Re: [PULL 10/10] crypto: Introduce x509 utils

On Tue, Mar 18, 2025 at 10:44 PM Peter Maydell wrote: > > On Mon, 9 Sept 2024 at 15:21, Daniel P. Berrangé wrote: > > > > From: Dorjoy Chowdhury > > > > An utility function for getting fingerprint from X.509 certificate > > has been introduced. Implementatio

Re: [PATCH] hw/virtio/virtio-nsm: Respond with correct length

nsm.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Reviewed-by: Dorjoy Chowdhury Thanks for fixing! Regards, dorjoy

Re: [PATCH 1/1] docs/nitro-enclave: Clarify Enclave and Firecracker relationship

On Wed, Jan 8, 2025 at 10:03 PM Philippe Mathieu-Daudé wrote: > > On 7/1/25 18:01, Dorjoy Chowdhury wrote: > > On Tue, Dec 31, 2024 at 12:26 AM Dorjoy Chowdhury > > wrote: > >> > >> On Thu, Dec 12, 2024 at 8:14 PM Dorjoy Chowdhury > >> wrote

Re: [PATCH 1/1] docs/nitro-enclave: Clarify Enclave and Firecracker relationship

On Tue, Dec 31, 2024 at 12:26 AM Dorjoy Chowdhury wrote: > > On Thu, Dec 12, 2024 at 8:14 PM Dorjoy Chowdhury > wrote: > > > > On Thu, Dec 12, 2024 at 4:25 AM Alexander Graf wrote: > > > > > > The documentation says that Nitro Enclaves are based on Fir

Re: [PATCH 1/1] docs/nitro-enclave: Clarify Enclave and Firecracker relationship

On Thu, Dec 12, 2024 at 8:14 PM Dorjoy Chowdhury wrote: > > On Thu, Dec 12, 2024 at 4:25 AM Alexander Graf wrote: > > > > The documentation says that Nitro Enclaves are based on Firecracker. AWS > > has never made that statement. > > > > This patch nudges

Re: [PATCH 1/1] docs/nitro-enclave: Clarify Enclave and Firecracker relationship

> Signed-off-by: Alexander Graf > --- > docs/system/i386/nitro-enclave.rst | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > Reviewed-by: Dorjoy Chowdhury cc Paolo. This can be picked up for merging along with the 3 other nitro-enclave related patches from me. Regards, Dorjoy

Re: [PATCH] eif: Use stateful qcrypto apis

On Mon, Dec 2, 2024 at 9:39 PM Alexander Graf wrote: > > > On 09.11.24 13:30, Dorjoy Chowdhury wrote: > > We were storing the pointers to buffers in a GList due to lack of > > stateful crypto apis and instead doing the final hash computation at > > the end after we ha

Re: [PATCH] device/virtio-nsm: Support string data for extendPCR

On Mon, Dec 2, 2024 at 9:37 PM Alexander Graf wrote: > > > On 09.11.24 13:32, Dorjoy Chowdhury wrote: > > NSM device in AWS Nitro Enclaves supports extending with both > > bytestring and string data. > > > > Signed-off-by: Dorjoy Chowdhury > > > Reviewed

Re: [PATCH] docs/nitro-enclave: Fix terminal commands formatting

On Mon, Dec 2, 2024 at 9:36 PM Alexander Graf wrote: > > > On 09.11.24 13:28, Dorjoy Chowdhury wrote: > > > > Signed-off-by: Dorjoy Chowdhury > > > (nit: Please make sure to always have a patch description in the body of > the patch, even if it feels like the sub

Re: [PATCH] docs/nitro-enclave: Fix terminal commands formatting

On Mon, Nov 25, 2024 at 8:59 PM Dorjoy Chowdhury wrote: > > On Mon, Nov 18, 2024 at 7:10 PM Dorjoy Chowdhury > wrote: > > > > Ping. > > > > Ping... > > This is a very small one that should fix the UI issue in > https://www.qemu.org/docs/master/syst

Re: [PATCH] eif: Use stateful qcrypto apis

On Mon, Nov 25, 2024 at 9:01 PM Dorjoy Chowdhury wrote: > > On Mon, Nov 18, 2024 at 7:13 PM Dorjoy Chowdhury > wrote: > > > > Ping. > > > > Ping... > This hasn't been reviewed and I think this one simplifies the code in > eif.c and is quite small. > Gentle ping. Regards, Dorjoy

Re: [PATCH] device/virtio-nsm: Support string data for extendPCR

On Mon, Nov 25, 2024 at 9:00 PM Dorjoy Chowdhury wrote: > > On Mon, Nov 18, 2024 at 7:12 PM Dorjoy Chowdhury > wrote: > > > > Ping. > > > > Ping... > This is a small one that can be reviewed and picked up for merging. Thanks! > Gentle ping. Regards, Dorjoy

