On 4/29/21 12:07 PM, Brijesh Singh wrote: > The SEV FW >= 0.23 added a new command that can be used to query the > attestation report containing the SHA-256 digest of the guest memory > and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK. > > Note, we already have a command (LAUNCH_MEASURE) that can be used to > query the SHA-256 digest of the guest memory encrypted through the > LAUNCH_UPDATE. The main difference between previous and this command > is that the report is signed with the PEK and unlike the LAUNCH_MEASURE > command the ATTESATION_REPORT command can be called while the guest
typo: 'ATTESATION_REPORT' > is running. > > Add a QMP interface "query-sev-attestation-report" that can be used > to get the report encoded in base64. > > Cc: James Bottomley <j...@linux.ibm.com> > Cc: Tom Lendacky <thomas.lenda...@amd.com> > Cc: Eric Blake <ebl...@redhat.com> > Cc: Paolo Bonzini <pbonz...@redhat.com> > Cc: k...@vger.kernel.org > Reviewed-by: James Bottomley <j...@linux.ibm.com> > Tested-by: James Bottomley <j...@linux.ibm.com> > Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Looks good to me! Reviewed-by: Connor Kuehl <cku...@redhat.com>
