Implement TDX check in order to generate domain feature capability
correctly in case the availability of the feature changed.
For INTEL TDX the verification is:
- checking if /sys/firmware/tdx_seam/vendor_id contains the
value "0x8086": meaning TDX is enabled in the host kernel.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>
---
src/qemu/qemu_capabilities.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 0d93cc2052..9085c0b875 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4748,6 +4748,24 @@ virQEMUCapsKVMSupportsSecureGuestAMD(void)
}
+/*
+ * Check whether INTEL Trust Domain Extention (x86) is enabled
+ */
+static bool
+virQEMUCapsKVMSupportsSecureGuestINTEL(void)
+{
+ g_autofree char *modValue = NULL;
+
+ if (virFileReadValueString(&modValue, "/sys/firmware/tdx_seam/vendor_id") < 0)
+ return false;
+
+ if (STRNEQ(modValue,"0x8086"))
+ return false;
+
+ return true;
+}
+
+
/*
* Check whether the secure guest functionality is enabled.
* See the specific architecture function for details on the verifications made.
@@ -4761,7 +4779,8 @@ virQEMUCapsKVMSupportsSecureGuest(void)
return virQEMUCapsKVMSupportsSecureGuestS390();
if (ARCH_IS_X86(arch))
- return virQEMUCapsKVMSupportsSecureGuestAMD();
+ return virQEMUCapsKVMSupportsSecureGuestAMD() ||
+ virQEMUCapsKVMSupportsSecureGuestINTEL();
return false;
}
--
2.25.1
