Fix CVM detection on Azure with TDX

related: RHEL-50659

0017-Fix-CVM-detection-on-Azure-with-TDX.patch

@@ -0,0 +1,98 @@
+From 7b19a3a531fbabb5785dc7f78352d574f079212f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 30 Jul 2024 10:46:46 +0100
+Subject: [PATCH] Fix CVM detection on Azure with TDX
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The current TDX support was tested on Azure, however, since that time
+they now block the CPUID leaf we were using. Instead it is required to
+issue the Azure specific CPUID calls as we were already doing for SNP.
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 059cbff66740ef74cd663f88c5f96a80a8d6d6ea)
+---
+ virt-what-cvm.c   | 14 +++++++++-----
+ virt-what-cvm.pod |  4 ++--
+ 2 files changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/virt-what-cvm.c b/virt-what-cvm.c
+index 52b3426bc..0daa6ac35 100644
+--- a/virt-what-cvm.c
++++ b/virt-what-cvm.c
+@@ -92,6 +92,7 @@ static bool dodebug = false;
+ 
+ #define CPUID_HYPERV_ISOLATION_TYPE_MASK 0xf
+ #define CPUID_HYPERV_ISOLATION_TYPE_SNP 2
++#define CPUID_HYPERV_ISOLATION_TYPE_TDX 3
+ 
+ #if defined(__x86_64__)
+ 
+@@ -147,7 +148,7 @@ msr (off_t index)
+ }
+ 
+ static bool
+-cpu_sig_amd_hyperv (void)
++cpu_sig_cvm_hyperv (uint32_t isoltype)
+ {
+   uint32_t eax, ebx, ecx, edx;
+   char sig[13];
+@@ -175,8 +176,7 @@ cpu_sig_amd_hyperv (void)
+     ebx = ecx = edx = 0;
+     cpuid(&eax, &ebx, &ecx, &edx);
+ 
+-    if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) ==
+-	CPUID_HYPERV_ISOLATION_TYPE_SNP) {
++    if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype) {
+       return true;
+     }
+   }
+@@ -212,7 +212,7 @@ cpu_sig_amd (void)
+   if (!(eax & (1 << 1))) {
+     debug ("No sev in CPUID, try hyperv CPUID\n");
+ 
+-    if (cpu_sig_amd_hyperv ()) {
++    if (cpu_sig_cvm_hyperv (CPUID_HYPERV_ISOLATION_TYPE_SNP)) {
+       puts ("amd-sev-snp");
+       puts ("hyperv-hcl");
+     } else {
+@@ -252,8 +252,12 @@ cpu_sig_intel (void)
+   memset (sig, 0, sizeof sig);
+   cpuid_leaf (CPUID_INTEL_TDX_ENUMERATION, sig, true);
+ 
+-  if (memcmp (sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
++  if (memcmp (sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0) {
+     puts ("intel-tdx");
++  } else if (cpu_sig_cvm_hyperv (CPUID_HYPERV_ISOLATION_TYPE_TDX)) {
++    puts ("intel-tdx");
++    puts ("hyperv-hcl");
++  }
+ }
+ 
+ static bool
+diff --git a/virt-what-cvm.pod b/virt-what-cvm.pod
+index 0f9076569..70213abd7 100644
+--- a/virt-what-cvm.pod
++++ b/virt-what-cvm.pod
+@@ -50,7 +50,7 @@ Status: tested on Fedora 38 QEMU+KVM SEV-SNP (devel snapshot)
+ 
+ This is a confidential guest running with Intel TDX technology
+ 
+-Status: tested on Microsoft Azure TDX CVM (preview)
++Status: tested on Microsoft Azure TDX CVM
+ 
+ =item B<hyperv-hcl>
+ 
+@@ -58,7 +58,7 @@ This is a confidential guest running unenlightened under the
+ HyperV (Azure) HCL (Host Compatibility Layer). This will be
+ paired with B<amd-sev-snp>.
+ 
+-Status: tested on Microsoft Azure SEV-SNP CVM
++Status: tested on Microsoft Azure SEV-SNP & TDX CVM
+ 
+ =back
+ 
+-- 
+2.43.0
+

virt-what.spec

@@ -1,6 +1,6 @@
 Name:           virt-what
 Version:        1.25
-Release:        7%{?dist}
+Release:        8%{?dist}
 Summary:        Detect if we are running in a virtual machine
 License:        GPLv2+
 
@@ -30,6 +30,7 @@ Patch0013:     0013-virt-what-cvm-probe-for-SNP-HCL-on-HyperV-Azure-via-.patch
 Patch0014:     0014-virt-what-cvm-drop-TPM-logic-for-detecting-SNP-on-Hy.patch
 Patch0015:     0015-virt-what-cvm-rename-azure-hcl-fact-to-hyperv-hcl.patch
 Patch0016:     0016-Add-virt-what-cvm.pod-to-EXTRA_DIST.patch
+Patch0017:     0017-Fix-CVM-detection-on-Azure-with-TDX.patch
 
 BuildRequires:  make
 BuildRequires:  git
@@ -137,7 +138,7 @@ fi
 
 
 %changelog
-* Fri Jul 26 2024 Richard W.M. Jones <rjones@redhat.com> - 1.25-7
+* Tue Jul 30 2024 Richard W.M. Jones <rjones@redhat.com> - 1.25-8
 - Add virt-what-cvm tool
   resolves: RHEL-50659