mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
virt-host-validate: Detect SEV-ES and SEV-SNP
With a simple cpuid (Section "E.4.17 Function 8000_001Fh—Encrypted Memory Capabilities" in "AMD64 Architecture Programmer’s Manual Vol. 3") we can detect whether CPU is capable of running SEV-ES and/or SEV-SNP guests. Report these in virt-host-validate tool. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
30c01e535d
commit
1a8f646f29
@ -34,6 +34,7 @@
|
|||||||
#include "virstring.h"
|
#include "virstring.h"
|
||||||
#include "virarch.h"
|
#include "virarch.h"
|
||||||
#include "virutil.h"
|
#include "virutil.h"
|
||||||
|
#include "virhostcpu.h"
|
||||||
|
|
||||||
#define VIR_FROM_THIS VIR_FROM_NONE
|
#define VIR_FROM_THIS VIR_FROM_NONE
|
||||||
|
|
||||||
@ -380,9 +381,11 @@ bool virHostKernelModuleIsLoaded(const char *module)
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
virHostValidateAMDSev(virValidateLevel level)
|
virHostValidateAMDSev(const char *hvname,
|
||||||
|
virValidateLevel level)
|
||||||
{
|
{
|
||||||
g_autofree char *mod_value = NULL;
|
g_autofree char *mod_value = NULL;
|
||||||
|
uint32_t eax, ebx;
|
||||||
|
|
||||||
if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parameters/sev") < 0) {
|
if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parameters/sev") < 0) {
|
||||||
virValidateFail(level, "AMD Secure Encrypted Virtualization not "
|
virValidateFail(level, "AMD Secure Encrypted Virtualization not "
|
||||||
@ -405,6 +408,32 @@ virHostValidateAMDSev(virValidateLevel level)
|
|||||||
return VIR_VALIDATE_FAILURE(level);
|
return VIR_VALIDATE_FAILURE(level);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
virValidatePass();
|
||||||
|
|
||||||
|
virValidateCheck(hvname, "%s",
|
||||||
|
_("Checking for AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES)"));
|
||||||
|
|
||||||
|
virHostCPUX86GetCPUID(0x8000001F, 0, &eax, &ebx, NULL, NULL);
|
||||||
|
|
||||||
|
if (eax & (1U << 3)) {
|
||||||
|
virValidatePass();
|
||||||
|
} else {
|
||||||
|
virValidateFail(level,
|
||||||
|
"AMD SEV-ES is not supported");
|
||||||
|
return VIR_VALIDATE_FAILURE(level);
|
||||||
|
}
|
||||||
|
|
||||||
|
virValidateCheck(hvname, "%s",
|
||||||
|
_("Checking for AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP)"));
|
||||||
|
|
||||||
|
if (eax & (1U << 4)) {
|
||||||
|
virValidatePass();
|
||||||
|
} else {
|
||||||
|
virValidateFail(level,
|
||||||
|
"AMD SEV-SNP is not supported");
|
||||||
|
return VIR_VALIDATE_FAILURE(level);
|
||||||
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -459,7 +488,7 @@ int virHostValidateSecureGuests(const char *hvname,
|
|||||||
return VIR_VALIDATE_FAILURE(level);
|
return VIR_VALIDATE_FAILURE(level);
|
||||||
}
|
}
|
||||||
} else if (hasAMDSev) {
|
} else if (hasAMDSev) {
|
||||||
int rc = virHostValidateAMDSev(level);
|
int rc = virHostValidateAMDSev(hvname, level);
|
||||||
|
|
||||||
if (rc > 0)
|
if (rc > 0)
|
||||||
virValidatePass();
|
virValidatePass();
|
||||||
|
Loading…
Reference in New Issue
Block a user