Re: [PATCH] eif: Use stateful qcrypto apis

On Mon, Nov 18, 2024 at 7:13 PM Dorjoy Chowdhury wrote: > > Ping. > Ping... This hasn't been reviewed and I think this one simplifies the code in eif.c and is quite small. Regards, Dorjoy

Re: [PATCH] device/virtio-nsm: Support string data for extendPCR

On Mon, Nov 18, 2024 at 7:12 PM Dorjoy Chowdhury wrote: > > Ping. > Ping... This is a small one that can be reviewed and picked up for merging. Thanks! Regards, Dorjoy

Re: [PATCH] docs/nitro-enclave: Fix terminal commands formatting

On Mon, Nov 18, 2024 at 7:10 PM Dorjoy Chowdhury wrote: > > Ping. > Ping... This is a very small one that should fix the UI issue in https://www.qemu.org/docs/master/system/i386/nitro-enclave.html . It would be great if it could be reviewed and picked up for merging. Thanks! Regards, Dorjoy

Re: [PATCH] eif: Use stateful qcrypto apis

Ping. This is also a smaller one that needs to be reviewed. Regards, Dorjoy

Re: [PATCH] device/virtio-nsm: Support string data for extendPCR

Ping. This is a small one that needs review. Regards, Dorjoy

Re: [PATCH] docs/nitro-enclave: Fix terminal commands formatting

Ping. Regards, Dorjoy

Re: [PATCH] device/virtio-nsm: Support string data for extendPCR

Hey Alex, On Tue, Nov 12, 2024, 6:14 PM Alexander Graf wrote: > Hey Dorjoy, > > Thanks a lot for the patch! Would you mind to send to the ML so it can > go through the normal review + apply cycle? :) > > Same comment for the other patches. > I don't understand. I sent them to the mailing list

[PATCH] docs/nitro-enclave: Fix terminal commands formatting

Signed-off-by: Dorjoy Chowdhury --- docs/system/i386/nitro-enclave.rst | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/system/i386/nitro-enclave.rst b/docs/system/i386/nitro-enclave.rst index 73e3edefe5..48eda5bd9e 100644 --- a/docs/system/i386/nitro-enclave.rst

[PATCH] device/virtio-nsm: Support string data for extendPCR

NSM device in AWS Nitro Enclaves supports extending with both bytestring and string data. Signed-off-by: Dorjoy Chowdhury --- hw/virtio/virtio-nsm.c | 21 ++--- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/hw/virtio/virtio-nsm.c b/hw/virtio/virtio-nsm.c index

[PATCH] eif: Use stateful qcrypto apis

* functions which makes the code much simpler. Signed-off-by: Dorjoy Chowdhury --- hw/core/eif.c | 202 hw/i386/nitro_enclave.c | 12 +- include/hw/i386/nitro_enclave.h | 16 +-- 3 files changed, 91 insertions(+), 139 deletions(-) diff

Re: [PULL 06/13] eif: cope with huge section sizes

On Fri, Nov 8, 2024 at 11:38 PM Paolo Bonzini wrote: > > Check for overflow as well as allocation failure. Resolves Coverity CID > 1564859. > > Reviewed-by: Pierrick Bouvier > Reviewed-by: Dorjoy Chowdhury > Signed-off-by: Paolo Bonzini > -

Re: [PATCH] eif: cope with huge section sizes

On Wed, Nov 6, 2024 at 11:44 PM Paolo Bonzini wrote: > > Check for overflow as well as allocation failure. Resolves Coverity CID > 1564859. > > Signed-off-by: Paolo Bonzini > --- > hw/core/eif.c | 48 +--- > 1 file changed, 41 insertions(+), 7 deleti

Re: [PATCH v2] eif: cope with huge section offsets

On Thu, Nov 7, 2024 at 12:12 AM Paolo Bonzini wrote: > > Check for overflow to avoid that fseek() receives a sign-extended value. > > Cc: Dorjoy Chowdhury > Signed-off-by: Paolo Bonzini > --- > include/qemu/osdep.h | 4 > hw/core/eif.c| 4 > 2

Re: [PATCH] eif: cope with huge section offsets

On Wed, Nov 6, 2024 at 11:58 PM Paolo Bonzini wrote: > > On Wed, Nov 6, 2024 at 6:54 PM Pierrick Bouvier > wrote: > > > > On 11/6/24 09:49, Paolo Bonzini wrote: > > > On Wed, Nov 6, 2024 at 6:47 PM Pierrick Bouvier > > > wrote: > > > > > >>>for (int i = 0; i < MAX_SECTIONS; ++i) { > > >>

Re: [PATCH] eif: cope with huge section sizes

ged, 41 insertions(+), 7 deletions(-) > Reviewed-by: Dorjoy Chowdhury Thanks for fixing! Regards, Dorjoy

