capi: Hide SEV launch C APIs behind sev feature

The SEV launch C APIs use the launch::sev module, which requires the sev
feature enabled.

Signed-off-by: Tyler Fanelli <[email protected]>

Cargo.toml

@@ -33,6 +33,7 @@ is-it-maintained-open-issues = { repository = "virtee/sev" }
 [lib]
 crate-type = ["staticlib", "dylib", "rlib"]
 name = 'sev'
+path = "src/lib.rs"
 doc = false
 
 [features]

build.sh

@@ -1,14 +1,14 @@
 #!/bin/sh
 set -e
 
-cd $(dirname $0)
-src=$(pwd)
-cd - >/dev/null
+cd "$(dirname $0)" || exit 1
+src="$(pwd)"
+cd - >/dev/null || exit 1
 
 if [ ! -d build]; then
     # configure a debug build (unoptimized and with debug info) for development
-    meson setup build --buildtype=debug
+    /usr/bin/meson setup build --buildtype=debug
 else
     # If using containerized build we must reconfigure inside the container.
-    meson setup --reconfigure build --buildtype=debug
+    /usr/bin/meson setup --reconfigure build --buildtype=debug
 fi

package-version.py

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 #!/usr/bin/env python3
 import json
 import subprocess

src/firmware/host/types/sev.rs

@@ -2,8 +2,6 @@
 
 //! Operations for managing the SEV platform.
 
-#[cfg(target_os = "linux")]
-pub use crate::firmware::host::Firmware;
 pub use crate::firmware::linux::host::types::PlatformStatusFlags;
 
 use crate::{firmware::host::State, Build};

src/lib.rs

@@ -72,10 +72,30 @@ use certs::sev::ca::{Certificate, Chain as CertSevCaChain};
 #[cfg(all(feature = "sev", feature = "openssl"))]
 use certs::sev::builtin as SevBuiltin;
 
+#[cfg(feature = "sev")]
+use crate::{certs::sev::sev::Certificate as SevCertificate, error::Indeterminate, launch::sev::*};
+
 #[cfg(all(feature = "sev", feature = "openssl"))]
 use std::convert::TryFrom;
+
 use std::io::{Read, Write};
 
+#[cfg(feature = "sev")]
+use std::{
+    collections::HashMap,
+    io,
+    mem::size_of,
+    os::{
+        fd::RawFd,
+        raw::{c_int, c_uchar, c_uint, c_void},
+    },
+    slice::{from_raw_parts, from_raw_parts_mut},
+    sync::Mutex,
+};
+
+#[cfg(feature = "sev")]
+use lazy_static::lazy_static;
+
 use serde::{Deserialize, Serialize};
 
 /// Information about the SEV platform version.
@@ -244,23 +264,9 @@ impl TryFrom<&sev::Chain> for Generation {
     }
 }
 
-/// The C FFI interface to the library.
-use crate::{certs::sev::sev::Certificate as SevCertificate, error::Indeterminate, launch::sev::*};
-
-use std::{
-    collections::HashMap,
-    io,
-    mem::size_of,
-    os::{
-        fd::RawFd,
-        raw::{c_int, c_uchar, c_uint, c_void},
-    },
-    slice::{from_raw_parts, from_raw_parts_mut},
-    sync::Mutex,
-};
-
-use lazy_static::lazy_static;
+// The C FFI interface to the library.
 
