vmgs_resources/
lib.rs

1// Copyright (c) Microsoft Corporation.
2// Licensed under the MIT License.
3
4//! Resources for VMGS files.
5
6#![forbid(unsafe_code)]
7
8use mesh::MeshPayload;
9use vm_resource::Resource;
10use vm_resource::ResourceId;
11use vm_resource::kind::DiskHandleKind;
12use vm_resource::kind::NonVolatileStoreKind;
13use vmgs_format::FileId;
14
15/// A handle to an individual file within a VMGS file.
16#[derive(MeshPayload)]
17pub struct VmgsFileHandle {
18    /// The file ID.
19    ///
20    /// FUTURE: figure out how to give this the nice type.
21    pub file_id: u32,
22    /// Whether the file is encrypted.
23    pub encrypted: bool,
24}
25
26impl VmgsFileHandle {
27    /// Returns a new handle to the given file.
28    pub fn new(file_id: FileId, encrypted: bool) -> Self {
29        Self {
30            file_id: file_id.0,
31            encrypted,
32        }
33    }
34}
35
36impl ResourceId<NonVolatileStoreKind> for VmgsFileHandle {
37    const ID: &'static str = "vmgs";
38}
39
40/// Virtual machine guest state resource
41#[derive(MeshPayload, Debug)]
42pub enum VmgsResource {
43    /// Use disk to store guest state
44    Disk(VmgsDisk),
45    /// Use disk to store guest state, reformatting if corrupted.
46    ReprovisionOnFailure(VmgsDisk),
47    /// Format and use disk to store guest state
48    Reprovision(VmgsDisk),
49    /// Store guest state in memory
50    Ephemeral,
51}
52
53impl VmgsResource {
54    /// get the encryption policy (returns None for ephemeral guest state)
55    pub fn encryption_policy(&self) -> GuestStateEncryptionPolicy {
56        match self {
57            VmgsResource::Disk(vmgs)
58            | VmgsResource::ReprovisionOnFailure(vmgs)
59            | VmgsResource::Reprovision(vmgs) => vmgs.encryption_policy,
60            VmgsResource::Ephemeral => GuestStateEncryptionPolicy::None(true),
61        }
62    }
63}
64
65/// VMGS disk resource
66#[derive(MeshPayload, Debug)]
67pub struct VmgsDisk {
68    /// Backing disk
69    pub disk: Resource<DiskHandleKind>,
70    /// Guest state encryption policy
71    pub encryption_policy: GuestStateEncryptionPolicy,
72}
73
74/// Guest state encryption policy
75#[derive(MeshPayload, Debug, Clone, Copy)]
76pub enum GuestStateEncryptionPolicy {
77    /// Use the best encryption available, allowing fallback.
78    ///
79    /// VMs will be created as or migrated to the best encryption available,
80    /// attempting GspKey, then GspById, and finally leaving the data
81    /// unencrypted if neither are available.
82    Auto,
83    /// Prefer (or require, if strict) no encryption.
84    ///
85    /// Do not encrypt the guest state unless it is already encrypted and
86    /// strict encryption policy is disabled.
87    None(bool),
88    /// Prefer (or require, if strict) GspById.
89    ///
90    /// This prevents a VM from being created as or migrated to GspKey even
91    /// if it is available. Exisiting GspKey encryption will be used unless
92    /// strict encryption policy is enabled. Fails if the data cannot be
93    /// encrypted.
94    GspById(bool),
95    /// Prefer (or require, if strict) GspKey.
96    ///
97    /// VMs will be created as or migrated to GspKey. GspById encryption will
98    /// be used if GspKey is unavailable unless strict encryption policy is
99    /// enabled. Fails if the data cannot be encrypted.
100    GspKey(bool),
101}
102
103impl GuestStateEncryptionPolicy {
104    /// whether to use strict encryption policy
105    pub fn is_strict(&self) -> bool {
106        match self {
107            GuestStateEncryptionPolicy::Auto => false,
108            GuestStateEncryptionPolicy::None(strict)
109            | GuestStateEncryptionPolicy::GspById(strict)
110            | GuestStateEncryptionPolicy::GspKey(strict) => *strict,
111        }
112    }
113}
vmgs_resources/lib.rs

vmgs_resources/
lib.rs