Re: [PULL 23/49] hw/core: Add Enclave Image Format (EIF) related helpers

Hi Alex, On Tue, Nov 5, 2024 at 9:37 PM Alexander Graf wrote: > > Hi Dorjoy, > > > On 05.11.24 14:56, Dorjoy Chowdhury wrote: > > On Tue, Nov 5, 2024 at 6:51 PM Paolo Bonzini wrote: > >> On Tue, Nov 5, 2024 at 12:44 PM Peter Maydell > >> wrote: > >

Re: [PULL 23/49] hw/core: Add Enclave Image Format (EIF) related helpers

On Tue, Nov 5, 2024 at 6:51 PM Paolo Bonzini wrote: > > On Tue, Nov 5, 2024 at 12:44 PM Peter Maydell > wrote: > > Hi; Coverity raises a couple of potential issues with the > > read_eif_file() function in this commit, which are both > > "Coverity assumes the file we're reading is untrusted and i

Re: [PATCH v8 0/6] AWS Nitro Enclave emulation support

On Wed, Oct 30, 2024, 5:31 PM Paolo Bonzini wrote: > On 10/30/24 09:43, Alexander Graf wrote: > >> Hi, > >> > >> sorry about the delay -- the patches failed CI and I didn't have much > >> time to investigate until now. > >> > >> The issues are basically: > >> > >> 1) some rST syntax errors > >> >

Re: [PATCH v8 0/6] AWS Nitro Enclave emulation support

On Wed, Oct 30, 2024, 1:03 PM Paolo Bonzini wrote: > On Tue, Oct 29, 2024 at 9:08 PM Dorjoy Chowdhury > wrote: > > Thanks for fixing. The attached patch looks great to me. I just have > > one suggestion. Now that the CONFIG_* symbols have the dependencies > > listed e

Re: [PATCH v8 0/6] AWS Nitro Enclave emulation support

Hi Paolo, On Wed, Oct 30, 2024 at 1:32 AM Paolo Bonzini wrote: > > On 10/23/24 16:27, Dorjoy Chowdhury wrote: > > On Wed, Oct 16, 2024 at 7:58 PM Dorjoy Chowdhury > > wrote: > >> > >> Ping > >> > >> This patch series has been reviewed by Al

Re: [PATCH v8 0/6] AWS Nitro Enclave emulation support

On Wed, Oct 16, 2024 at 7:58 PM Dorjoy Chowdhury wrote: > > Ping > > This patch series has been reviewed by Alex. I am not sure if it needs > more review. If not, maybe this can be picked up for merging. Thanks! > Gentle ping. This patch series has been reviewed by Alex and

Re: [PATCH v8 0/6] AWS Nitro Enclave emulation support

Ping This patch series has been reviewed by Alex. I am not sure if it needs more review. If not, maybe this can be picked up for merging. Thanks! Regards, Dorjoy

Re: [PATCH v2 0/3] crypto: fix regression in hash result buffer handling

+++--- > include/crypto/hmac.h | 17 - > tests/unit/test-crypto-hash.c | 7 --- > tests/unit/test-crypto-hmac.c | 6 -- > 8 files changed, 88 insertions(+), 28 deletions(-) > Reviewed-by: Dorjoy Chowdhury @Daniel the api documentation for &q

Re: [PATCH 1/2] crypto/hash: avoid overwriting user supplied result pointer

On Tue, Oct 15, 2024 at 6:56 PM Daniel P. Berrangé wrote: > If the user provides a pre-allocated buffer for the hash result, > we must use that rather than re-allocating a new buffer. > > Reported-by: Dorjoy Chowdhury > Signed-off-by: Daniel P. Berrangé > --- > cryp

possible bug in recent crypto patches in master branch

Hi, I think there maybe some bugs caused by the recent crypto patches that got merged to master. ref: https://lore.kernel.org/qemu-devel/cafeaca-e_1wflun2hpttt2bszxksmbnxkak_uzuhwrh_fb6...@mail.gmail.com/T/#t I think before these patches the "qcrypto_hash_bytes" or "qcrypto_hash_bytesv" apis used

Re: [PATCH v7 0/5] AWS Nitro Enclave emulation support

Thanks for reviewing. I have now submitted a v8. https://lore.kernel.org/qemu-devel/20241008211727.49088-1-dorjoychy...@gmail.com/T/#t Regards, Dorjoy

[PATCH v8 5/6] machine/nitro-enclave: New machine type for AWS Nitro Enclaves

e. [1] https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html [2] https://aws.amazon.com/ec2/ [3] https://github.com/aws/aws-nitro-enclaves-image-format [4] https://github.com/rust-vmm/vhost-device/tree/main/vhost-device-vsock Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS

[PATCH v8 6/6] docs/nitro-enclave: Documentation for nitro-enclave machine type

Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS| 1 + docs/system/i386/nitro-enclave.rst | 78 ++ 2 files changed, 79 insertions(+) create mode 100644 docs/system/i386/nitro-enclave.rst diff --git a/MAINTAINERS b/MAINTAINERS index f78a7cca06

