[PATCH v3 3/7] qemu: check if AMD secure guest support is enabled

Erik Skultety eskultet at redhat.com
Mon Jun 15 14:18:30 UTC 2020


On Mon, Jun 15, 2020 at 10:28:08AM +0200, Paulo de Rezende Pinatti wrote:
> Implement secure guest check for AMD SEV (Secure Encrypted
> Virtualization) in order to invalidate the qemu capabilities
> cache in case the availability of the feature changed.
>
> For AMD SEV the verification consists of:
>  - checking if /sys/module/kvm_amd/parameters/sev contains the
>    value '1': meaning SEV is enabled in the host kernel;
>  - checking if /dev/sev exists
>
> Signed-off-by: Paulo de Rezende Pinatti <ppinatti at linux.ibm.com>
> Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
> Reviewed-by: Bjoern Walk <bwalk at linux.ibm.com>
> Reviewed-by: Erik Skultety <eskultet at redhat.com>
> ---
Reviewed-by: Erik Skultety <eskultet at redhat.com>

Again, tiny codestyle fixup:

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index eaa7741c33..3959b92069 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4724,13 +4724,10 @@ virQEMUCapsKVMSupportsSecureGuestAMD(void)

     if (virFileReadValueString(&modValue, "/sys/module/kvm_amd/parameters/sev") < 0)
         return false;
-
     if (modValue[0] != '1')
         return false;
-
     if (virFileExists(QEMU_DEV_SEV))
         return true;
-
     return false;
 }

@@ -4746,10 +4743,8 @@ virQEMUCapsKVMSupportsSecureGuest(void)

     if (ARCH_IS_S390(arch))
         return virQEMUCapsKVMSupportsSecureGuestS390();
-
     if (ARCH_IS_X86(arch))
         return virQEMUCapsKVMSupportsSecureGuestAMD();
-
     return false;
 }




More information about the libvir-list mailing list