[PATCH v3 3/7] qemu: check if AMD secure guest support is enabled
Paulo de Rezende Pinatti
ppinatti at linux.ibm.com
Mon Jun 15 08:28:08 UTC 2020
Implement secure guest check for AMD SEV (Secure Encrypted
Virtualization) in order to invalidate the qemu capabilities
cache in case the availability of the feature changed.
For AMD SEV the verification consists of:
- checking if /sys/module/kvm_amd/parameters/sev contains the
value '1': meaning SEV is enabled in the host kernel;
- checking if /dev/sev exists
Signed-off-by: Paulo de Rezende Pinatti <ppinatti at linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk at linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet at redhat.com>
---
src/qemu/qemu_capabilities.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 1b90682113..60df5b2f7f 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4702,6 +4702,24 @@ virQEMUCapsKVMSupportsSecureGuestS390(void)
}
+/*
+ * Check whether AMD Secure Encrypted Virtualization (x86) is enabled
+ */
+static bool
+virQEMUCapsKVMSupportsSecureGuestAMD(void)
+{
+ g_autofree char *modValue = NULL;
+
+ if (virFileReadValueString(&modValue, "/sys/module/kvm_amd/parameters/sev") < 0)
+ return false;
+ if (modValue[0] != '1')
+ return false;
+ if (virFileExists(QEMU_DEV_SEV))
+ return true;
+ return false;
+}
+
+
/*
* Check whether the secure guest functionality is enabled.
* See the specific architecture function for details on the verifications made.
@@ -4713,6 +4731,8 @@ virQEMUCapsKVMSupportsSecureGuest(void)
if (ARCH_IS_S390(arch))
return virQEMUCapsKVMSupportsSecureGuestS390();
+ if (ARCH_IS_X86(arch))
+ return virQEMUCapsKVMSupportsSecureGuestAMD();
return false;
}
--
2.26.2
More information about the libvir-list
mailing list