From e793509c340cbbf22cfe882872176f1d2cf77ea5 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 30 Jul 2024 13:08:53 +0100 Subject: [PATCH] Fix CVM detection on Azure with TDX related: RHEL-50659 --- ...-Fix-CVM-detection-on-Azure-with-TDX.patch | 98 +++++++++++++++++++ virt-what.spec | 5 +- 2 files changed, 101 insertions(+), 2 deletions(-) create mode 100644 0017-Fix-CVM-detection-on-Azure-with-TDX.patch diff --git a/0017-Fix-CVM-detection-on-Azure-with-TDX.patch b/0017-Fix-CVM-detection-on-Azure-with-TDX.patch new file mode 100644 index 0000000..95e88b5 --- /dev/null +++ b/0017-Fix-CVM-detection-on-Azure-with-TDX.patch @@ -0,0 +1,98 @@ +From 7b19a3a531fbabb5785dc7f78352d574f079212f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 30 Jul 2024 10:46:46 +0100 +Subject: [PATCH] Fix CVM detection on Azure with TDX +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The current TDX support was tested on Azure, however, since that time +they now block the CPUID leaf we were using. Instead it is required to +issue the Azure specific CPUID calls as we were already doing for SNP. + +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit 059cbff66740ef74cd663f88c5f96a80a8d6d6ea) +--- + virt-what-cvm.c | 14 +++++++++----- + virt-what-cvm.pod | 4 ++-- + 2 files changed, 11 insertions(+), 7 deletions(-) + +diff --git a/virt-what-cvm.c b/virt-what-cvm.c +index 52b3426bc..0daa6ac35 100644 +--- a/virt-what-cvm.c ++++ b/virt-what-cvm.c +@@ -92,6 +92,7 @@ static bool dodebug = false; + + #define CPUID_HYPERV_ISOLATION_TYPE_MASK 0xf + #define CPUID_HYPERV_ISOLATION_TYPE_SNP 2 ++#define CPUID_HYPERV_ISOLATION_TYPE_TDX 3 + + #if defined(__x86_64__) + +@@ -147,7 +148,7 @@ msr (off_t index) + } + + static bool +-cpu_sig_amd_hyperv (void) ++cpu_sig_cvm_hyperv (uint32_t isoltype) + { + uint32_t eax, ebx, ecx, edx; + char sig[13]; +@@ -175,8 +176,7 @@ cpu_sig_amd_hyperv (void) + ebx = ecx = edx = 0; + cpuid(&eax, &ebx, &ecx, &edx); + +- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == +- CPUID_HYPERV_ISOLATION_TYPE_SNP) { ++ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype) { + return true; + } + } +@@ -212,7 +212,7 @@ cpu_sig_amd (void) + if (!(eax & (1 << 1))) { + debug ("No sev in CPUID, try hyperv CPUID\n"); + +- if (cpu_sig_amd_hyperv ()) { ++ if (cpu_sig_cvm_hyperv (CPUID_HYPERV_ISOLATION_TYPE_SNP)) { + puts ("amd-sev-snp"); + puts ("hyperv-hcl"); + } else { +@@ -252,8 +252,12 @@ cpu_sig_intel (void) + memset (sig, 0, sizeof sig); + cpuid_leaf (CPUID_INTEL_TDX_ENUMERATION, sig, true); + +- if (memcmp (sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0) ++ if (memcmp (sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0) { + puts ("intel-tdx"); ++ } else if (cpu_sig_cvm_hyperv (CPUID_HYPERV_ISOLATION_TYPE_TDX)) { ++ puts ("intel-tdx"); ++ puts ("hyperv-hcl"); ++ } + } + + static bool +diff --git a/virt-what-cvm.pod b/virt-what-cvm.pod +index 0f9076569..70213abd7 100644 +--- a/virt-what-cvm.pod ++++ b/virt-what-cvm.pod +@@ -50,7 +50,7 @@ Status: tested on Fedora 38 QEMU+KVM SEV-SNP (devel snapshot) + + This is a confidential guest running with Intel TDX technology + +-Status: tested on Microsoft Azure TDX CVM (preview) ++Status: tested on Microsoft Azure TDX CVM + + =item B + +@@ -58,7 +58,7 @@ This is a confidential guest running unenlightened under the + HyperV (Azure) HCL (Host Compatibility Layer). This will be + paired with B. + +-Status: tested on Microsoft Azure SEV-SNP CVM ++Status: tested on Microsoft Azure SEV-SNP & TDX CVM + + =back + +-- +2.43.0 + diff --git a/virt-what.spec b/virt-what.spec index 35967d4..e8b03b3 100644 --- a/virt-what.spec +++ b/virt-what.spec @@ -1,6 +1,6 @@ Name: virt-what Version: 1.25 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Detect if we are running in a virtual machine License: GPLv2+ @@ -30,6 +30,7 @@ Patch0013: 0013-virt-what-cvm-probe-for-SNP-HCL-on-HyperV-Azure-via-.patch Patch0014: 0014-virt-what-cvm-drop-TPM-logic-for-detecting-SNP-on-Hy.patch Patch0015: 0015-virt-what-cvm-rename-azure-hcl-fact-to-hyperv-hcl.patch Patch0016: 0016-Add-virt-what-cvm.pod-to-EXTRA_DIST.patch +Patch0017: 0017-Fix-CVM-detection-on-Azure-with-TDX.patch BuildRequires: make BuildRequires: git @@ -137,7 +138,7 @@ fi %changelog -* Fri Jul 26 2024 Richard W.M. Jones - 1.25-7 +* Tue Jul 30 2024 Richard W.M. Jones - 1.25-8 - Add virt-what-cvm tool resolves: RHEL-50659