[PATCH v8 2/6] device/virtio-nsm: Support for Nitro Secure Module device

/user/nitro-enclave.html [3] http://cbor.io/ [4] https://libcbor.readthedocs.io/en/latest/ Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS | 10 + hw/virtio/Kconfig|5 + hw/virtio/cbor-helpers.c | 321 ++ hw/virtio/meson.build|6

[PATCH v8 4/6] core/machine: Make create_default_memdev machine class property

This is in preparation for the next commit where the nitro-enclave machine type will need to instead use a memfd backend for the built-in vhost-user-vsock device to work. Signed-off-by: Dorjoy Chowdhury --- backends/hostmem-memfd.c | 2 -- hw/core/machine.c| 71

[PATCH v8 1/6] tests/lcitool: Update libvirt-ci and add libcbor dependency

tests/lcitool/projects/qemu.yml. Reviewed-by: Daniel P. Berrangé Signed-off-by: Dorjoy Chowdhury --- .gitlab-ci.d/cirrus/macos-14.vars | 2 +- .gitlab-ci.d/cirrus/macos-15.vars | 2 +- scripts/ci/setup/ubuntu/ubuntu-2204-aarch64.yaml | 1 + scripts/ci

[PATCH v8 3/6] hw/core: Add Enclave Image Format (EIF) related helpers

commit where CONFIG_NITRO_ENCLAVE will be introduced. [1] https://github.com/aws/aws-nitro-enclaves-image-format [2] https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS | 7 + hw/core/eif.c | 719

[PATCH v8 0/6] AWS Nitro Enclave emulation support

cli/blob/main/docs/ubuntu_20.04_how_to_install_nitro_cli_from_github_sources.md [9] https://github.com/aws/aws-nitro-enclaves-cli/blob/main/examples/x86_64/hello/README.md Dorjoy Chowdhury (6): tests/lcitool: Update libvirt-ci and add libcbor dependency device/virtio-nsm: Support for Nitro Secure Module device hw/core: Add Enclave Image Format (EI

Re: [PATCH v7 0/5] AWS Nitro Enclave emulation support

On Tue, Oct 1, 2024 at 7:15 PM Michael S. Tsirkin wrote: > > On Sun, Sep 22, 2024 at 03:44:36PM +0600, Dorjoy Chowdhury wrote: > > [7] > > https://lists.oasis-open.org/archives/virtio-comment/202310/msg00387.html > > That list is dead, would you mind reposting to the ne

Re: [PATCH v7 0/5] AWS Nitro Enclave emulation support

Ping Requesting for review on this one. v7 thread URL for convenience: https://lore.kernel.org/qemu-devel/20240922094441.23802-1-dorjoychy...@gmail.com/T/#t Thanks! Regards, Dorjoy

[PATCH v7 2/5] device/virtio-nsm: Support for Nitro Secure Module device

/user/nitro-enclave.html [3] http://cbor.io/ [4] https://libcbor.readthedocs.io/en/latest/ Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS | 10 + hw/virtio/Kconfig|5 + hw/virtio/cbor-helpers.c | 326 ++ hw/virtio/meson.build|6

Re: [PATCH v6 0/8] AWS Nitro Enclave emulation support

Thanks for reviewing. I have now submitted a v7 : https://lore.kernel.org/qemu-devel/20240922094441.23802-1-dorjoychy...@gmail.com/T/#t Regards, Dorjoy

[PATCH v7 0/5] AWS Nitro Enclave emulation support

cli/blob/main/docs/ubuntu_20.04_how_to_install_nitro_cli_from_github_sources.md [9] https://github.com/aws/aws-nitro-enclaves-cli/blob/main/examples/x86_64/hello/README.md Dorjoy Chowdhury (5): tests/lcitool: Update libvirt-ci and add libcbor dependency device/virtio-nsm: Support for Nitro Secure Module dev

[PATCH v7 4/5] machine/nitro-enclave: New machine type for AWS Nitro Enclaves

e. [1] https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html [2] https://aws.amazon.com/ec2/ [3] https://github.com/aws/aws-nitro-enclaves-image-format [4] https://github.com/rust-vmm/vhost-device/tree/main/vhost-device-vsock Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS

[PATCH v7 5/5] docs/nitro-enclave: Documentation for nitro-enclave machine type

Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS| 1 + docs/system/i386/nitro-enclave.rst | 78 ++ 2 files changed, 79 insertions(+) create mode 100644 docs/system/i386/nitro-enclave.rst diff --git a/MAINTAINERS b/MAINTAINERS index 37411dfffa

[PATCH v7 3/5] hw/core: Add Enclave Image Format (EIF) related helpers

commit where CONFIG_NITRO_ENCLAVE will be introduced. [1] https://github.com/aws/aws-nitro-enclaves-image-format [2] https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS | 7 + hw/core/eif.c | 719

