Re: [PATCH v3 3/7] qemu: check if AMD secure guest support is enabled
On Mon, Jun 15, 2020 at 10:28:08AM +0200, Paulo de Rezende Pinatti wrote:
Implement secure guest check for AMD SEV (Secure Encrypted
Virtualization) in order to invalidate the qemu capabilities
cache in case the availability of the feature changed.
For AMD SEV the verification consists of:
- checking if /sys/module/kvm_amd/parameters/sev contains the
value '1': meaning SEV is enabled in the host kernel;
- checking if /dev/sev exists
Signed-off-by: Paulo de Rezende Pinatti <ppinatti(a)linux.ibm.com>
Signed-off-by: Boris Fiuczynski <fiuczy(a)linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk(a)linux.ibm.com>
Reviewed-by: Erik Skultety <eskultet(a)redhat.com>
---
Reviewed-by: Erik Skultety <eskultet(a)redhat.com>
Again, tiny codestyle fixup:
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index eaa7741c33..3959b92069 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4724,13 +4724,10 @@ virQEMUCapsKVMSupportsSecureGuestAMD(void)
if (virFileReadValueString(&modValue,
"/sys/module/kvm_amd/parameters/sev") < 0)
return false;
-
if (modValue[0] != '1')
return false;
-
if (virFileExists(QEMU_DEV_SEV))
return true;
-
return false;
}
@@ -4746,10 +4743,8 @@ virQEMUCapsKVMSupportsSecureGuest(void)
if (ARCH_IS_S390(arch))
return virQEMUCapsKVMSupportsSecureGuestS390();
-
if (ARCH_IS_X86(arch))
return virQEMUCapsKVMSupportsSecureGuestAMD();
-
return false;
}