From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0047C433E0 for ; Wed, 10 Feb 2021 18:48:41 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4F2A964E2A for ; Wed, 10 Feb 2021 18:48:41 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4F2A964E2A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:36810 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l9uXY-0007md-68 for qemu-devel@archiver.kernel.org; Wed, 10 Feb 2021 13:48:40 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:43186) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l9uVx-0007JG-Ds for qemu-devel@nongnu.org; Wed, 10 Feb 2021 13:47:01 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:53635) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1l9uVo-0005iM-1Z for qemu-devel@nongnu.org; Wed, 10 Feb 2021 13:47:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1612982810; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SwcL9PZMbg9z2uTi+mMYcC9LGdJl5elvlNiYMxW5g6I=; b=cUq0eQo4znMKziJh9Ie3oCE+W8odLStEer3TbZW7acmGqp117bGT465o5n/thzXIoQ8Poo wL/xygUPVk5qazab46IjAJ7jbeZieBIg10VTPEDh+AEAiGBW+nwddeJ/U5XeH99LJ2HeQX welrigAayN7TurvJLVnUcvhaQRQbyEA= Received: from mail-ot1-f69.google.com (mail-ot1-f69.google.com [209.85.210.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-320-JVhLpFt4Oh2eqvUN7Gy4bw-1; Wed, 10 Feb 2021 13:46:48 -0500 X-MC-Unique: JVhLpFt4Oh2eqvUN7Gy4bw-1 Received: by mail-ot1-f69.google.com with SMTP id m7so1493063ots.4 for ; Wed, 10 Feb 2021 10:46:48 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=SwcL9PZMbg9z2uTi+mMYcC9LGdJl5elvlNiYMxW5g6I=; b=GD+Glgyq4SJCgOWEYedDUHMsSDumAaXVm403LXFPnL6P2yXYjJYfhiRnmakW9er40i R0pJQ2BbTInwROKz8AoPZR/U7M1LxXY5ZMVsPTRZjJ89BaqeKjKv8nibpxyNTq0Bzd+l GZqrazycRfmOT3MjE0R2DLwiEemFJPBa995dtXFYg9842k7n06F22+g+pIidccFtezxt A/ZVPNefk6jiWMc359WgnKAsorBYQTGkwOTz25jSYQ4jmZjuakZ3lfBnoPzSb72sSpFR AZlaj24bE/J5CwfTDfFN+JwXjDxWRTVF9xTPSpnOEgK1msjaDHSJCBh9s/igdNLOPCwX QfMA== X-Gm-Message-State: AOAM531aQPBR+GHMr0rFy8o6bJnB7FeMrQzyx7l92xTPxWbVTJVsGD5h 0Aq5cQYV8B1C5yjgc/o296L86EkPzOwo+V6kjqz8RaHIoD1n/q4PAJLchXFlAtQlMvexeWbrNGg HnC3GQIQ5pzoIrf8= X-Received: by 2002:a54:400b:: with SMTP id x11mr240494oie.71.1612982807533; Wed, 10 Feb 2021 10:46:47 -0800 (PST) X-Google-Smtp-Source: ABdhPJzmI3YLn1CbQoBWqexk9qOh4FqvWIpDmD457Kj0/8kA1GwOvIFE6WkYo+SXVhQBkuyyA0Azow== X-Received: by 2002:a54:400b:: with SMTP id x11mr240477oie.71.1612982807314; Wed, 10 Feb 2021 10:46:47 -0800 (PST) Received: from [192.168.0.173] (ip68-103-222-6.ks.ok.cox.net. [68.103.222.6]) by smtp.gmail.com with ESMTPSA id e84sm613004oib.43.2021.02.10.10.46.46 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 10 Feb 2021 10:46:47 -0800 (PST) Subject: Re: Interactive launch over QMP socket? To: jejb@linux.ibm.com, qemu-devel@nongnu.org References: <47b15088-514a-8174-029d-8d9c4571960a@redhat.com> From: Connor Kuehl Message-ID: Date: Wed, 10 Feb 2021 12:46:46 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ckuehl@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=63.128.21.124; envelope-from=ckuehl@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -35 X-Spam_score: -3.6 X-Spam_bar: --- X-Spam_report: (-3.6 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.568, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.211, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: npmccallum@redhat.com, dgilbert@redhat.com Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" On 2/10/21 12:14 PM, James Bottomley wrote: >> I would like to add a message type to QMP which allows guest owners >> to supply this data over a socket and _not_ require these components >> a priori via command line arguments. In doing so, this would allow >> for a 100% remote attestation process over the socket. However, I'm >> not sure how to express this interactive "waiting" for this data to >> become available with internal APIs (assuming it's not supplied as a >> command line argument). > > Well, I never understood why qemu can't deduce the value of cbitpos ... > it even errors out if you get it wrong. However, other things like the > policy and the session file have to be present at start of day. > They're not things that can be passed in after qemu starts building the > machine image because they need to be present to begin building it. Right, I didn't mean to include cbitpos in consideration for this. I'm only interested in supplying the session, policy, and certificate info over the socket. Shouldn't the session, policy, and certificate information only be required in time for the KVM_SEV_LAUNCH_START ioctl call? This is the place I'm interested in waiting for the relevant data. > The patch for remote attestation (which was only recently added to the > PSP protocol) is here: > > https://lore.kernel.org/kvm/20210105163943.30510-1-brijesh.singh@amd.com/ Thank you! I didn't see this, I'll read up on it. Connor