Re: [PATCH rfcv3 01/11] qemu: Check if INTEL Trust Domain Extention support is enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Nov 27, 2023 at 04:55:11PM +0800, Zhenzhong Duan wrote:
> Implement TDX check in order to generate domain feature capability
> correctly in case the availability of the feature changed.
> 
> For INTEL TDX the verification is:
>  - checking if "/sys/module/kvm_intel/parameters/tdx" contains the
>    value 'Y': meaning TDX is enabled in the host kernel.
> 
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>
> ---
>  src/qemu/qemu_capabilities.c | 21 ++++++++++++++++++++-
>  1 file changed, 20 insertions(+), 1 deletion(-)
> 
> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> index 83119e871a..5f806c68fb 100644
> --- a/src/qemu/qemu_capabilities.c
> +++ b/src/qemu/qemu_capabilities.c
> @@ -5098,6 +5098,24 @@ virQEMUCapsKVMSupportsSecureGuestAMD(void)
>  }
>  
>  
> +/*
> + * Check whether INTEL Trust Domain Extention (x86) is enabled
> + */
> +static bool
> +virQEMUCapsKVMSupportsSecureGuestINTEL(void)
> +{
> +    g_autofree char *modValue = NULL;
> +
> +    if (virFileReadValueString(&modValue, "/sys/module/kvm_intel/parameters/tdx") < 0)
> +        return false;
> +
> +    if (modValue[0] != 'Y')
> +        return false;
> +
> +    return true;
> +}

It is worth adding this as a check to tools/virt-host-validate-qemu.c
too, but not a requirement for this patch. 

> +
> +
>  /*
>   * Check whether the secure guest functionality is enabled.
>   * See the specific architecture function for details on the verifications made.
> @@ -5111,7 +5129,8 @@ virQEMUCapsKVMSupportsSecureGuest(void)
>          return virQEMUCapsKVMSupportsSecureGuestS390();
>  
>      if (ARCH_IS_X86(arch))
> -        return virQEMUCapsKVMSupportsSecureGuestAMD();
> +        return virQEMUCapsKVMSupportsSecureGuestAMD() ||
> +               virQEMUCapsKVMSupportsSecureGuestINTEL();
>  
>      return false;
>  }

Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
_______________________________________________
Devel mailing list -- devel@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux