Interactive launch over QMP socket?

[Connor Kuehl]

Hello,

Does QEMU have an internal API which would allow VM construction to wait 
at a *very specific point* until specific data/QMP message(s) are 
supplied via the QMP socket?

For some additional context: QEMU supports launching AMD SEV-protected 
guests; in short: encrypted virtual machines. Guest owners may 
participate in attestation to cryptographically verify their assumptions 
about the guest's initial state, the host's platform, and the host 
platform owner's identity. If the guest owner is satisfied with the 
attestation process, a secret can be safely injected into the guest's 
address space over a secure channel.

Attestation is an unavoidably interactive process.

It appears that QEMU already exposes most of the API required to perform 
this attestation remotely with a guest owner over QMP, with only one 
exception: starting the attestation session. It looks like the session 
components (policy, session-file, and dh-cert-file) are supplied via 
command line arguments to QEMU and don't have a message type in the QMP 
spec:

	-object 
sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x1,session-file=blah.session,dh-cert-file=guest_owner.cert

I would like to add a message type to QMP which allows guest owners to 
supply this data over a socket and _not_ require these components a 
priori via command line arguments. In doing so, this would allow for a 
100% remote attestation process over the socket. However, I'm not sure 
how to express this interactive "waiting" for this data to become 
available with internal APIs (assuming it's not supplied as a command 
line argument).

For example, in order to accomplish a 100% remote attestation:

Somewhere in between sev_guest_init() and sev_launch_start(), the guest 
owner may send the following messages:

1. "query-sev" to collect important information about the platform state

2. "query-sev-capabilities" to independently verify the platform 
certificate chain and derive a shared secret for establishing a secure 
channel with the AMD SP.

3. "sev-launch-start" this is the only message that I think is missing 
from the QMP message types for remote attestation. This is how the guest 
owner would deliver the session components over the socket instead of as 
command line arguments.

Then, sometime before the VM is launched and is running, the guest owner 
may send:

4. "query-sev-launch-measure" to compare its measurement against the AMD 
SP's measurement

5. "sev-inject-launch-secret" if happy with attestation, securely 
deliver secrets

6. Guest owner could send a "cont" command and the VM can launch

Any advice on how to accomplish adding this degree of interaction to 
supplying inputs to specific parts of the launch process this is greatly 
appreciated.

Thank you,

Connor

QEMU QMP Reference Manual: 
https://qemu.readthedocs.io/en/latest/interop/qemu-qmp-ref.html