master

分支 (26)

标签 (20)

管理

管理

master

openEuler-24.03-LTS-Next

openEuler-24.03-LTS

openEuler-20.03-LTS-SP4

openEuler-22.03-LTS-SP4

openEuler-22.03-LTS-SP3

openEuler-22.03-LTS-SP1

openEuler-24.09

openEuler-22.03-LTS-Next

openEuler-22.03-LTS-SP2

openEuler-22.03-LTS

openEuler-20.03-LTS-SP1

openEuler-20.03-LTS-SP3

openEuler-23.09

openEuler-23.03

openEuler-22.09

openEuler-20.03-LTS-Next

openEuler-20.03-LTS

openEuler-20.03-LTS-SP2

openEuler-21.09

openEuler-22.03-LTS-SP4-release

openEuler-24.09-release

openEuler-24.03-LTS-release

openEuler-22.03-LTS-SP3-release

openEuler-23.09-rc5

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

qemu_1
/
target-i386-csv-Read-cert-chain-from-...

From d23c6a2bcc836587620bd35726ca4d5f71c0a844 Mon Sep 17 00:00:00 2001
From: hanliyang <hanliyang@hygon.cn>
Date: Mon, 13 Nov 2023 21:55:33 +0000
Subject: [PATCH] target/i386: csv: Read cert chain from file when prepared for
 CSV live migration

The cert chain is too long when encoded with base64, use the filename
of cert chain instead of the encoded string when prepared for CSV live
migration.

[ Fix conflicts. ]
Signed-off-by: hanliyang <hanliyang@hygon.cn>
---
 qapi/migration.json | 24 +++++++++++++++---------
 target/i386/sev.c   | 30 ++++++++++++++++++++++++++----
 2 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/qapi/migration.json b/qapi/migration.json
index 038e99cba3..3aed216c3b 100644
--- a/qapi/migration.json
+++ b/qapi/migration.json
@@ -891,14 +891,16 @@
 # @mode: Migration mode. See description in @MigMode. Default is 'normal'.
 #        (Since 8.2)
 #
-# @sev-pdh: The target host platform diffie-hellman key encoded in base64
+# @sev-pdh: The target host platform diffie-hellman key encoded in base64, or
+#           pdh filename for hygon
 #           (Since 4.2)
 #
-# @sev-plat-cert: The target host platform certificate chain encoded in base64
+# @sev-plat-cert: The target host platform certificate chain encoded in base64,
+#                 or plat cert filename for hygon
 #                 (Since 4.2)
 #
 # @sev-amd-cert: AMD certificate chain which include ASK and OCA encoded in
-#                base64 (Since 4.2)
+#                base64, or vendor cert filename for hygon (Since 4.2)
 #
 # Features:
 #
@@ -1093,14 +1095,16 @@
 # @mode: Migration mode. See description in @MigMode. Default is 'normal'.
 #        (Since 8.2)
 #
-# @sev-pdh: The target host platform diffie-hellman key encoded in base64
+# @sev-pdh: The target host platform diffie-hellman key encoded in base64, or
+#           pdh filename for hygon
 #           (Since 4.2)
 #
-# @sev-plat-cert: The target host platform certificate chain encoded in base64
+# @sev-plat-cert: The target host platform certificate chain encoded in base64,
+#                 or plat cert filename for hygon
 #                 (Since 4.2)
 #
 # @sev-amd-cert: AMD certificate chain which include ASK and OCA encoded in
-#                base64 (Since 4.2)
+#                base64, or vendor cert filename for hygon (Since 4.2)
 #
 # Features:
 #
@@ -1340,14 +1344,16 @@
 # @mode: Migration mode. See description in @MigMode. Default is 'normal'.
 #        (Since 8.2)
 #
-# @sev-pdh: The target host platform diffie-hellman key encoded in base64
+# @sev-pdh: The target host platform diffie-hellman key encoded in base64, or
+#           pdh filename for hygon
 #           (Since 4.2)
 #
-# @sev-plat-cert: The target host platform certificate chain encoded in base64
+# @sev-plat-cert: The target host platform certificate chain encoded in base64,
+#                 or plat cert filename for hygon
 #                 (Since 4.2)
 #
 # @sev-amd-cert: AMD certificate chain which include ASK and OCA encoded in
-#                base64 (Since 4.2)
+#                base64, or vendor cert filename for hygon (Since 4.2)
 #
 # Features:
 #
diff --git a/target/i386/sev.c b/target/i386/sev.c
index 0b0f589aee..331dfa4516 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -27,6 +27,7 @@
 #include "crypto/hash.h"
 #include "sysemu/kvm.h"
 #include "sev.h"
+#include "csv.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/runstate.h"
 #include "trace.h"
@@ -979,18 +980,39 @@ int sev_save_setup(const char *pdh, const char *plat_cert,
 {
     SevGuestState *s = sev_guest;

-    s->remote_pdh = g_base64_decode(pdh, &s->remote_pdh_len);
+    if (is_hygon_cpu()) {
+        if (sev_read_file_base64(pdh, &s->remote_pdh,
+                                 &s->remote_pdh_len) < 0) {
+            goto error;
+        }
+    } else {
+        s->remote_pdh = g_base64_decode(pdh, &s->remote_pdh_len);
+    }
     if (!check_blob_length(s->remote_pdh_len)) {
         goto error;
     }

-    s->remote_plat_cert = g_base64_decode(plat_cert,
-                                          &s->remote_plat_cert_len);
+    if (is_hygon_cpu()) {
+        if (sev_read_file_base64(plat_cert, &s->remote_plat_cert,
+                                 &s->remote_plat_cert_len) < 0) {
+            goto error;
+        }
+    } else {
+        s->remote_plat_cert = g_base64_decode(plat_cert,
+                                              &s->remote_plat_cert_len);
+    }
     if (!check_blob_length(s->remote_plat_cert_len)) {
         goto error;
     }

-    s->amd_cert = g_base64_decode(amd_cert, &s->amd_cert_len);
+    if (is_hygon_cpu()) {
+        if (sev_read_file_base64(amd_cert, &s->amd_cert,
+                                 &s->amd_cert_len) < 0) {
+            goto error;
+        }
+    } else {
+        s->amd_cert = g_base64_decode(amd_cert, &s->amd_cert_len);
+    }
     if (!check_blob_length(s->amd_cert_len)) {
         goto error;
     }
--
2.41.0.windows.1