On Thu, Apr 29, 2021 at 12:07:28PM -0500, Brijesh Singh wrote: > The SEV FW >= 0.23 added a new command that can be used to query the > attestation report containing the SHA-256 digest of the guest memory > and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK. > > Note, we already have a command (LAUNCH_MEASURE) that can be used to > query the SHA-256 digest of the guest memory encrypted through the > LAUNCH_UPDATE. The main difference between previous and this command > is that the report is signed with the PEK and unlike the LAUNCH_MEASURE > command the ATTESATION_REPORT command can be called while the guest > is running. > > Add a QMP interface "query-sev-attestation-report" that can be used > to get the report encoded in base64. > > Cc: James Bottomley <[email protected]> > Cc: Tom Lendacky <[email protected]> > Cc: Eric Blake <[email protected]> > Cc: Paolo Bonzini <[email protected]> > Cc: [email protected] > Reviewed-by: James Bottomley <[email protected]> > Tested-by: James Bottomley <[email protected]> > Signed-off-by: Brijesh Singh <[email protected]>
Queued, thanks! -- Eduardo