[PATCH v7 1/5] tests/lcitool: Update libvirt-ci and add libcbor dependency

tests/lcitool/projects/qemu.yml. Reviewed-by: Daniel P. Berrangé Signed-off-by: Dorjoy Chowdhury --- .gitlab-ci.d/cirrus/macos-13.vars | 2 +- .gitlab-ci.d/cirrus/macos-14.vars | 2 +- scripts/ci/setup/ubuntu/ubuntu-2204-aarch64.yaml | 1 + scripts/ci

Re: [PATCH v6 5/8] device/virtio-nsm: Support for Nitro Secure Module device

On Mon, Sep 16, 2024, 1:26 AM Michael S. Tsirkin wrote: > On Fri, Sep 06, 2024 at 01:57:32AM +0600, Dorjoy Chowdhury wrote: > > Nitro Secure Module (NSM)[1] device is used in AWS Nitro Enclaves[2] > > for stripped down TPM functionality like cryptographic attestation. > >

Re: [PATCH v6 0/8] AWS Nitro Enclave emulation support

ping Requesting for review on this patch series. The first 3 patches have been merged by Daniel but the rest need to be reviewed. Thanks! patch URL: https://lore.kernel.org/qemu-devel/20240905195735.16911-1-dorjoychy...@gmail.com/T/#t Regards, Dorjoy

Re: [PATCH v6 3/8] crypto: Introduce x509 utils

On Fri, Sep 6, 2024 at 7:50 PM Daniel P. Berrangé wrote: > > On Fri, Sep 06, 2024 at 01:57:30AM +0600, Dorjoy Chowdhury wrote: > > An utility function for getting fingerprint from X.509 certificate > > has been introduced. Implementation only provided using gnutls. > > &

Re: [PATCH v5 0/8] AWS Nitro Enclave emulation support

Thanks for reviewing. I have now posted a v6 https://lists.gnu.org/archive/html/qemu-devel/2024-09/msg00823.html Regards, Dorjoy

Re: [PATCH v5 7/8] machine/nitro-enclave: New machine type for AWS Nitro Enclaves

On Thu, Aug 29, 2024 at 2:15 PM Daniel P. Berrangé wrote: > > On Wed, Aug 28, 2024 at 09:50:25PM +0600, Dorjoy Chowdhury wrote: > > Hi Daniel, > > > > On Wed, Aug 28, 2024 at 9:39 PM Daniel P. Berrangé > > wrote: > > > > > > On Thu, Aug 22,

[PATCH v6 3/8] crypto: Introduce x509 utils

An utility function for getting fingerprint from X.509 certificate has been introduced. Implementation only provided using gnutls. Signed-off-by: Dorjoy Chowdhury --- crypto/meson.build | 4 ++ crypto/x509-utils.c | 75 + include/crypto/x509

[PATCH v6 5/8] device/virtio-nsm: Support for Nitro Secure Module device

/user/nitro-enclave.html [3] http://cbor.io/ [4] https://libcbor.readthedocs.io/en/latest/ Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS | 10 + hw/virtio/Kconfig|5 + hw/virtio/cbor-helpers.c | 326 ++ hw/virtio/meson.build|6

[PATCH v6 1/8] crypto: Define macros for hash algorithm digest lengths

Reviewed-by: Daniel P. Berrangé Signed-off-by: Dorjoy Chowdhury --- crypto/hash.c | 14 +++--- include/crypto/hash.h | 8 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/crypto/hash.c b/crypto/hash.c index b0f8228bdc..8087f5dae6 100644 --- a/crypto

[PATCH v6 4/8] tests/lcitool: Update libvirt-ci and add libcbor dependency

tests/lcitool/projects/qemu.yml. Reviewed-by: Daniel P. Berrangé Signed-off-by: Dorjoy Chowdhury --- .gitlab-ci.d/cirrus/macos-13.vars | 2 +- .gitlab-ci.d/cirrus/macos-14.vars | 2 +- scripts/ci/setup/ubuntu/ubuntu-2204-aarch64.yaml | 1 + scripts/ci

[PATCH v6 7/8] machine/nitro-enclave: New machine type for AWS Nitro Enclaves

e. [1] https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html [2] https://aws.amazon.com/ec2/ [3] https://github.com/aws/aws-nitro-enclaves-image-format [4] https://github.com/rust-vmm/vhost-device/tree/main/vhost-device-vsock Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS

[PATCH v6 6/8] hw/core: Add Enclave Image Format (EIF) related helpers

commit where CONFIG_NITRO_ENCLAVE will be introduced. [1] https://github.com/aws/aws-nitro-enclaves-image-format [2] https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS | 7 + hw/core/eif.c | 719

[PATCH v6 8/8] docs/nitro-enclave: Documentation for nitro-enclave machine type

Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS| 1 + docs/system/i386/nitro-enclave.rst | 78 ++ 2 files changed, 79 insertions(+) create mode 100644 docs/system/i386/nitro-enclave.rst diff --git a/MAINTAINERS b/MAINTAINERS index e06aa4a5d7

