[RFC PATCH v2 1/8] qemu: Check if INTEL Trust Domain Extention support is enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Implement TDX check in order to generate domain feature capability
correctly in case the availability of the feature changed.

For INTEL TDX the verification is:
 - checking if /sys/firmware/tdx_seam/vendor_id contains the
   value "0x8086": meaning TDX is enabled in the host kernel.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>
---
 src/qemu/qemu_capabilities.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 0d93cc2052..9085c0b875 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4748,6 +4748,24 @@ virQEMUCapsKVMSupportsSecureGuestAMD(void)
 }
 
 
+/*
+ * Check whether INTEL Trust Domain Extention (x86) is enabled
+ */
+static bool
+virQEMUCapsKVMSupportsSecureGuestINTEL(void)
+{
+    g_autofree char *modValue = NULL;
+
+    if (virFileReadValueString(&modValue, "/sys/firmware/tdx_seam/vendor_id") < 0)
+        return false;
+
+    if (STRNEQ(modValue,"0x8086"))
+        return false;
+
+    return true;
+}
+
+
 /*
  * Check whether the secure guest functionality is enabled.
  * See the specific architecture function for details on the verifications made.
@@ -4761,7 +4779,8 @@ virQEMUCapsKVMSupportsSecureGuest(void)
         return virQEMUCapsKVMSupportsSecureGuestS390();
 
     if (ARCH_IS_X86(arch))
-        return virQEMUCapsKVMSupportsSecureGuestAMD();
+        return virQEMUCapsKVMSupportsSecureGuestAMD() ||
+               virQEMUCapsKVMSupportsSecureGuestINTEL();
 
     return false;
 }
-- 
2.25.1




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux