[RFC PATCH 7/7] qemu: Check if INTEL Trust Domain Extention support is enabled
Zhenzhong Duan
zhenzhong.duan at intel.com
Fri Jun 18 08:50:52 UTC 2021
Implement trust domain check for INTEL TDX (Trust Domain eXtention)
in order to invalidate the qemu capabilities cache in case the
availability of the feature changed.
For INTEL TDX the verification is:
- checking if /sys/module/kvm_intel/parameters/tdx contains the
value 'Y': meaning TDX is enabled in the host kernel.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan at intel.com>
---
src/qemu/qemu_capabilities.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 5e54d7e306..8f8802c121 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4767,6 +4767,24 @@ virQEMUCapsKVMSupportsSecureGuestAMD(void)
}
+/*
+ * Check whether INTEL Trust Domain Extention (x86) is enabled
+ */
+static bool
+virQEMUCapsKVMSupportsSecureGuestINTEL(void)
+{
+ g_autofree char *modValue = NULL;
+
+ if (virFileReadValueString(&modValue, "/sys/module/kvm_intel/parameters/tdx") < 0)
+ return false;
+
+ if (modValue[0] != 'Y')
+ return false;
+
+ return true;
+}
+
+
/*
* Check whether the secure guest functionality is enabled.
* See the specific architecture function for details on the verifications made.
@@ -4782,6 +4800,9 @@ virQEMUCapsKVMSupportsSecureGuest(void)
if (ARCH_IS_X86(arch))
return virQEMUCapsKVMSupportsSecureGuestAMD();
+ if (ARCH_IS_X86(arch))
+ return virQEMUCapsKVMSupportsSecureGuestINTEL();
+
return false;
}
--
2.25.1
More information about the libvir-list
mailing list