[PATCH v6 0/8] AWS Nitro Enclave emulation support

.com/aws/aws-nitro-enclaves-cli/blob/main/examples/x86_64/hello/README.md Dorjoy Chowdhury (8): crypto: Define macros for hash algorithm digest lengths crypto: Support SHA384 hash when using glib crypto: Introduce x509 utils tests/lcitool: Update libvirt-ci and add libcbor dependency devic

[PATCH v6 2/8] crypto: Support SHA384 hash when using glib

QEMU requires minimum glib version 2.66.0 as per the root meson.build file and per glib documentation[1] G_CHECKSUM_SHA384 is available since 2.51. [1] https://docs.gtk.org/glib/enum.ChecksumType.html Reviewed-by: Daniel P. Berrangé Signed-off-by: Dorjoy Chowdhury --- crypto/hash-glib.c | 2

Re: [PATCH v5 5/8] device/virtio-nsm: Support for Nitro Secure Module device

On Thu, Sep 5, 2024, 2:27 AM Michael S. Tsirkin wrote: > On Thu, Sep 05, 2024 at 12:30:07AM +0600, Dorjoy Chowdhury wrote: > > On Wed, Sep 4, 2024 at 2:47 AM Dorjoy Chowdhury > wrote: > > > > > > > > > > > > On Wed, Sep 4, 2024, 2:32 AM Michael S

Re: [PATCH v5 5/8] device/virtio-nsm: Support for Nitro Secure Module device

On Wed, Sep 4, 2024 at 2:47 AM Dorjoy Chowdhury wrote: > > > > On Wed, Sep 4, 2024, 2:32 AM Michael S. Tsirkin wrote: >> >> On Wed, Sep 04, 2024 at 01:58:15AM +0600, Dorjoy Chowdhury wrote: >> > On Thu, Aug 29, 2024 at 1:11 AM Michael S. Tsirkin wrote: >>

Re: [PATCH v5 5/8] device/virtio-nsm: Support for Nitro Secure Module device

On Wed, Sep 4, 2024, 2:32 AM Michael S. Tsirkin wrote: > On Wed, Sep 04, 2024 at 01:58:15AM +0600, Dorjoy Chowdhury wrote: > > On Thu, Aug 29, 2024 at 1:11 AM Michael S. Tsirkin > wrote: > > > > > > On Thu, Aug 29, 2024 at 01:04:05AM +0600, Dorjoy Chowdhury wrote

Re: [PATCH v5 5/8] device/virtio-nsm: Support for Nitro Secure Module device

On Thu, Aug 29, 2024 at 1:11 AM Michael S. Tsirkin wrote: > > On Thu, Aug 29, 2024 at 01:04:05AM +0600, Dorjoy Chowdhury wrote: > > On Thu, Aug 29, 2024 at 12:28 AM Michael S. Tsirkin wrote: > > > > > > On Thu, Aug 22, 2024 at 09:08:46PM +0600, Dorjoy Chowdhury wrot

Re: [PATCH v5 5/8] device/virtio-nsm: Support for Nitro Secure Module device

On Thu, Aug 29, 2024 at 12:28 AM Michael S. Tsirkin wrote: > > On Thu, Aug 22, 2024 at 09:08:46PM +0600, Dorjoy Chowdhury wrote: > > Nitro Secure Module (NSM)[1] device is used in AWS Nitro Enclaves[2] > > for stripped down TPM functionality like cryptographic attestation. >

Re: [PATCH v5 7/8] machine/nitro-enclave: New machine type for AWS Nitro Enclaves

Hi Daniel, On Wed, Aug 28, 2024 at 9:39 PM Daniel P. Berrangé wrote: > > On Thu, Aug 22, 2024 at 09:08:48PM +0600, Dorjoy Chowdhury wrote: > > AWS nitro enclaves[1] is an Amazon EC2[2] feature that allows creating > > isolated execution environments, called enclave

Re: [PATCH v4 0/6] AWS Nitro Enclave emulation support

Thanks for taking the time to review. v5 posted now: https://lists.gnu.org/archive/html/qemu-devel/2024-08/msg03251.html Regards, Dorjoy

Re: [PATCH v4 4/6] machine/nitro-enclave: Add built-in Nitro Secure Module device

Hi Daniel, On Mon, Aug 19, 2024 at 4:37 PM Daniel P. Berrangé wrote: > > On Sun, Aug 18, 2024 at 05:42:55PM +0600, Dorjoy Chowdhury wrote: > > AWS Nitro Enclaves have built-in Nitro Secure Module (NSM) device which > > is used for stripped down TPM functionality like attest

[PATCH v5 6/8] hw/core: Add Enclave Image Format (EIF) related helpers

-enclave.html Signed-off-by: Dorjoy Chowdhury --- hw/core/eif.c | 719 ++ hw/core/eif.h | 22 ++ 2 files changed, 741 insertions(+) create mode 100644 hw/core/eif.c create mode 100644 hw/core/eif.h diff --git a/hw/core/eif.c b/hw/core/eif.c new file

