mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 05:35:25 +00:00
virt-host-validate: Detect SEV-ES and SEV-SNP
With a simple cpuid (Section "E.4.17 Function 8000_001Fh—Encrypted Memory Capabilities" in "AMD64 Architecture Programmer’s Manual Vol. 3") we can detect whether CPU is capable of running SEV-ES and/or SEV-SNP guests. Report these in virt-host-validate tool. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
30c01e535d
commit
1a8f646f29
@ -34,6 +34,7 @@
|
||||
#include "virstring.h"
|
||||
#include "virarch.h"
|
||||
#include "virutil.h"
|
||||
#include "virhostcpu.h"
|
||||
|
||||
#define VIR_FROM_THIS VIR_FROM_NONE
|
||||
|
||||
@ -380,9 +381,11 @@ bool virHostKernelModuleIsLoaded(const char *module)
|
||||
|
||||
|
||||
static int
|
||||
virHostValidateAMDSev(virValidateLevel level)
|
||||
virHostValidateAMDSev(const char *hvname,
|
||||
virValidateLevel level)
|
||||
{
|
||||
g_autofree char *mod_value = NULL;
|
||||
uint32_t eax, ebx;
|
||||
|
||||
if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parameters/sev") < 0) {
|
||||
virValidateFail(level, "AMD Secure Encrypted Virtualization not "
|
||||
@ -405,6 +408,32 @@ virHostValidateAMDSev(virValidateLevel level)
|
||||
return VIR_VALIDATE_FAILURE(level);
|
||||
}
|
||||
|
||||
virValidatePass();
|
||||
|
||||
virValidateCheck(hvname, "%s",
|
||||
_("Checking for AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES)"));
|
||||
|
||||
virHostCPUX86GetCPUID(0x8000001F, 0, &eax, &ebx, NULL, NULL);
|
||||
|
||||
if (eax & (1U << 3)) {
|
||||
virValidatePass();
|
||||
} else {
|
||||
virValidateFail(level,
|
||||
"AMD SEV-ES is not supported");
|
||||
return VIR_VALIDATE_FAILURE(level);
|
||||
}
|
||||
|
||||
virValidateCheck(hvname, "%s",
|
||||
_("Checking for AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP)"));
|
||||
|
||||
if (eax & (1U << 4)) {
|
||||
virValidatePass();
|
||||
} else {
|
||||
virValidateFail(level,
|
||||
"AMD SEV-SNP is not supported");
|
||||
return VIR_VALIDATE_FAILURE(level);
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -459,7 +488,7 @@ int virHostValidateSecureGuests(const char *hvname,
|
||||
return VIR_VALIDATE_FAILURE(level);
|
||||
}
|
||||
} else if (hasAMDSev) {
|
||||
int rc = virHostValidateAMDSev(level);
|
||||
int rc = virHostValidateAMDSev(hvname, level);
|
||||
|
||||
if (rc > 0)
|
||||
virValidatePass();
|
||||
|
Loading…
Reference in New Issue
Block a user