81 lines
2.5 KiB
Diff
81 lines
2.5 KiB
Diff
|
From 71e87f4da22992c5d9f858535a1acaa7201aa7d3 Mon Sep 17 00:00:00 2001
|
||
|
Message-Id: <71e87f4da22992c5d9f858535a1acaa7201aa7d3@dist-git>
|
||
|
From: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
|
||
|
Date: Wed, 24 Jun 2020 13:16:19 +0200
|
||
|
Subject: [PATCH] qemu: Check if AMD secure guest support is enabled
|
||
|
MIME-Version: 1.0
|
||
|
Content-Type: text/plain; charset=UTF-8
|
||
|
Content-Transfer-Encoding: 8bit
|
||
|
|
||
|
Implement secure guest check for AMD SEV (Secure Encrypted
|
||
|
Virtualization) in order to invalidate the qemu capabilities
|
||
|
cache in case the availability of the feature changed.
|
||
|
|
||
|
For AMD SEV the verification consists of:
|
||
|
- checking if /sys/module/kvm_amd/parameters/sev contains the
|
||
|
value '1': meaning SEV is enabled in the host kernel;
|
||
|
- checking if /dev/sev exists
|
||
|
|
||
|
Signed-off-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
|
||
|
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
|
||
|
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
|
||
|
Reviewed-by: Erik Skultety <eskultet@redhat.com>
|
||
|
(cherry picked from commit 657365e74f489b70bfbf2eb014db63046c5e3888)
|
||
|
|
||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1848997
|
||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1850351
|
||
|
|
||
|
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
||
|
Message-Id: <1c3393cb71b731f5632d150d77f9920b591aa5ee.1592996194.git.jdenemar@redhat.com>
|
||
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||
|
---
|
||
|
src/qemu/qemu_capabilities.c | 25 +++++++++++++++++++++++++
|
||
|
1 file changed, 25 insertions(+)
|
||
|
|
||
|
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
|
||
|
index 8a4b43c269..278eaa0009 100644
|
||
|
--- a/src/qemu/qemu_capabilities.c
|
||
|
+++ b/src/qemu/qemu_capabilities.c
|
||
|
@@ -4543,6 +4543,27 @@ virQEMUCapsKVMSupportsSecureGuestS390(void)
|
||
|
}
|
||
|
|
||
|
|
||
|
+/*
|
||
|
+ * Check whether AMD Secure Encrypted Virtualization (x86) is enabled
|
||
|
+ */
|
||
|
+static bool
|
||
|
+virQEMUCapsKVMSupportsSecureGuestAMD(void)
|
||
|
+{
|
||
|
+ g_autofree char *modValue = NULL;
|
||
|
+
|
||
|
+ if (virFileReadValueString(&modValue, "/sys/module/kvm_amd/parameters/sev") < 0)
|
||
|
+ return false;
|
||
|
+
|
||
|
+ if (modValue[0] != '1')
|
||
|
+ return false;
|
||
|
+
|
||
|
+ if (virFileExists(QEMU_DEV_SEV))
|
||
|
+ return true;
|
||
|
+
|
||
|
+ return false;
|
||
|
+}
|
||
|
+
|
||
|
+
|
||
|
/*
|
||
|
* Check whether the secure guest functionality is enabled.
|
||
|
* See the specific architecture function for details on the verifications made.
|
||
|
@@ -4554,6 +4575,10 @@ virQEMUCapsKVMSupportsSecureGuest(void)
|
||
|
|
||
|
if (ARCH_IS_S390(arch))
|
||
|
return virQEMUCapsKVMSupportsSecureGuestS390();
|
||
|
+
|
||
|
+ if (ARCH_IS_X86(arch))
|
||
|
+ return virQEMUCapsKVMSupportsSecureGuestAMD();
|
||
|
+
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
--
|
||
|
2.27.0
|
||
|
|