summaryrefslogtreecommitdiffstats
path: root/src/basic/confidential-virt.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: drop doubled empty linesYu Watanabe2024-10-071-1/+0
|
* confidential-virt: add detection for s390x targetDaniel P. Berrangé2024-08-021-5/+25
| | | | | | | | | | The s390x platform provides confidential VMs using the "Secure Execution" technology, which is also referred to as "Protected Virtualization" or just "prot virt" in Linux / QEMU. This can be detected through a simple sysfs attribute. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* confidential-virt: split caching of CVM detection into separate methodDaniel P. Berrangé2024-08-021-11/+14
| | | | | | | | | | We have different impls of detect_confidential_virtualization per architecture. The detection is cached in the x86_64 impl, and as we add support for more targets, we want to use caching for all. It thus makes sense to split caching out into an architecture independent method. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* Fix detection of TDX confidential VM on Azure platformDaniel P. Berrangé2024-07-301-3/+8
| | | | | | | | | | | The original CVM detection logic for TDX assumes that the guest can see the standard TDX CPUID leaf. This was true in Azure when this code was originally written, however, current Azure now blocks that leaf in the paravisor. Instead it is required to use the same Azure specific CPUID leaf that is used for SEV-SNP detection, which reports the VM isolation type. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* Merge pull request #28301 from berrange/cvm-lockdownLuca Boccassi2023-07-141-66/+1
|\ | | | | Avoid using SMBIOS for kernel cmdline injection in sd-stub in confidential VMs
| * fundamental: share constants for confidential virt detectionDaniel P. Berrangé2023-07-141-66/+1
| | | | | | | | Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* | Print ssize_t as %zdLuca Boccassi2023-07-101-1/+1
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | On some architectures (x32) ssize_t is int, not long int. ../src/basic/confidential-virt.c: In function ‘msr’: ../src/basic/confidential-virt.c:133:27: error: format ‘%ld’ expects argument of type ‘long int’, but argument 7 has type ‘ssize_t’ {aka ‘int’} [-Werror=format=] 133 | log_debug("Short read %ld bytes from MSR device %s (index %" PRIu64 "), ignoring", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 134 | rv, | ~~ | | | ssize_t {aka int} ../src/basic/log.h:214:86: note: in definition of macro ‘log_full_errno_zerook’ 214 | ? log_internal(_level, _e, PROJECT_FILE, __LINE__, __func__, __VA_ARGS__) \ | ^~~~~~~~~~~ ../src/basic/log.h:242:28: note: in expansion of macro ‘log_full’ 242 | #define log_debug(...) log_full(LOG_DEBUG, __VA_ARGS__) | ^~~~~~~~ ../src/basic/confidential-virt.c:133:17: note: in expansion of macro ‘log_debug’ 133 | log_debug("Short read %ld bytes from MSR device %s (index %" PRIu64 "), ignoring", | ^~~~~~~~~ ../src/basic/confidential-virt.c:133:41: note: format string is defined here 133 | log_debug("Short read %ld bytes from MSR device %s (index %" PRIu64 "), ignoring", | ~~^ | | | long int | %d
* add APIs for detecting confidential virtualizationDaniel P. Berrangé2023-07-061-0/+293
This code uses various CPUID checks to be able to identify * AMD SEV * AMD SEV-ES * AMD SEV-SNP * Intel TDX On HyperV/Azure, it has special checks for detecting SEV-SNP since the normal CPUID is blocked. Related: https://github.com/systemd/systemd/issues/27604 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>