diff --git a/Cargo.lock b/Cargo.lock index c89d9660..4729ab43 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1473,7 +1473,7 @@ dependencies = [ [[package]] name = "sev" -version = "5.0.0" +version = "5.1.0" dependencies = [ "base64 0.22.1", "bincode", diff --git a/Cargo.toml b/Cargo.toml index 675dddd7..eaa1a402 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "sev" -version = "5.0.0" +version = "5.1.0" authors = [ "Nathaniel McCallum ", "The VirTEE Project Developers", diff --git a/src/certs/mod.rs b/src/certs/mod.rs index f3c2d4ea..620d4a34 100644 --- a/src/certs/mod.rs +++ b/src/certs/mod.rs @@ -1,6 +1,10 @@ // SPDX-License-Identifier: Apache-2.0 /// Legacy SEV certificates. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "sev")] pub mod sev; diff --git a/src/certs/sev/builtin/mod.rs b/src/certs/sev/builtin/mod.rs index 02397a31..3ce410a2 100644 --- a/src/certs/sev/builtin/mod.rs +++ b/src/certs/sev/builtin/mod.rs @@ -4,9 +4,24 @@ //! //! These are primarily offered as a convenience measure to avoid making //! HTTP requests to AMD's servers. - +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod genoa; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod milan; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod naples; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod rome; pub mod turin; diff --git a/src/certs/sev/ca/cert/mod.rs b/src/certs/sev/ca/cert/mod.rs index 55c29569..906bb77f 100644 --- a/src/certs/sev/ca/cert/mod.rs +++ b/src/certs/sev/ca/cert/mod.rs @@ -10,7 +10,6 @@ use std::mem::size_of; use serde::{de, ser}; use serde_bytes::{ByteBuf, Bytes}; - /// An OCA certificate. #[derive(Clone, Copy)] #[repr(C)] diff --git a/src/certs/sev/ca/mod.rs b/src/certs/sev/ca/mod.rs index 288a3658..b904875b 100644 --- a/src/certs/sev/ca/mod.rs +++ b/src/certs/sev/ca/mod.rs @@ -2,7 +2,15 @@ //! For operating on OCA certificates. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] mod cert; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] mod chain; pub use cert::Certificate; diff --git a/src/certs/sev/mod.rs b/src/certs/sev/mod.rs index 36ff2f8f..b79a7fdf 100644 --- a/src/certs/sev/mod.rs +++ b/src/certs/sev/mod.rs @@ -1,20 +1,40 @@ // SPDX-License-Identifier: Apache-2.0 //! Everything needed for working with AMD SEV certificate chains. - +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod builtin; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod ca; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] mod chain; - +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] +#[cfg(feature = "openssl")] +mod crypto; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[allow(clippy::module_inception)] pub mod sev; - +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "openssl")] mod util; -#[cfg(feature = "openssl")] -mod crypto; - pub use chain::Chain; use crate::util::*; diff --git a/src/firmware/linux/host/types/mod.rs b/src/firmware/linux/host/types/mod.rs index 1d9de740..35b597a0 100644 --- a/src/firmware/linux/host/types/mod.rs +++ b/src/firmware/linux/host/types/mod.rs @@ -1,11 +1,19 @@ // SPDX-License-Identifier: Apache-2.0 +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "sev")] mod sev; #[cfg(feature = "snp")] mod snp; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "sev")] pub use self::sev::*; @@ -48,6 +56,10 @@ impl<'a> GetId<'a> { /// Reset the platform's persistent state. /// /// (Chapter 5.5) +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "sev")] #[cfg(target_os = "linux")] pub struct PlatformReset; diff --git a/src/launch/linux/mod.rs b/src/launch/linux/mod.rs index 0fe52d35..5627ba57 100644 --- a/src/launch/linux/mod.rs +++ b/src/launch/linux/mod.rs @@ -3,6 +3,10 @@ //! Operations and types for launching on Linux pub(crate) mod ioctl; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "sev")] pub(crate) mod sev; diff --git a/src/launch/mod.rs b/src/launch/mod.rs index 0ab5ffc9..24ac671a 100644 --- a/src/launch/mod.rs +++ b/src/launch/mod.rs @@ -10,6 +10,10 @@ #[cfg(any(feature = "sev", feature = "snp"))] mod linux; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(feature = "sev")] pub mod sev; diff --git a/src/lib.rs b/src/lib.rs index 9de4be75..2fed1c9a 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -102,9 +102,19 @@ pub mod launch; target_os = "linux" ))] pub mod measurement; + +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(target_os = "linux", feature = "openssl", feature = "sev"))] pub mod session; mod util; + +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod vmsa; /// Error module. @@ -238,10 +248,18 @@ impl codicon::Encoder<()> for Build { #[derive(Copy, Clone)] pub enum Generation { /// First generation EPYC (SEV). + #[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" + )] #[cfg(feature = "sev")] Naples, /// Second generation EPYC (SEV, SEV-ES). + #[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" + )] #[cfg(feature = "sev")] Rome, diff --git a/src/measurement/mod.rs b/src/measurement/mod.rs index f0a8b4b1..81bee6c8 100644 --- a/src/measurement/mod.rs +++ b/src/measurement/mod.rs @@ -21,6 +21,10 @@ pub mod vcpu_types; #[cfg(all(feature = "snp", feature = "openssl"))] pub mod snp; +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[cfg(all(feature = "sev", feature = "openssl"))] pub mod sev; diff --git a/src/measurement/sev.rs b/src/measurement/sev.rs index 8bdb8a6b..ea6b2f35 100644 --- a/src/measurement/sev.rs +++ b/src/measurement/sev.rs @@ -80,6 +80,10 @@ pub fn seves_calc_launch_digest( Ok(launch_hash.finish()) } +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] /// Arguments required to calculate the SEV measurement pub struct SevMeasurementArgs<'a> { /// Path to OVMF file @@ -92,6 +96,10 @@ pub struct SevMeasurementArgs<'a> { pub append: Option<&'a str>, } +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] /// Calculate an SEV launch digest pub fn sev_calc_launch_digest( sev_measurement: SevMeasurementArgs, diff --git a/src/measurement/vmsa.rs b/src/measurement/vmsa.rs index 1aee43ff..60356fe0 100644 --- a/src/measurement/vmsa.rs +++ b/src/measurement/vmsa.rs @@ -13,6 +13,10 @@ use std::{convert::TryFrom, fmt, str::FromStr}; #[derive(Debug, Clone, Copy, PartialEq)] pub enum SevMode { /// SEV + #[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" + )] Sev, /// SEV-ES SevEs, diff --git a/src/session/mod.rs b/src/session/mod.rs index 70d0de0a..39ff2fe1 100644 --- a/src/session/mod.rs +++ b/src/session/mod.rs @@ -3,6 +3,10 @@ //! Utilities for creating a secure channel and facilitating the //! attestation process between the tenant and the AMD SP. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] mod key; use crate::error::SessionError; @@ -28,6 +32,10 @@ pub struct Verified(launch::sev::Measurement); /// Describes a secure channel with the AMD SP. /// /// This is required for facilitating an SEV launch and attestation. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub struct Session { policy: launch::sev::Policy, @@ -119,6 +127,10 @@ impl Session { /// Like the above start function, yet takes PDH as input instead of deriving it from a /// certificate chain. + #[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" + )] pub fn start_pdh( &self, pdh: certs::sev::sev::Certificate, diff --git a/src/util/mod.rs b/src/util/mod.rs index 40c5f892..44c76295 100644 --- a/src/util/mod.rs +++ b/src/util/mod.rs @@ -2,7 +2,12 @@ //! Helpful primitives for developing the crate. +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] pub mod cached_chain; + mod impl_const_id; use std::{ diff --git a/src/vmsa/mod.rs b/src/vmsa/mod.rs index 7469dab3..0313f338 100644 --- a/src/vmsa/mod.rs +++ b/src/vmsa/mod.rs @@ -1,6 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 -//! Types and abstractions regarding Virtual Machine Save Areas (VMSAs). +//! Types and abstractions regarding Legacy SEV Virtual Machine Save Areas (VMSAs). #![allow(dead_code)] @@ -44,6 +44,10 @@ const ATTR_W_MASK: u16 = 1 << ATTR_W_SHIFT; /// Virtual Machine Control Block /// The layout of a VMCB struct is documented in Table B-1 of the /// AMD64 Architecture Programmer’s Manual, Volume 2: System Programming +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[repr(C, packed)] #[derive(Default, Serialize, Deserialize, Clone, Copy)] pub struct VmcbSegment { @@ -65,6 +69,10 @@ pub struct VmcbSegment { /// Virtual Machine Save Area /// The layout of a VMCB struct is documented in Table B-4 of the /// AMD64 Architecture Programmer’s Manual, Volume 2: System Programming +#[deprecated( + since = "5.0.0", + note = "Legacy SEV features will no longer be included/supported in library versions past 5" +)] #[repr(C, packed)] #[derive(Copy, Clone, Serialize, Deserialize)] pub struct Vmsa {