| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
| |
The s390x platform provides confidential VMs using the "Secure Execution"
technology, which is also referred to as "Protected Virtualization" or
just "prot virt" in Linux / QEMU.
This can be detected through a simple sysfs attribute.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
We have different impls of detect_confidential_virtualization per
architecture. The detection is cached in the x86_64 impl, and as we
add support for more targets, we want to use caching for all. It thus
makes sense to split caching out into an architecture independent
method.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The original CVM detection logic for TDX assumes that the guest can see
the standard TDX CPUID leaf. This was true in Azure when this code was
originally written, however, current Azure now blocks that leaf in the
paravisor. Instead it is required to use the same Azure specific CPUID
leaf that is used for SEV-SNP detection, which reports the VM isolation
type.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|\
| |
| | |
Avoid using SMBIOS for kernel cmdline injection in sd-stub in confidential VMs
|
| |
| |
| |
| | |
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On some architectures (x32) ssize_t is int, not long int.
../src/basic/confidential-virt.c: In function ‘msr’:
../src/basic/confidential-virt.c:133:27: error: format ‘%ld’ expects argument of type ‘long int’, but argument 7 has type ‘ssize_t’ {aka ‘int’} [-Werror=format=]
133 | log_debug("Short read %ld bytes from MSR device %s (index %" PRIu64 "), ignoring",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
134 | rv,
| ~~
| |
| ssize_t {aka int}
../src/basic/log.h:214:86: note: in definition of macro ‘log_full_errno_zerook’
214 | ? log_internal(_level, _e, PROJECT_FILE, __LINE__, __func__, __VA_ARGS__) \
| ^~~~~~~~~~~
../src/basic/log.h:242:28: note: in expansion of macro ‘log_full’
242 | #define log_debug(...) log_full(LOG_DEBUG, __VA_ARGS__)
| ^~~~~~~~
../src/basic/confidential-virt.c:133:17: note: in expansion of macro ‘log_debug’
133 | log_debug("Short read %ld bytes from MSR device %s (index %" PRIu64 "), ignoring",
| ^~~~~~~~~
../src/basic/confidential-virt.c:133:41: note: format string is defined here
133 | log_debug("Short read %ld bytes from MSR device %s (index %" PRIu64 "), ignoring",
| ~~^
| |
| long int
| %d
|
|
This code uses various CPUID checks to be able to identify
* AMD SEV
* AMD SEV-ES
* AMD SEV-SNP
* Intel TDX
On HyperV/Azure, it has special checks for detecting SEV-SNP
since the normal CPUID is blocked.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|