You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
85 lines
2.7 KiB
85 lines
2.7 KiB
1 month ago
|
From 82a714b79851b5c2d1389d2fa7a01548c486a854 Mon Sep 17 00:00:00 2001
|
||
|
From: Michael Roth <michael.roth@amd.com>
|
||
|
Date: Thu, 30 May 2024 06:16:20 -0500
|
||
|
Subject: [PATCH 060/100] i386/sev: Add a sev_snp_enabled() helper
|
||
|
|
||
|
RH-Author: Paolo Bonzini <pbonzini@redhat.com>
|
||
|
RH-MergeRequest: 245: SEV-SNP support
|
||
|
RH-Jira: RHEL-39544
|
||
|
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
||
|
RH-Acked-by: Bandan Das <bdas@redhat.com>
|
||
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||
|
RH-Commit: [60/91] c35ead095028ccfb1e1be0fe010ca4f7688530a0 (bonzini/rhel-qemu-kvm)
|
||
|
|
||
|
Add a simple helper to check if the current guest type is SNP. Also have
|
||
|
SNP-enabled imply that SEV-ES is enabled as well, and fix up any places
|
||
|
where the sev_es_enabled() check is expecting a pure/non-SNP guest.
|
||
|
|
||
|
Signed-off-by: Michael Roth <michael.roth@amd.com>
|
||
|
Signed-off-by: Pankaj Gupta <pankaj.gupta@amd.com>
|
||
|
Message-ID: <20240530111643.1091816-9-pankaj.gupta@amd.com>
|
||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||
|
(cherry picked from commit 99190f805dca9475fe244fbd8041961842657dc2)
|
||
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||
|
---
|
||
|
target/i386/sev.c | 13 ++++++++++++-
|
||
|
target/i386/sev.h | 2 ++
|
||
|
2 files changed, 14 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/target/i386/sev.c b/target/i386/sev.c
|
||
|
index a81b3228d4..4edfedc139 100644
|
||
|
--- a/target/i386/sev.c
|
||
|
+++ b/target/i386/sev.c
|
||
|
@@ -325,12 +325,21 @@ sev_enabled(void)
|
||
|
return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_COMMON);
|
||
|
}
|
||
|
|
||
|
+bool
|
||
|
+sev_snp_enabled(void)
|
||
|
+{
|
||
|
+ ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs;
|
||
|
+
|
||
|
+ return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_SNP_GUEST);
|
||
|
+}
|
||
|
+
|
||
|
bool
|
||
|
sev_es_enabled(void)
|
||
|
{
|
||
|
ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs;
|
||
|
|
||
|
- return sev_enabled() && (SEV_GUEST(cgs)->policy & SEV_POLICY_ES);
|
||
|
+ return sev_snp_enabled() ||
|
||
|
+ (sev_enabled() && SEV_GUEST(cgs)->policy & SEV_POLICY_ES);
|
||
|
}
|
||
|
|
||
|
uint32_t
|
||
|
@@ -946,7 +955,9 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
|
||
|
"support", __func__);
|
||
|
goto err;
|
||
|
}
|
||
|
+ }
|
||
|
|
||
|
+ if (sev_es_enabled() && !sev_snp_enabled()) {
|
||
|
if (!(status.flags & SEV_STATUS_FLAGS_CONFIG_ES)) {
|
||
|
error_setg(errp, "%s: guest policy requires SEV-ES, but "
|
||
|
"host SEV-ES support unavailable",
|
||
|
diff --git a/target/i386/sev.h b/target/i386/sev.h
|
||
|
index bedc667eeb..94295ee74f 100644
|
||
|
--- a/target/i386/sev.h
|
||
|
+++ b/target/i386/sev.h
|
||
|
@@ -45,9 +45,11 @@ typedef struct SevKernelLoaderContext {
|
||
|
#ifdef CONFIG_SEV
|
||
|
bool sev_enabled(void);
|
||
|
bool sev_es_enabled(void);
|
||
|
+bool sev_snp_enabled(void);
|
||
|
#else
|
||
|
#define sev_enabled() 0
|
||
|
#define sev_es_enabled() 0
|
||
|
+#define sev_snp_enabled() 0
|
||
|
#endif
|
||
|
|
||
|
uint32_t sev_get_cbit_position(void);
|
||
|
--
|
||
|
2.39.3
|
||
|
|