Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
libvirt.19771
657365e7-check-amd-secure-guest.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 657365e7-check-amd-secure-guest.patch of Package libvirt.19771
commit 657365e74f489b70bfbf2eb014db63046c5e3888 Author: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com> Date: Mon Jun 15 10:28:08 2020 +0200 qemu: Check if AMD secure guest support is enabled Implement secure guest check for AMD SEV (Secure Encrypted Virtualization) in order to invalidate the qemu capabilities cache in case the availability of the feature changed. For AMD SEV the verification consists of: - checking if /sys/module/kvm_amd/parameters/sev contains the value '1': meaning SEV is enabled in the host kernel; - checking if /dev/sev exists Signed-off-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com> Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com> Reviewed-by: Erik Skultety <eskultet@redhat.com> Index: libvirt-6.0.0/src/qemu/qemu_capabilities.c =================================================================== --- libvirt-6.0.0.orig/src/qemu/qemu_capabilities.c +++ libvirt-6.0.0/src/qemu/qemu_capabilities.c @@ -4402,6 +4402,27 @@ virQEMUCapsKVMSupportsSecureGuestS390(vo /* + * Check whether AMD Secure Encrypted Virtualization (x86) is enabled + */ +static bool +virQEMUCapsKVMSupportsSecureGuestAMD(void) +{ + g_autofree char *modValue = NULL; + + if (virFileReadValueString(&modValue, "/sys/module/kvm_amd/parameters/sev") < 0) + return false; + + if (modValue[0] != '1') + return false; + + if (virFileExists(QEMU_DEV_SEV)) + return true; + + return false; +} + + +/* * Check whether the secure guest functionality is enabled. * See the specific architecture function for details on the verifications made. */ @@ -4412,6 +4433,10 @@ virQEMUCapsKVMSupportsSecureGuest(void) if (ARCH_IS_S390(arch)) return virQEMUCapsKVMSupportsSecureGuestS390(); + + if (ARCH_IS_X86(arch)) + return virQEMUCapsKVMSupportsSecureGuestAMD(); + return false; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor