From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 1221A1FF13E
	for <inbox@lore.proxmox.com>; Fri, 20 Mar 2026 08:30:58 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 384A5F682;
	Fri, 20 Mar 2026 08:31:11 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1773922283; x=1774527083;
 darn=lists.proxmox.com;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=0jQs4c5Hccoas8mE40jnnkfN4pdqGbK4p/yqO2DQLnc=;
        b=CD+nMGbSnOkn3TmO7IcUkN2u7uW3EkqG6qEZdYL4hjPia5u9KxOIau9/MpDj3Hr3QW
         csns4Q/atnmwlJjbfceopELou/kcbAIGmDU2HsRH4DKQs0vtjzHdAAAlYYTmkCBtVjob
         XJvn9fleK96ViLyq4aKkPtYJ/i2YEa1G0htVwZQizZzv3a2kI3pmUz3WXCdSpjEhHSr5
         z8qKdk+hgNDG3lAvYk8LDn8zNpfTSBtJ8b29oaycHwLpBZyPm9cyW+FS6bvH+OKOCxUg
         6B66CW5jiDqz1/5vnQivlUiNBATPMXUy4b4OwhlkD3s0dgavbQVAdK4d2nVh6rb0P8zS
         WrWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1773922283; x=1774527083;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=0jQs4c5Hccoas8mE40jnnkfN4pdqGbK4p/yqO2DQLnc=;
        b=bXImTqsedc0hofTkmNBNEwOVloT8+w6ub9eU9c0SLNyxmucidapu9yGuc4XJmQnsVI
         gyXfSghh9bxPrzPljXXn4MN2TZfj43DjUy8Nxrly82NlveEg2LH48dZEP0TOTLiY5eIR
         MEscBDVnV2UJpPVOBunAEQHGSH3cgb5QGVtUQ5yXpiwUeasYwfJNtIcFsbb8OZKUVJOq
         H8/YCknzHx0rUUCvr8MWwcxHKl20aRE9pGm1dZ+u86IyWr845CLF8PYcwKtxXEF9fMkP
         Jrl3a8KJ88hPmDKjEtxFrf6sf5G/N84YUHFLRnqxpZI+LrMrwEmjjabRdZkssgrN5WT5
         Biig==
X-Gm-Message-State: AOJu0YwSAVDHLTM3RCx5SDoCVQXqt/9vJk4j3gObwMElhTxJcQulhi3f
	RPrKB4vY/a+9qObr55tpJNvLCuuxIZxF+hFanTuVIwByeUNA9jMm7lAxwaTx7qLB
X-Gm-Gg: ATEYQzx8yOsg+U4Eultz0ZutPmE2T4TA9vKw/pAinGoAwMrMkTL6iyorUMSSbr/qK8t
	i4iNC4q45oSvlB93kmR3NRP4ouetAbSoIXhBr4oYrTMo1iWiqqgHvZLExMwlvBWxz0ZBvGlwytJ
	WVHtD3HL35qT9YKehb489faLwjKTVaE7ULkURiTL76QyMeiZUa4lZt7b1M7Bzw/28/aD5nh7Q2j
	tnWZ7w2/SSTPPEd9E/bpqcRbRZb1FKujhxdX1QJVhMUQn13iL4Z6+WH9wU7snGCw5D86Rb2NWwD
	OZJrK8C+PIOf+B4C/OnEk11jAU/FwNYbMSsDPWJ4AiBCcGMvQ++NHYkIdqetQi5tg/Ftov90bsC
	TGZkfpok0dGXKIDwH7UjouUaqFGq7yLlgAgpLh9RLISvxQXgUy6Q1wiI4wGN/qpw7CQ2dB3T7qZ
	H9fIfc1bcPldhvoPB9so/j6Q/TCqiztF1HZeh8nC0a/MTo8FfPuv18c8lTMm5sRTBjSGAvZ8Sa3
	gDrkTbzmOOy
X-Received: by 2002:a17:902:ccca:b0:2b0:53b6:d0a4 with SMTP id
 d9443c01a7336-2b07717eda0mr26471735ad.12.1773922282426;
        Thu, 19 Mar 2026 05:11:22 -0700 (PDT)
From: Loh Yu Chen <lohyuchen@gmail.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH qemu-server] cpu config: sev: add attestation parameters
Date: Thu, 19 Mar 2026 20:10:35 +0800
Message-ID: <20260319121034.527-2-lohyuchen@gmail.com>
X-Mailer: git-send-email 2.53.0.windows.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
	DKIM_VALID               -0.1 Message has at least one valid DKIM or DK
 signature
	DKIM_VALID_AU            -0.1 Message has a valid DKIM or DK signature from
 author's domain
	DKIM_VALID_EF            -0.1 Message has a valid DKIM or DK signature from
 envelope-from domain
	DMARC_PASS               -0.1 DMARC pass policy
	FREEMAIL_FROM           0.001 Sender email is commonly abused enduser mail
 provider
	RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/,
 no trust
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
X-MailFrom: lohyuchen@gmail.com
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation
Message-ID-Hash: FTALZVYW736GAY4GSNJOQCBBN4OWSSOW
X-Message-ID-Hash: FTALZVYW736GAY4GSNJOQCBBN4OWSSOW
X-Mailman-Approved-At: Fri, 20 Mar 2026 08:30:57 +0100
CC: Loh Yu Chen <lohyuchen@gmail.com>
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

The QEMU sev-guest object supports dh-cert-file and session-file parameters,
required for guest owner launch measurement attestation, but those are not
currently exposed.

These parameters are only applicable for type=std and type=es, as type=snp uses
a different attestation mechanism.

See https://www.qemu.org/docs/master/system/i386/amd-memory-encryption.html

Signed-off-by: Loh Yu Chen <lohyuchen@gmail.com>
---
 src/PVE/QemuServer/CPUConfig.pm | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/src/PVE/QemuServer/CPUConfig.pm b/src/PVE/QemuServer/CPUConfig.pm
index 32ec4954..8ae05b91 100644
--- a/src/PVE/QemuServer/CPUConfig.pm
+++ b/src/PVE/QemuServer/CPUConfig.pm
@@ -413,6 +413,20 @@ my $sev_fmt = {
         default => 0,
         optional => 1,
     },
+    "dh-cert-file" => {
+        description => "Path to guest owner Diffie-Hellman certificate file for SEV(-ES) attestation"
+            . " (Ignored for SEV-SNP)",
+        type => 'string',
+        format_description => 'filepath',
+        optional => 1,
+    },
+    "session-file" => {
+        description => "Path to the session blob file generated by the guest owner for SEV(-ES) attestation"
+            . " (Ignored for SEV-SNP)",
+        type => 'string',
+        format_description => 'filepath',
+        optional => 1,
+    },
 };
 PVE::JSONSchema::register_format('pve-qemu-sev-fmt', $sev_fmt);
 
@@ -1173,6 +1187,20 @@ sub get_amd_sev_object {
         $policy |= 1 << 2 if $amd_sev_conf->{type} eq 'es';
         # disable migration with bit 3 nosend to prevent amd-sev-migration-attack
         $policy |= 1 << 3;
+
+        if (defined($amd_sev_conf->{'dh-cert-file'}) xor defined($amd_sev_conf->{'session-file'})) {
+            die "dh-cert-file and session-file must be specified together.\n";
+        }
+        if (defined($amd_sev_conf->{'dh-cert-file'})) {
+            if (!-f $amd_sev_conf->{'dh-cert-file'}) {
+                die "dh-cert-file '$amd_sev_conf->{'dh-cert-file'}' does not exist.\n";
+            }
+            if (!-f $amd_sev_conf->{'session-file'}) {
+                die "session-file '$amd_sev_conf->{'session-file'}' does not exist.\n";
+            }
+            $sev_mem_object .= ',dh-cert-file=' . $amd_sev_conf->{'dh-cert-file'};
+            $sev_mem_object .= ',session-file=' . $amd_sev_conf->{'session-file'};
+        }
     } elsif ($amd_sev_conf->{type} eq 'snp') {
         $sev_mem_object .= 'sev-snp-guest,id=sev0';
         $sev_mem_object .= ',cbitpos=' . $sev_hw_caps->{cbitpos};
-- 
2.53.0.windows.1