[PATCH v5 1/8] crypto: Define macros for hash algorithm digest lengths

Signed-off-by: Dorjoy Chowdhury --- crypto/hash.c | 14 +++--- include/crypto/hash.h | 8 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/crypto/hash.c b/crypto/hash.c index b0f8228bdc..8087f5dae6 100644 --- a/crypto/hash.c +++ b/crypto/hash.c @@ -23,13

[PATCH v5 8/8] docs/nitro-enclave: Documentation for nitro-enclave machine type

Signed-off-by: Dorjoy Chowdhury --- docs/system/i386/nitro-enclave.rst | 85 ++ 1 file changed, 85 insertions(+) create mode 100644 docs/system/i386/nitro-enclave.rst diff --git a/docs/system/i386/nitro-enclave.rst b/docs/system/i386/nitro-enclave.rst new file mode

[PATCH v5 5/8] device/virtio-nsm: Support for Nitro Secure Module device

/user/nitro-enclave.html [3] http://cbor.io/ [4] https://libcbor.readthedocs.io/en/latest/ Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS | 10 + hw/virtio/Kconfig|5 + hw/virtio/cbor-helpers.c | 326 ++ hw/virtio/meson.build|6

[PATCH v5 4/8] tests/lcitool: Update libvirt-ci and add libcbor dependency

tests/lcitool/projects/qemu.yml. Signed-off-by: Dorjoy Chowdhury --- .gitlab-ci.d/cirrus/macos-13.vars | 2 +- .gitlab-ci.d/cirrus/macos-14.vars | 2 +- scripts/ci/setup/ubuntu/ubuntu-2204-aarch64.yaml | 1 + scripts/ci/setup/ubuntu/ubuntu-2204

[PATCH v5 3/8] crypto: Introduce x509 utils

An utility function for getting fingerprint from X.509 certificate has been introduced. Implementation only provided using gnutls. Signed-off-by: Dorjoy Chowdhury --- crypto/meson.build | 4 ++ crypto/x509-utils.c | 75 + include/crypto/x509

[PATCH v5 7/8] machine/nitro-enclave: New machine type for AWS Nitro Enclaves

e. [1] https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html [2] https://aws.amazon.com/ec2/ [3] https://github.com/aws/aws-nitro-enclaves-image-format [4] https://github.com/rust-vmm/vhost-device/tree/main/vhost-device-vsock Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS

[PATCH v5 2/8] crypto: Support SHA384 hash when using glib

QEMU requires minimum glib version 2.66.0 as per the root meson.build file and per glib documentation[1] G_CHECKSUM_SHA384 is available since 2.51. [1] https://docs.gtk.org/glib/enum.ChecksumType.html Reviewed-by: Daniel P. Berrangé Signed-off-by: Dorjoy Chowdhury --- crypto/hash-glib.c | 2

[PATCH v5 0/8] AWS Nitro Enclave emulation support

llo/README.md Dorjoy Chowdhury (8): crypto: Define macros for hash algorithm digest lengths crypto: Support SHA384 hash when using glib crypto: Introduce x509 utils tests/lcitool: Update libvirt-ci and add libcbor dependency device/virtio-nsm: Support for Nitro Secure Module device hw/c

Re: [PATCH v4 4/6] machine/nitro-enclave: Add built-in Nitro Secure Module device

Hey Daniel, The libvirt-ci repository has been updated with the libcbor dependency. Should I just update my submodule locally to point to the new master branch and then do a separate commit i.e., "Updated submodule..." and _then_ do this[1] as part of whatever commit introduces the libcbor dependen

Re: [PATCH v4 4/6] machine/nitro-enclave: Add built-in Nitro Secure Module device

On Mon, Aug 19, 2024 at 10:10 PM Daniel P. Berrangé wrote: > > On Mon, Aug 19, 2024 at 10:07:02PM +0600, Dorjoy Chowdhury wrote: > > On Mon, Aug 19, 2024 at 9:53 PM Daniel P. Berrangé > > wrote: > > > > > > On Mon, Aug 19, 2024 at 09:32:55PM +0600, Dorjoy Cho

Re: [PATCH v4 4/6] machine/nitro-enclave: Add built-in Nitro Secure Module device

On Mon, Aug 19, 2024 at 9:58 PM Alexander Graf wrote: > > > On 19.08.24 17:28, Dorjoy Chowdhury wrote: > > Hey Alex, > > > > On Mon, Aug 19, 2024 at 4:13 PM Alexander Graf wrote: > >> Hey Dorjoy, > >> > >> On 18.08.24 13:42, Dorjoy Chowdhu

Re: [PATCH v4 4/6] machine/nitro-enclave: Add built-in Nitro Secure Module device

