runtime-rs: Add host-data property to sev-snp-guest object

SEV-SNP guest configuration utilizes a different set of properties compared to the existing 'sev-guest' object. This change introduces the `host-data` property within the sev-snp-guest object. This property allows for configuring an SEV-SNP guest with host-provided data, which is crucial for data integrity verification during attestation. The `host-data` property is specifically valid for SEV-SNP guests running on a capable platform. It is configured as a base64-encoded string when using the sev-snp-guest object. the example cmdline looks like: ```shell -object sev-snp-guest,id=sev-snp0,host-data=CGNkCHoBC5CcdGXir... ``` Fixes #11180 Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
2025-07-05 11:36:56 +00:00 · 2025-06-13 17:37:26 +08:00 · 2025-06-13 17:37:26 +08:00 · d6d8497b56
commit d6d8497b56
parent 4a4361393c
2 changed files with 15 additions and 5 deletions
--- a/src/runtime-rs/crates/hypervisor/src/qemu/cmdline_generator.rs
+++ b/src/runtime-rs/crates/hypervisor/src/qemu/cmdline_generator.rs
@ -1798,17 +1798,18 @@ struct ObjectSevSnpGuest {
    cbitpos: u32,
    reduced_phys_bits: u32,
    kernel_hashes: bool,
-
+    host_data: Option<String>,
    is_snp: bool,
 }
 impl ObjectSevSnpGuest {
-    fn new(is_snp: bool, cbitpos: u32) -> Self {
+    fn new(is_snp: bool, cbitpos: u32, host_data: Option<String>) -> Self {
        ObjectSevSnpGuest {
            id: (if is_snp { "snp" } else { "sev" }).to_owned(),
            cbitpos,
            reduced_phys_bits: 1,
            kernel_hashes: true,
            host_data,
            is_snp,
        }
    }
@ -1834,6 +1835,9 @@ impl ToQemuParams for ObjectSevSnpGuest {
                "kernel-hashes={}",
                if self.kernel_hashes { "on" } else { "off" }
            ));
            if let Some(host_data) = &self.host_data {
                params.push(format!("host-data={}", host_data))
            }
        }
        Ok(vec!["-object".to_owned(), params.join(",")])
    }
@ -2430,7 +2434,7 @@ impl<'a> QemuCmdLine<'a> {
    }
    pub fn add_sev_protection_device(&mut self, cbitpos: u32, firmware: &str) {
-        let sev_object = ObjectSevSnpGuest::new(false, cbitpos);
+        let sev_object = ObjectSevSnpGuest::new(true, cbitpos, None);
        self.devices.push(Box::new(sev_object));
        self.devices.push(Box::new(Bios::new(firmware.to_owned())));
@ -2440,8 +2444,13 @@ impl<'a> QemuCmdLine<'a> {
            .set_nvdimm(false);
    }
-    pub fn add_sev_snp_protection_device(&mut self, cbitpos: u32, firmware: &str) {
+    pub fn add_sev_snp_protection_device(
-        let sev_snp_object = ObjectSevSnpGuest::new(true, cbitpos);
+        &mut self,
        cbitpos: u32,
        firmware: &str,
        host_data: &Option<String>,
    ) {
        let sev_snp_object = ObjectSevSnpGuest::new(true, cbitpos, host_data.clone());
        self.devices.push(Box::new(sev_snp_object));
        self.devices.push(Box::new(Bios::new(firmware.to_owned())));
--- a/src/runtime-rs/crates/hypervisor/src/qemu/inner.rs
+++ b/src/runtime-rs/crates/hypervisor/src/qemu/inner.rs
@ -136,6 +136,7 @@ impl QemuInner {
                            cmdline.add_sev_snp_protection_device(
                                sev_snp_cfg.cbitpos,
                                &sev_snp_cfg.firmware,
                                &sev_snp_cfg.host_data,
                            )
                        } else {
                            cmdline.add_sev_protection_device(