i386/sev: Add implementation of CGS set_guest_policy() - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Roy Hopkins <roy.hopkins@randomman.co.uk>	2025-07-03 17:21:58 +0100
committer	Paolo Bonzini <pbonzini@redhat.com>	2025-07-12 15:28:21 +0200
commit	2ff75825cc5a5d56ea90d79cd15578f6b1893561 (patch)
tree	9966e40d32dd6ec3d559dc1b85f692c9929592ab /scripts/qapi/main.py
parent	915b47078d6b4cffde209aab81ab56f73e4a2632 (diff)
download	focaccia-qemu-2ff75825cc5a5d56ea90d79cd15578f6b1893561.tar.gz focaccia-qemu-2ff75825cc5a5d56ea90d79cd15578f6b1893561.zip

i386/sev: Add implementation of CGS set_guest_policy()

The new cgs_set_guest_policy() function is provided to receive the guest
policy flags, SNP ID block and SNP ID authentication from guest
configuration such as an IGVM file and apply it to the platform prior to
launching the guest.

The policy is used to populate values for the existing 'policy',
'id_block' and 'id_auth' parameters. When provided, the guest policy is
applied and the ID block configuration is used to verify the launch
measurement and signatures. The guest is only successfully started if
the expected launch measurements match the actual measurements and the
signatures are valid.

Signed-off-by: Roy Hopkins <roy.hopkins@randomman.co.uk>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Stefano Garzarella <sgarzare@redhat.com>
Acked-by: Gerd Hoffman <kraxel@redhat.com>
Reviewed-by: Ani Sinha <anisinha@redhat.com>
Link: https://lore.kernel.org/r/99e82ddec4ad2970c790db8bea16ea3f57eb0e53.1751554099.git.roy.hopkins@randomman.co.uk
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'scripts/qapi/main.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: