diff --git a/Cargo.lock b/Cargo.lock index fd7e985d..c4699659 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -864,7 +864,7 @@ dependencies = [ [[package]] name = "sev" -version = "5.0.0" +version = "5.1.0" dependencies = [ "base64", "bincode", diff --git a/Cargo.toml b/Cargo.toml index d710f6de..38af2d77 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "sev" -version = "5.0.0" +version = "5.1.0" authors = [ "Nathaniel McCallum ", "The VirTEE Project Developers", diff --git a/src/certs/mod.rs b/src/certs/mod.rs index f3c2d4ea..620d4a34 100644 --- a/src/certs/mod.rs +++ b/src/certs/mod.rs @@ -1,6 +1,10 @@ // SPDX-License-Identifier: Apache-2.0 /// Legacy SEV certificates. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "sev")] pub mod sev; diff --git a/src/certs/sev/builtin/mod.rs b/src/certs/sev/builtin/mod.rs index 3c2b4144..70a1d78b 100644 --- a/src/certs/sev/builtin/mod.rs +++ b/src/certs/sev/builtin/mod.rs @@ -4,8 +4,23 @@ //! //! These are primarily offered as a convenience measure to avoid making //! HTTP requests to AMD's servers. - +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod genoa; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod milan; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod naples; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod rome; diff --git a/src/certs/sev/ca/cert/mod.rs b/src/certs/sev/ca/cert/mod.rs index 55c29569..906bb77f 100644 --- a/src/certs/sev/ca/cert/mod.rs +++ b/src/certs/sev/ca/cert/mod.rs @@ -10,7 +10,6 @@ use std::mem::size_of; use serde::{de, ser}; use serde_bytes::{ByteBuf, Bytes}; - /// An OCA certificate. #[derive(Clone, Copy)] #[repr(C)] diff --git a/src/certs/sev/ca/mod.rs b/src/certs/sev/ca/mod.rs index 288a3658..b904875b 100644 --- a/src/certs/sev/ca/mod.rs +++ b/src/certs/sev/ca/mod.rs @@ -2,7 +2,15 @@ //! For operating on OCA certificates. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] mod cert; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] mod chain; pub use cert::Certificate; diff --git a/src/certs/sev/mod.rs b/src/certs/sev/mod.rs index 36ff2f8f..b79a7fdf 100644 --- a/src/certs/sev/mod.rs +++ b/src/certs/sev/mod.rs @@ -1,20 +1,40 @@ // SPDX-License-Identifier: Apache-2.0 //! Everything needed for working with AMD SEV certificate chains. - +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod builtin; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod ca; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] mod chain; - +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] +#[cfg(feature = "openssl")] +mod crypto; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[allow(clippy::module_inception)] pub mod sev; - +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "openssl")] mod util; -#[cfg(feature = "openssl")] -mod crypto; - pub use chain::Chain; use crate::util::*; diff --git a/src/firmware/linux/host/types/mod.rs b/src/firmware/linux/host/types/mod.rs index 1d9de740..35b597a0 100644 --- a/src/firmware/linux/host/types/mod.rs +++ b/src/firmware/linux/host/types/mod.rs @@ -1,11 +1,19 @@ // SPDX-License-Identifier: Apache-2.0 +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "sev")] mod sev; #[cfg(feature = "snp")] mod snp; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "sev")] pub use self::sev::*; @@ -48,6 +56,10 @@ impl<'a> GetId<'a> { /// Reset the platform's persistent state. /// /// (Chapter 5.5) +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "sev")] #[cfg(target_os = "linux")] pub struct PlatformReset; diff --git a/src/launch/linux/mod.rs b/src/launch/linux/mod.rs index 0fe52d35..5627ba57 100644 --- a/src/launch/linux/mod.rs +++ b/src/launch/linux/mod.rs @@ -3,6 +3,10 @@ //! Operations and types for launching on Linux pub(crate) mod ioctl; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "sev")] pub(crate) mod sev; diff --git a/src/launch/mod.rs b/src/launch/mod.rs index 0ab5ffc9..24ac671a 100644 --- a/src/launch/mod.rs +++ b/src/launch/mod.rs @@ -10,6 +10,10 @@ #[cfg(any(feature = "sev", feature = "snp"))] mod linux; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "sev")] pub mod sev; diff --git a/src/lib.rs b/src/lib.rs index 4ce2a1ef..b78142e8 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -102,9 +102,19 @@ pub mod launch; target_os = "linux" ))] pub mod measurement; + +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(target_os = "linux", feature = "openssl", feature = "sev"))] pub mod session; mod util; + +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod vmsa; /// Error module. @@ -255,10 +265,18 @@ impl codicon::Encoder<()> for Build { #[derive(Copy, Clone)] pub enum Generation { /// First generation EPYC (SEV). + #[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" + )] #[cfg(feature = "sev")] Naples, /// Second generation EPYC (SEV, SEV-ES). + #[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" + )] #[cfg(feature = "sev")] Rome, @@ -388,7 +406,6 @@ impl Generation { } // The C FFI interface to the library. - #[cfg(all(feature = "sev", target_os = "linux"))] lazy_static! { static ref INIT_MAP: Mutex>> = @@ -401,6 +418,10 @@ lazy_static! { Mutex::new(HashMap::new()); } +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(feature = "sev", target_os = "linux"))] fn set_fw_err(ptr: *mut c_int, err: FirmwareError) { unsafe { *ptr = err.into() }; @@ -412,6 +433,10 @@ fn set_fw_err(ptr: *mut c_int, err: FirmwareError) { /// /// The caller of this function is responsible for ensuring that the pointer arguments are /// valid. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(feature = "sev", target_os = "linux"))] #[no_mangle] pub unsafe extern "C" fn sev_init(vm_fd: c_int, sev_fd: c_int, fw_err: *mut c_int) -> c_int { @@ -438,6 +463,10 @@ pub unsafe extern "C" fn sev_init(vm_fd: c_int, sev_fd: c_int, fw_err: *mut c_in /// /// The caller of this function is responsible for ensuring that the pointer arguments are /// valid. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(feature = "sev", target_os = "linux"))] #[no_mangle] pub unsafe extern "C" fn sev_es_init(vm_fd: c_int, sev_fd: c_int, fw_err: *mut c_int) -> c_int { @@ -464,6 +493,10 @@ pub unsafe extern "C" fn sev_es_init(vm_fd: c_int, sev_fd: c_int, fw_err: *mut c /// /// The caller of this function is responsible for ensuring that the pointer arguments are /// valid. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(feature = "sev", target_os = "linux"))] #[no_mangle] pub unsafe extern "C" fn sev_launch_start( @@ -510,6 +543,10 @@ pub unsafe extern "C" fn sev_launch_start( /// /// The caller of this function is responsible for ensuring that the pointer arguments are /// valid. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(feature = "sev", target_os = "linux"))] #[no_mangle] pub unsafe extern "C" fn sev_launch_update_data( @@ -539,6 +576,10 @@ pub unsafe extern "C" fn sev_launch_update_data( /// /// The caller of this function is responsible for ensuring that the pointer arguments are /// valid. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(feature = "sev", target_os = "linux"))] #[no_mangle] pub unsafe extern "C" fn sev_launch_update_vmsa(vm_fd: c_int, fw_err: *mut c_int) -> c_int { @@ -565,6 +606,10 @@ pub unsafe extern "C" fn sev_launch_update_vmsa(vm_fd: c_int, fw_err: *mut c_int /// /// The "measurement_data" argument should be a valid pointer able to hold the meausurement's /// bytes. The measurement is 48 bytes in size. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(feature = "sev", target_os = "linux"))] #[no_mangle] pub unsafe extern "C" fn sev_launch_measure( @@ -612,6 +657,10 @@ pub unsafe extern "C" fn sev_launch_measure( /// /// The caller of this function is responsible for ensuring that the pointer arguments are /// valid. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(feature = "sev", target_os = "linux"))] #[no_mangle] pub unsafe extern "C" fn sev_inject_launch_secret( @@ -658,6 +707,10 @@ pub unsafe extern "C" fn sev_inject_launch_secret( /// /// The caller of this function is responsible for ensuring that the pointer arguments are /// valid. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(feature = "sev", target_os = "linux"))] #[no_mangle] pub unsafe extern "C" fn sev_launch_finish(vm_fd: c_int, fw_err: *mut c_int) -> c_int { @@ -687,6 +740,10 @@ pub unsafe extern "C" fn sev_launch_finish(vm_fd: c_int, fw_err: *mut c_int) -> /// /// The caller of this function is responsible for ensuring that the pointer arguments are /// valid. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(feature = "sev", target_os = "linux"))] #[allow(unused_assignments)] #[no_mangle] diff --git a/src/measurement/mod.rs b/src/measurement/mod.rs index f0a8b4b1..81bee6c8 100644 --- a/src/measurement/mod.rs +++ b/src/measurement/mod.rs @@ -21,6 +21,10 @@ pub mod vcpu_types; #[cfg(all(feature = "snp", feature = "openssl"))] pub mod snp; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(feature = "sev", feature = "openssl"))] pub mod sev; diff --git a/src/measurement/sev.rs b/src/measurement/sev.rs index 8bdb8a6b..ea6b2f35 100644 --- a/src/measurement/sev.rs +++ b/src/measurement/sev.rs @@ -80,6 +80,10 @@ pub fn seves_calc_launch_digest( Ok(launch_hash.finish()) } +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] /// Arguments required to calculate the SEV measurement pub struct SevMeasurementArgs<'a> { /// Path to OVMF file @@ -92,6 +96,10 @@ pub struct SevMeasurementArgs<'a> { pub append: Option<&'a str>, } +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] /// Calculate an SEV launch digest pub fn sev_calc_launch_digest( sev_measurement: SevMeasurementArgs, diff --git a/src/measurement/vmsa.rs b/src/measurement/vmsa.rs index 1aee43ff..60356fe0 100644 --- a/src/measurement/vmsa.rs +++ b/src/measurement/vmsa.rs @@ -13,6 +13,10 @@ use std::{convert::TryFrom, fmt, str::FromStr}; #[derive(Debug, Clone, Copy, PartialEq)] pub enum SevMode { /// SEV + #[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" + )] Sev, /// SEV-ES SevEs, diff --git a/src/session/mod.rs b/src/session/mod.rs index 70d0de0a..39ff2fe1 100644 --- a/src/session/mod.rs +++ b/src/session/mod.rs @@ -3,6 +3,10 @@ //! Utilities for creating a secure channel and facilitating the //! attestation process between the tenant and the AMD SP. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] mod key; use crate::error::SessionError; @@ -28,6 +32,10 @@ pub struct Verified(launch::sev::Measurement); /// Describes a secure channel with the AMD SP. /// /// This is required for facilitating an SEV launch and attestation. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub struct Session { policy: launch::sev::Policy, @@ -119,6 +127,10 @@ impl Session { /// Like the above start function, yet takes PDH as input instead of deriving it from a /// certificate chain. + #[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" + )] pub fn start_pdh( &self, pdh: certs::sev::sev::Certificate, diff --git a/src/util/mod.rs b/src/util/mod.rs index 40c5f892..44c76295 100644 --- a/src/util/mod.rs +++ b/src/util/mod.rs @@ -2,7 +2,12 @@ //! Helpful primitives for developing the crate. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod cached_chain; + mod impl_const_id; use std::{ diff --git a/src/vmsa/mod.rs b/src/vmsa/mod.rs index 7469dab3..0313f338 100644 --- a/src/vmsa/mod.rs +++ b/src/vmsa/mod.rs @@ -1,6 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 -//! Types and abstractions regarding Virtual Machine Save Areas (VMSAs). +//! Types and abstractions regarding Legacy SEV Virtual Machine Save Areas (VMSAs). #![allow(dead_code)] @@ -44,6 +44,10 @@ const ATTR_W_MASK: u16 = 1 << ATTR_W_SHIFT; /// Virtual Machine Control Block /// The layout of a VMCB struct is documented in Table B-1 of the /// AMD64 Architecture Programmer’s Manual, Volume 2: System Programming +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[repr(C, packed)] #[derive(Default, Serialize, Deserialize, Clone, Copy)] pub struct VmcbSegment { @@ -65,6 +69,10 @@ pub struct VmcbSegment { /// Virtual Machine Save Area /// The layout of a VMCB struct is documented in Table B-4 of the /// AMD64 Architecture Programmer’s Manual, Volume 2: System Programming +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[repr(C, packed)] #[derive(Copy, Clone, Serialize, Deserialize)] pub struct Vmsa { diff --git a/tests/api.rs b/tests/api.rs index d6d6bcde..a2c79309 100644 --- a/tests/api.rs +++ b/tests/api.rs @@ -1,5 +1,4 @@ // SPDX-License-Identifier: Apache-2.0 - #[cfg(all(feature = "snp", target_os = "linux"))] mod sev { use sev::cached_chain;