From de7af884dc334c59cf01177b5ccf9f0cec28225b Mon Sep 17 00:00:00 2001
From: panpingsheng <panpingsheng@hygon.cn>
Date: Fri, 8 Sep 2023 15:04:44 +0800
Subject: [PATCH 1/2] conf: qemu: add libvirt support reuse id for hygon CSV

csv xml format:
<launchSecurity type='sev'>
	<policy>0x0081</policy>
	<cbitpos>47</cbitpos>
	<reducedPhysBits>5</reducedPhysBits>
	<userid>usertest</userid>
</launchSecurity>

Signed-off-by: panpingsheng <panpingsheng@hygon.cn>
Signed-off-by: Xin Jiang <jiangxin@hygon.cn>
Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
 src/conf/domain_conf.c  | 5 +++++
 src/conf/domain_conf.h  | 1 +
 src/qemu/qemu_command.c | 4 ++++
 3 files changed, 10 insertions(+)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 427e7d1bb5..85a5d9c259 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3560,6 +3560,7 @@ virDomainSecDefFree(virDomainSecDef *def)
     case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
         g_free(def->data.sev.dh_cert);
         g_free(def->data.sev.session);
+        g_free(def->data.sev.user_id);
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
@@ -14850,6 +14851,7 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
     def->policy = policy;
     def->dh_cert = virXPathString("string(./dhCert)", ctxt);
     def->session = virXPathString("string(./session)", ctxt);
+    def->user_id = virXPathString("string(./userid)", ctxt);
 
     return 0;
 }
@@ -27179,6 +27181,9 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
         if (sev->session)
             virBufferEscapeString(&childBuf, "<session>%s</session>\n", sev->session);
 
+        if (sev->user_id)
+            virBufferEscapeString(&childBuf, "<userid>%s</userid>\n", sev->user_id);
+
         break;
     }
 
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 930af36868..768ba5f83b 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2717,6 +2717,7 @@ struct _virDomainSEVDef {
     bool haveReducedPhysBits;
     unsigned int reduced_phys_bits;
     virTristateBool kernel_hashes;
+    char *user_id;
 };
 
 struct _virDomainSecDef {
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 978ce899df..d742ac4fdb 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9930,6 +9930,9 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
     VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d",
               sev->policy, sev->cbitpos, sev->reduced_phys_bits);
 
+    if (sev->user_id)
+        VIR_DEBUG("user_id=%s", sev->user_id);
+
     if (sev->dh_cert)
         dhpath = g_strdup_printf("%s/dh_cert.base64", priv->libDir);
 
@@ -9940,6 +9943,7 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
                                      "u:cbitpos", sev->cbitpos,
                                      "u:reduced-phys-bits", sev->reduced_phys_bits,
                                      "u:policy", sev->policy,
+                                     "S:user-id", sev->user_id,
                                      "S:dh-cert-file", dhpath,
                                      "S:session-file", sessionpath,
                                      "T:kernel-hashes", sev->kernel_hashes,
-- 
Gitee


From b072fb4ec543938e51d031bcca5c043740ef7277 Mon Sep 17 00:00:00 2001
From: hanliyang <hanliyang@hygon.cn>
Date: Wed, 13 Nov 2024 16:12:57 +0800
Subject: [PATCH 2/2] conf: qemu: support provide inject secret for Hygon CSV

csv xml format:
<launchSecurity type='sev'>
  <policy>0x0001</policy>
  <cbitpos>47</cbitpos>
  <reducePhysBits>5</reducedPhysBits>
  <dhCert>U2FsdGVkX1+rW6B/JbYqNA==</dhCert>
  <session>5aeG4mH2E/OqN1a3uT8hfg==</session>
  <secretHeader>gW3E30rG/I3L1nD/YfG+DA==</secretHeader>
  <secret>zP1oY9W7ZcPFtL0QeN11vQ==</secret>
</launchSecurity>

Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
 src/conf/domain_conf.c  |  8 ++++++++
 src/conf/domain_conf.h  |  2 ++
 src/qemu/qemu_command.c | 10 ++++++++++
 src/qemu/qemu_process.c | 10 ++++++++++
 4 files changed, 30 insertions(+)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 85a5d9c259..fa108b1813 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3561,6 +3561,8 @@ virDomainSecDefFree(virDomainSecDef *def)
         g_free(def->data.sev.dh_cert);
         g_free(def->data.sev.session);
         g_free(def->data.sev.user_id);
+        g_free(def->data.sev.secret_header);
+        g_free(def->data.sev.secret);
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
@@ -14852,6 +14854,8 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
     def->dh_cert = virXPathString("string(./dhCert)", ctxt);
     def->session = virXPathString("string(./session)", ctxt);
     def->user_id = virXPathString("string(./userid)", ctxt);
+    def->secret_header = virXPathString("string(./secretHeader)", ctxt);
+    def->secret = virXPathString("string(./secret)", ctxt);
 
     return 0;
 }
@@ -27183,6 +27187,10 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
 
         if (sev->user_id)
             virBufferEscapeString(&childBuf, "<userid>%s</userid>\n", sev->user_id);
+        if (sev->secret_header)
+            virBufferEscapeString(&childBuf, "<secretHeader>%s</secretHeader>\n", sev->secret_header);
+        if (sev->secret)
+            virBufferEscapeString(&childBuf, "<secret>%s</secret>\n", sev->secret);
 
         break;
     }
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 768ba5f83b..2bc4358a79 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2718,6 +2718,8 @@ struct _virDomainSEVDef {
     unsigned int reduced_phys_bits;
     virTristateBool kernel_hashes;
     char *user_id;
+    char *secret_header;
+    char *secret;
 };
 
 struct _virDomainSecDef {
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index d742ac4fdb..2b6b5fb5f3 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9926,6 +9926,8 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
     qemuDomainObjPrivate *priv = vm->privateData;
     g_autofree char *dhpath = NULL;
     g_autofree char *sessionpath = NULL;
+    g_autofree char *secretheaderpath = NULL;
+    g_autofree char *secretpath = NULL;
 
     VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d",
               sev->policy, sev->cbitpos, sev->reduced_phys_bits);
@@ -9939,6 +9941,12 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
     if (sev->session)
         sessionpath = g_strdup_printf("%s/session.base64", priv->libDir);
 
+    if (sev->secret_header)
+        secretheaderpath = g_strdup_printf("%s/secret_header.base64", priv->libDir);
+
+    if (sev->secret)
+        secretpath = g_strdup_printf("%s/secret.base64", priv->libDir);
+
     if (qemuMonitorCreateObjectProps(&props, "sev-guest", "lsec0",
                                      "u:cbitpos", sev->cbitpos,
                                      "u:reduced-phys-bits", sev->reduced_phys_bits,
@@ -9947,6 +9955,8 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
                                      "S:dh-cert-file", dhpath,
                                      "S:session-file", sessionpath,
                                      "T:kernel-hashes", sev->kernel_hashes,
+                                     "S:secret-header-file", secretheaderpath,
+                                     "S:secret-file", secretpath,
                                      NULL) < 0)
         return -1;
 
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 73d54f01cd..dac44ce9a3 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6650,6 +6650,16 @@ qemuProcessPrepareSEVGuestInput(virDomainObj *vm)
             return -1;
     }
 
+    if (sev->secret_header) {
+        if (qemuProcessSEVCreateFile(vm, "secret_header", sev->secret_header) < 0)
+            return -1;
+    }
+
+    if (sev->secret) {
+        if (qemuProcessSEVCreateFile(vm, "secret", sev->secret) < 0)
+            return -1;
+    }
+
     return 0;
 }
 
-- 
Gitee