From 30b74e74cd7a218fa74f9549765bb5e994d3350b Mon Sep 17 00:00:00 2001
From: Rob Bradford <robert.bradford@intel.com>
Date: Mon, 10 May 2021 13:12:12 +0000
Subject: [PATCH] vmm: tdx: Reject attempt to use --kernel with --tdx

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
---
 vmm/src/config.rs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/vmm/src/config.rs b/vmm/src/config.rs
index bdfb7ac40..6e6390e33 100644
--- a/vmm/src/config.rs
+++ b/vmm/src/config.rs
@@ -126,6 +126,9 @@ pub enum ValidationError {
     // CPU Hotplug not permitted with TDX
     #[cfg(feature = "tdx")]
     TdxNoCpuHotplug,
+    // Specifying kernel not permitted with TDX
+    #[cfg(feature = "tdx")]
+    TdxKernelSpecified,
     // Insuffient vCPUs for queues
     TooManyQueues,
 }
@@ -168,6 +171,10 @@ impl fmt::Display for ValidationError {
             TdxNoCpuHotplug => {
                 write!(f, "CPU hotplug not possible with TDX")
             }
+            #[cfg(feature = "tdx")]
+            TdxKernelSpecified => {
+                write!(f, "Direct kernel boot not possible with TDX")
+            }
             TooManyQueues => {
                 write!(f, "Number of vCPUs is insufficient for number of queues")
             }
@@ -1751,6 +1758,9 @@ impl VmConfig {
             if tdx_enabled && (self.cpus.max_vcpus != self.cpus.boot_vcpus) {
                 return Err(ValidationError::TdxNoCpuHotplug);
             }
+            if tdx_enabled && self.kernel.is_some() {
+                return Err(ValidationError::TdxKernelSpecified);
+            }
         }
 
         if self.console.mode == ConsoleOutputMode::Tty && self.serial.mode == ConsoleOutputMode::Tty