file.
>
> Signed-off-by: Roy Hopkins <[email protected]>
> Acked-by: Michael S. Tsirkin <[email protected]>
> Acked-by: Gerd Hoffman <[email protected]>
> Reviewed-by: Stefano Garzarella <[email protected]>
> ---
> backends/igvm.c | 21 +++++++++++++++++++++
> 1 file changed, 21 insertions(+)
>
> diff --git a/backends/igvm.c b/backends/igvm.c
> index 2a31021d44..ebdb4594d1 100644
> --- a/backends/igvm.c
> +++ b/backends/igvm.c
> @@ -786,6 +786,27 @@ int qigvm_process_file(IgvmCfg *cfg,
> ConfidentialGuestSupport *cgs,
> }
> }
>
> + header_count =
> + igvm_header_count(ctx.file, IGVM_HEADER_SECTION_INITIALIZATION);
> + if (header_count < 0) {
> + error_setg(
> + errp,
> + "Invalid initialization header count in IGVM file. Error code:
> %X",
> + header_count);
> + goto cleanup_parameters;
> + }
> +
> + for (ctx.current_header_index = 0;
> + ctx.current_header_index < (unsigned)header_count;
> + ctx.current_header_index++) {
> + IgvmVariableHeaderType type =
> + igvm_get_header_type(ctx.file,
> IGVM_HEADER_SECTION_INITIALIZATION,
> + ctx.current_header_index);
> + if (qigvm_handler(&ctx, type, errp) < 0) {
So the next patch, patch #14 actually defines the handler.
@@ -92,6 +135,10 @@ static struct QIGVMHandler handlers[] = {
qigvm_directive_environment_info },
{ IGVM_VHT_REQUIRED_MEMORY, IGVM_HEADER_SECTION_DIRECTIVE,
qigvm_directive_required_memory },
+ { IGVM_VHT_SNP_ID_BLOCK, IGVM_HEADER_SECTION_DIRECTIVE,
+ qigvm_directive_snp_id_block },
+ { IGVM_VHT_GUEST_POLICY, IGVM_HEADER_SECTION_INITIALIZATION,
+ qigvm_initialization_guest_policy },
};
So I think patch #14 should come before this patch in the series.
> + goto cleanup_parameters;
> + }
> + }
> +
> /*
> * Contiguous pages of data with compatible flags are grouped together in
> * order to reduce the number of memory regions we create. Make sure the
> --
> 2.43.0
>