qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] qapi, target/i386/sev: Add cpu0-id to query-sev-capabilities


From: Dov Murik
Subject: Re: [PATCH] qapi, target/i386/sev: Add cpu0-id to query-sev-capabilities
Date: Mon, 21 Feb 2022 19:49:25 +0200
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.0

Thanks Daniel for reviewing.


On 21/02/2022 18:24, Daniel P. Berrangé wrote:
> On Mon, Feb 21, 2022 at 04:08:50PM +0000, Dov Murik wrote:
>> Add a new field 'cpu0-id' to the response of query-sev-capabilities
>> QMP command.  The value of the field is the hex-encoded 64-byte unique
>> ID of the CPU0 (socket 0), which can be used to retrieve the signed CEK
>> of the CPU from AMD's Key Distribution Service (KDS).
>>
>> Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
>> ---
>>  qapi/misc-target.json |  4 ++++
>>  target/i386/sev.c     | 43 +++++++++++++++++++++++++++++++++++++++++++
>>  2 files changed, 47 insertions(+)
>>
>> diff --git a/qapi/misc-target.json b/qapi/misc-target.json
>> index 4bc45d2474..d9b4991c86 100644
>> --- a/qapi/misc-target.json
>> +++ b/qapi/misc-target.json
>> @@ -177,6 +177,8 @@
>>  #
>>  # @cert-chain:  PDH certificate chain (base64 encoded)
>>  #
>> +# @cpu0-id: 64-byte unique ID of CPU0 (hex encoded) (since 7.0)
> 
> For binary data in QAPI we've pretty much standardized on using
> base64 encoding. I think we should stick with that encoding.
> 

OK, I'll change that to base64.

I thought about the cpu0-id as some kind of "address string", like mac
addresses or IPv6 addresses which are usually represented as hex strings
and not as base64-encoded.  But I guess that the AMD CPU unique ID
doesn't have the same legacy (and accepted notation) as mac addresses or
IPv6 addresses, so we might as well treat it as "regular" binary data.

Going with base64 also saves some code because QEMU doesn't have a
ready-made hex_encode() function (I copied mine from a static function
in crypto/hash.c).

-Dov


>> +#
>>  # @cbitpos: C-bit location in page table entry
>>  #
>>  # @reduced-phys-bits: Number of physical Address bit reduction when SEV is
>> @@ -187,6 +189,7 @@
>>  { 'struct': 'SevCapability',
>>    'data': { 'pdh': 'str',
>>              'cert-chain': 'str',
>> +            'cpu0-id': 'str',
>>              'cbitpos': 'int',
>>              'reduced-phys-bits': 'int'},
>>    'if': 'TARGET_I386' }
>> @@ -205,6 +208,7 @@
>>  #
>>  # -> { "execute": "query-sev-capabilities" }
>>  # <- { "return": { "pdh": "8CCDD8DDD", "cert-chain": "888CCCDDDEE",
>> +#                  "cpu0-id": "5ea2e1...90ea39",
>>  #                  "cbitpos": 47, "reduced-phys-bits": 5}}
>>  #
>>  ##
> 
> Regards,
> Daniel



reply via email to

[Prev in Thread] Current Thread [Next in Thread]