git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Daniel P. Berrangé <berrange@redhat.com>
	Thu, 9 Dec 2021 20:33:22 +0000 (20:33 +0000)
committer	Daniel P. Berrangé <berrange@redhat.com>
	Tue, 15 Nov 2022 11:09:30 +0000 (11:09 +0000)
commit	ececdbdfc006d4253c02f01c25039c3fa536f37e
tree	e8737b4c0307bb621e4984572ebf1f5251a85140	tree
parent	5d63c4e331951ed7c97c5545f2a1b6269eaa73d1	commit \| diff

tools: support validating SEV firmware boot measurements

The virt-qemu-sev-validate program will compare a reported SEV/SEV-ES
domain launch measurement, to a computed launch measurement. This
determines whether the domain has been tampered with during launch.

This initial implementation requires all inputs to be provided
explicitly, and as such can run completely offline, without any
connection to libvirt.

The tool is placed in the libvirt-client-qemu sub-RPM since it is
specific to the QEMU driver.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

docs/manpages/meson.build		diff \| blob \| blame \| history
docs/manpages/virt-qemu-sev-validate.rst	[new file with mode: 0644]	blob
libvirt.spec.in		diff \| blob \| blame \| history
tools/meson.build		diff \| blob \| blame \| history
tools/virt-qemu-sev-validate	[new file with mode: 0755]	blob