[RFC PATCH 7/7] qemu: Check if INTEL Trust Domain Extention support is enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Implement trust domain check for INTEL TDX (Trust Domain eXtention)
in order to invalidate the qemu capabilities cache in case the
availability of the feature changed.

For INTEL TDX the verification is:
 - checking if /sys/module/kvm_intel/parameters/tdx contains the
   value 'Y': meaning TDX is enabled in the host kernel.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>
---
 src/qemu/qemu_capabilities.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 5e54d7e306..8f8802c121 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4767,6 +4767,24 @@ virQEMUCapsKVMSupportsSecureGuestAMD(void)
 }
 
 
+/*
+ * Check whether INTEL Trust Domain Extention (x86) is enabled
+ */
+static bool
+virQEMUCapsKVMSupportsSecureGuestINTEL(void)
+{
+    g_autofree char *modValue = NULL;
+
+    if (virFileReadValueString(&modValue, "/sys/module/kvm_intel/parameters/tdx") < 0)
+        return false;
+
+    if (modValue[0] != 'Y')
+        return false;
+
+    return true;
+}
+
+
 /*
  * Check whether the secure guest functionality is enabled.
  * See the specific architecture function for details on the verifications made.
@@ -4782,6 +4800,9 @@ virQEMUCapsKVMSupportsSecureGuest(void)
     if (ARCH_IS_X86(arch))
         return virQEMUCapsKVMSupportsSecureGuestAMD();
 
+    if (ARCH_IS_X86(arch))
+        return virQEMUCapsKVMSupportsSecureGuestINTEL();
+
     return false;
 }
 
-- 
2.25.1




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux