The command is used to finalize the SEV guest launch process.
The command returns a measurement value of the data encrypted through
the LAUNCH_UPDATE command. This measurement can be handed to the guest
owner to verify that the guest was launched into SEV-enabled mode.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
sev.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/sev.c b/sev.c
index fafef6f..ff9266a 100644
--- a/sev.c
+++ b/sev.c
@@ -278,7 +278,30 @@ sev_launch_start(SEVState *s)
static int
sev_launch_finish(SEVState *s)
{
- return 0;
+ int ret;
+ struct kvm_sev_launch_finish *data;
+
+ assert(s->state == SEV_STATE_LAUNCHING);
+
+ data = g_malloc0(sizeof(*data));
+ if (!data) {
+ return 1;
+ }
+
+ ret = sev_ioctl(KVM_SEV_LAUNCH_FINISH, data);
+ if (ret) {
+ goto err;
+ }
+
+ DPRINTF("SEV: LAUNCH_FINISH ");
+ DPRINTF_U8_PTR(" measurement", data->measurement,
+ sizeof(data->measurement));
+
+ s->state = SEV_STATE_RUNNING;
+err:
+ g_free(data);
+
+ return ret;
}
static int