+#[cfg(feature = "sev")]
 lazy_static! {
     static ref INIT_MAP: Mutex<HashMap<RawFd, Launcher<New, RawFd, RawFd>>> =
         Mutex::new(HashMap::new());
@@ -272,6 +278,7 @@ lazy_static! {
         Mutex::new(HashMap::new());
 }
 
+#[cfg(feature = "sev")]
 fn set_fw_err(ptr: *mut c_int, err: io::Error) {
     unsafe { *ptr = Indeterminate::from(err).into() };
 }
@@ -282,6 +289,7 @@ fn set_fw_err(ptr: *mut c_int, err: io::Error) {
 ///
 /// The caller of this function is responsible for ensuring that the pointer arguments are
 /// valid.
+#[cfg(feature = "sev")]
 #[no_mangle]
 pub unsafe extern "C" fn sev_init(vm_fd: c_int, sev_fd: c_int, fw_err: *mut c_int) -> c_int {
     let vm: RawFd = vm_fd;
@@ -307,6 +315,7 @@ pub unsafe extern "C" fn sev_init(vm_fd: c_int, sev_fd: c_int, fw_err: *mut c_in
 ///
 /// The caller of this function is responsible for ensuring that the pointer arguments are
 /// valid.
+#[cfg(feature = "sev")]
 #[no_mangle]
 pub unsafe extern "C" fn sev_es_init(vm_fd: c_int, sev_fd: c_int, fw_err: *mut c_int) -> c_int {
     let vm: RawFd = vm_fd;
@@ -332,6 +341,7 @@ pub unsafe extern "C" fn sev_es_init(vm_fd: c_int, sev_fd: c_int, fw_err: *mut c
 ///
 /// The caller of this function is responsible for ensuring that the pointer arguments are
 /// valid.
+#[cfg(feature = "sev")]
 #[no_mangle]
 pub unsafe extern "C" fn sev_launch_start(
     vm_fd: c_int,
@@ -377,6 +387,7 @@ pub unsafe extern "C" fn sev_launch_start(
 ///
 /// The caller of this function is responsible for ensuring that the pointer arguments are
 /// valid.
+#[cfg(feature = "sev")]
 #[no_mangle]
 pub unsafe extern "C" fn sev_launch_update_data(
     vm_fd: c_int,
@@ -405,6 +416,7 @@ pub unsafe extern "C" fn sev_launch_update_data(
 ///
 /// The caller of this function is responsible for ensuring that the pointer arguments are
 /// valid.
+#[cfg(feature = "sev")]
 #[no_mangle]
 pub unsafe extern "C" fn sev_launch_update_vmsa(vm_fd: c_int, fw_err: *mut c_int) -> c_int {
     let mut map = STARTED_MAP.lock().unwrap();
@@ -430,6 +442,7 @@ pub unsafe extern "C" fn sev_launch_update_vmsa(vm_fd: c_int, fw_err: *mut c_int
 ///
 /// The "measurement_data" argument should be a valid pointer able to hold the meausurement's
 /// bytes. The measurement is 48 bytes in size.
+#[cfg(feature = "sev")]
 #[no_mangle]
 pub unsafe extern "C" fn sev_launch_measure(
     vm_fd: c_int,
@@ -476,6 +489,7 @@ pub unsafe extern "C" fn sev_launch_measure(
 ///
 /// The caller of this function is responsible for ensuring that the pointer arguments are
 /// valid.
+#[cfg(feature = "sev")]
 #[no_mangle]
 pub unsafe extern "C" fn sev_inject_launch_secret(
     vm_fd: c_int,
@@ -521,6 +535,7 @@ pub unsafe extern "C" fn sev_inject_launch_secret(
 ///
 /// The caller of this function is responsible for ensuring that the pointer arguments are
 /// valid.
+#[cfg(feature = "sev")]
 #[no_mangle]
 pub unsafe extern "C" fn sev_launch_finish(vm_fd: c_int, fw_err: *mut c_int) -> c_int {
     let mut map = MEASURED_MAP.lock().unwrap();
@@ -549,6 +564,7 @@ pub unsafe extern "C" fn sev_launch_finish(vm_fd: c_int, fw_err: *mut c_int) ->
 ///
 /// The caller of this function is responsible for ensuring that the pointer arguments are
 /// valid.
+#[cfg(feature = "sev")]
 #[allow(unused_assignments)]
 #[no_mangle]
 pub unsafe extern "C" fn sev_attestation_report(