diff options
| author | Tobin Feldman-Fitzthum <tobin@ibm.com> | 2020-10-27 13:03:03 -0400 |
|---|---|---|
| committer | Eduardo Habkost <ehabkost@redhat.com> | 2020-12-10 17:33:17 -0500 |
| commit | c7f7e6970d3b74c1454cafea4918187e06c473eb (patch) | |
| tree | 305f51bc016b3aec4654352ada698a427677f846 /qapi | |
| parent | 1bf8b88f144bee747e386c88d45d772e066bbb36 (diff) | |
sev: add sev-inject-launch-secret
AMD SEV allows a guest owner to inject a secret blob
into the memory of a virtual machine. The secret is
encrypted with the SEV Transport Encryption Key and
integrity is guaranteed with the Transport Integrity
Key. Although QEMU facilitates the injection of the
launch secret, it cannot access the secret.
Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
Message-Id: <20201027170303.47550-1-tobin@linux.ibm.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Diffstat (limited to 'qapi')
| -rw-r--r-- | qapi/misc-target.json | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/qapi/misc-target.json b/qapi/misc-target.json index cbe5135264..06ef8757f0 100644 --- a/qapi/misc-target.json +++ b/qapi/misc-target.json @@ -202,6 +202,24 @@ 'if': 'defined(TARGET_I386)' } ## +# @sev-inject-launch-secret: +# +# This command injects a secret blob into memory of SEV guest. +# +# @packet-header: the launch secret packet header encoded in base64 +# +# @secret: the launch secret data to be injected encoded in base64 +# +# @gpa: the guest physical address where secret will be injected. +# +# Since: 6.0 +# +## +{ 'command': 'sev-inject-launch-secret', + 'data': { 'packet-header': 'str', 'secret': 'str', 'gpa': 'uint64' }, + 'if': 'defined(TARGET_I386)' } + +## # @dump-skeys: # # Dump guest's storage keys |