[PATCH v3 3/7] qemu: check if AMD secure guest support is enabled
Erik Skultety
eskultet at redhat.com
Mon Jun 15 14:18:30 UTC 2020
On Mon, Jun 15, 2020 at 10:28:08AM +0200, Paulo de Rezende Pinatti wrote:
> Implement secure guest check for AMD SEV (Secure Encrypted
> Virtualization) in order to invalidate the qemu capabilities
> cache in case the availability of the feature changed.
>
> For AMD SEV the verification consists of:
> - checking if /sys/module/kvm_amd/parameters/sev contains the
> value '1': meaning SEV is enabled in the host kernel;
> - checking if /dev/sev exists
>
> Signed-off-by: Paulo de Rezende Pinatti <ppinatti at linux.ibm.com>
> Signed-off-by: Boris Fiuczynski <fiuczy at linux.ibm.com>
> Reviewed-by: Bjoern Walk <bwalk at linux.ibm.com>
> Reviewed-by: Erik Skultety <eskultet at redhat.com>
> ---
Reviewed-by: Erik Skultety <eskultet at redhat.com>
Again, tiny codestyle fixup:
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index eaa7741c33..3959b92069 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4724,13 +4724,10 @@ virQEMUCapsKVMSupportsSecureGuestAMD(void)
if (virFileReadValueString(&modValue, "/sys/module/kvm_amd/parameters/sev") < 0)
return false;
-
if (modValue[0] != '1')
return false;
-
if (virFileExists(QEMU_DEV_SEV))
return true;
-
return false;
}
@@ -4746,10 +4743,8 @@ virQEMUCapsKVMSupportsSecureGuest(void)
if (ARCH_IS_S390(arch))
return virQEMUCapsKVMSupportsSecureGuestS390();
-
if (ARCH_IS_X86(arch))
return virQEMUCapsKVMSupportsSecureGuestAMD();
-
return false;
}
More information about the libvir-list
mailing list