On Mon, Aug 19, 2024 at 9:53 PM Daniel P. Berrangé wrote: > > On Mon, Aug 19, 2024 at 09:32:55PM +0600, Dorjoy Chowdhury wrote: > > On Mon, Aug 19, 2024 at 4:13 PM Alexander Graf wrote: > > > > > > Hey Dorjoy, > > > > > > On 18.08.24 13:42, Dorjoy

Re: [PATCH v4 4/6] machine/nitro-enclave: Add built-in Nitro Secure Module device

On Mon, Aug 19, 2024 at 4:13 PM Alexander Graf wrote: > > Hey Dorjoy, > > On 18.08.24 13:42, Dorjoy Chowdhury wrote: > > AWS Nitro Enclaves have built-in Nitro Secure Module (NSM) device which > > is used for stripped down TPM functionality like attestation. This commit &

Re: [PATCH v4 4/6] machine/nitro-enclave: Add built-in Nitro Secure Module device

Hey Alex, On Mon, Aug 19, 2024 at 4:13 PM Alexander Graf wrote: > > Hey Dorjoy, > > On 18.08.24 13:42, Dorjoy Chowdhury wrote: > > AWS Nitro Enclaves have built-in Nitro Secure Module (NSM) device which > > is used for stripped down TPM functionality like attestation.

Re: [PATCH v3 0/5] AWS Nitro Enclave emulation support

Thanks for the reviews. I have now posted a v4 at: https://mail.gnu.org/archive/html/qemu-devel/2024-08/msg02675.html Regards, Dorjoy

[PATCH v4 1/6] machine/nitro-enclave: New machine type for AWS Nitro Enclaves

est/user/nitro-enclave.html [2] https://aws.amazon.com/ec2/ [3] https://github.com/aws/aws-nitro-enclaves-image-format Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS | 9 + configs/devices/i386-softmmu/default.mak | 1 + hw/core/eif.c

[PATCH v4 4/6] machine/nitro-enclave: Add built-in Nitro Secure Module device

ce. If not provided, a default id will be set. - 'parent-role': Parent instance IAM role ARN, reflected in PCR3 of the NSM device. - 'parent-id': Parent instance identifier, reflected in PCR4 of the NSM device. Signed-off-by: Dorjoy Chowdhury --- crypto/meson.build

[PATCH v4 2/6] machine/nitro-enclave: Add vhost-user-vsock device

ad of running another whole VM with CID 3. [1] https://github.com/rust-vmm/vhost-device/tree/main/vhost-device-vsock Signed-off-by: Dorjoy Chowdhury --- backends/hostmem-memfd.c| 2 - hw/core/machine.c | 71 +- hw/i386/Kconfig |

[PATCH v4 6/6] docs/nitro-enclave: Documentation for nitro-enclave machine type

--- docs/system/i386/nitro-enclave.rst | 82 ++ 1 file changed, 82 insertions(+) create mode 100644 docs/system/i386/nitro-enclave.rst diff --git a/docs/system/i386/nitro-enclave.rst b/docs/system/i386/nitro-enclave.rst new file mode 100644 index 00..291a8ae3

[PATCH v4 5/6] crypto: Support SHA384 hash when using glib

QEMU requires minimum glib version 2.66.0 as per the root meson.build file and per glib documentation[1] G_CHECKSUM_SHA384 is available since 2.51. [1] https://docs.gtk.org/glib/enum.ChecksumType.html Signed-off-by: Dorjoy Chowdhury --- crypto/hash-glib.c | 2 +- 1 file changed, 1 insertion

[PATCH v4 0/6] AWS Nitro Enclave emulation support

ocs/ubuntu_20.04_how_to_install_nitro_cli_from_github_sources.md [9] https://github.com/aws/aws-nitro-enclaves-cli/blob/main/examples/x86_64/hello/README.md Dorjoy Chowdhury (6): machine/nitro-enclave: New machine type for AWS Nitro Enclaves machine/nitro-enclave: Add vhost-user-vsock device device/virtio-nsm: Support for Nitro Secure Mod

[PATCH v4 3/6] device/virtio-nsm: Support for Nitro Secure Module device

/en/latest/ Signed-off-by: Dorjoy Chowdhury --- MAINTAINERS | 10 + hw/virtio/Kconfig|5 + hw/virtio/cbor-helpers.c | 292 ++ hw/virtio/meson.build|4 + hw/virtio/virtio-nsm-pci.c | 73 ++ hw/virtio/virtio-nsm.c

Re: [PATCH v3 4/5] machine/nitro-enclave: Add built-in Nitro Secure Module device

On Fri, Aug 16, 2024 at 6:58 PM Daniel P. Berrangé wrote: > > On Fri, Aug 16, 2024 at 06:50:34PM +0600, Dorjoy Chowdhury wrote: > > Hi Daniel, > > > > On Mon, Aug 12, 2024 at 8:07 PM Daniel P. Berrangé > > wrote: > > > > > > On Sat, Aug 10,

  1   2   >