RE: [PATCH rfcv3 01/11] qemu: Check if INTEL Trust Domain Extention support is enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


>-----Original Message-----
>From: Daniel P. Berrangé <berrange@xxxxxxxxxx>
>Subject: Re: [PATCH rfcv3 01/11] qemu: Check if INTEL Trust Domain
>Extention support is enabled
>
>On Mon, Nov 27, 2023 at 04:55:11PM +0800, Zhenzhong Duan wrote:
>> Implement TDX check in order to generate domain feature capability
>> correctly in case the availability of the feature changed.
>>
>> For INTEL TDX the verification is:
>>  - checking if "/sys/module/kvm_intel/parameters/tdx" contains the
>>    value 'Y': meaning TDX is enabled in the host kernel.
>>
>> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>
>> ---
>>  src/qemu/qemu_capabilities.c | 21 ++++++++++++++++++++-
>>  1 file changed, 20 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
>> index 83119e871a..5f806c68fb 100644
>> --- a/src/qemu/qemu_capabilities.c
>> +++ b/src/qemu/qemu_capabilities.c
>> @@ -5098,6 +5098,24 @@
>virQEMUCapsKVMSupportsSecureGuestAMD(void)
>>  }
>>
>>
>> +/*
>> + * Check whether INTEL Trust Domain Extention (x86) is enabled
>> + */
>> +static bool
>> +virQEMUCapsKVMSupportsSecureGuestINTEL(void)
>> +{
>> +    g_autofree char *modValue = NULL;
>> +
>> +    if (virFileReadValueString(&modValue,
>"/sys/module/kvm_intel/parameters/tdx") < 0)
>> +        return false;
>> +
>> +    if (modValue[0] != 'Y')
>> +        return false;
>> +
>> +    return true;
>> +}
>
>It is worth adding this as a check to tools/virt-host-validate-qemu.c
>too, but not a requirement for this patch.

Got it, will do.

Thanks
Zhenzhong

>
>> +
>> +
>>  /*
>>   * Check whether the secure guest functionality is enabled.
>>   * See the specific architecture function for details on the verifications
>made.
>> @@ -5111,7 +5129,8 @@ virQEMUCapsKVMSupportsSecureGuest(void)
>>          return virQEMUCapsKVMSupportsSecureGuestS390();
>>
>>      if (ARCH_IS_X86(arch))
>> -        return virQEMUCapsKVMSupportsSecureGuestAMD();
>> +        return virQEMUCapsKVMSupportsSecureGuestAMD() ||
>> +               virQEMUCapsKVMSupportsSecureGuestINTEL();
>>
>>      return false;
>>  }
>
>Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
>
>
>With regards,
>Daniel
>--
>|: https://berrange.com      -o-
>https://www.flickr.com/photos/dberrange :|
>|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
>|: https://entangle-photo.org    -o-
>https://www.instagram.com/dberrange :|

_______________________________________________
Devel mailing list -- devel@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux