The command is used to finalize the SEV guest launch process. The command returns a measurement value of the data encrypted through the LAUNCH_UPDATE command. This measurement can be handed to the guest owner to verify that the guest was launched into SEV-enabled mode.
User can retrieve the measurement via 'measurement' property defined in 'sev-launch-info' object. Signed-off-by: Brijesh Singh <[email protected]> --- sev.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/sev.c b/sev.c index dcd7c48..21c491c 100644 --- a/sev.c +++ b/sev.c @@ -955,7 +955,21 @@ sev_launch_start(SEVState *s) static int sev_launch_finish(SEVState *s) { - // add the command to finalize the launch in next patches + int ret; + struct kvm_sev_launch_finish *finish = s->launch_finish; + + assert(s->state == SEV_STATE_LAUNCHING); + + ret = sev_ioctl(KVM_SEV_LAUNCH_FINISH, finish); + if (ret) { + return -1; + } + + DPRINTF("SEV: LAUNCH_FINISH "); + DPRINTF_U8_PTR(" measurement", finish->measurement, + sizeof(finish->measurement)); + + s->state = SEV_STATE_RUNNING; return 0; } @@ -1058,7 +1072,6 @@ sev_guest_launch_finish(void *handle) if (s->state == SEV_STATE_LAUNCHING) { return sev_launch_finish(s); - // use launch_finish commands } else if (s->state == SEV_STATE_RECEIVING) { // use receive_finish commands } else {
