On Tue, Sep 13, 2016 at 10:48:18AM -0400, Brijesh Singh wrote:
> The SEV LAUNCH_FINISH command is used for finalizing the guest launch
> process. The commad returned a measurement value that can be handed to
> the guest owner to validate the guest before vmrun.
>
> For more information see [1], section 6.3
>
> [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
>
> The following KVM RFC patches defines and implements this command
> http://marc.info/?l=kvm&m=147190852423972&w=2
> http://marc.info/?l=kvm&m=147190856623987&w=2
>
> Signed-off-by: Brijesh Singh <[email protected]>
[...]
> +int kvm_sev_guest_measurement(uint8_t *out)
I don't see any code calling this function yet. Do you have any
plans on how exactly this will be handed back to the guest owner?
A QMP command?
> +{
> + SEVInfo *s = sev_info;
> + struct kvm_sev_launch_finish *finish = s->launch_finish;
> +
> + if (!s) {
> + return 1;
> + }
> +
> + if (s->type == UNENCRYPTED_GUEST &&
> + s->state == SEV_LAUNCH_FINISH) {
> + memcpy(out, finish->measurement, 32);
> + } else {
> + return 1;
Probably it would be more appropriate to use Error** to report
errors in most of the code in this series.
> + }
> +
> + return 0;
> +}
>
--
Eduardo
