You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
91 lines
3.6 KiB
91 lines
3.6 KiB
2 months ago
|
From a9da2854f199bb3729b29ea4175858067313659e Mon Sep 17 00:00:00 2001
|
||
|
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||
|
Date: Fri, 2 Aug 2024 11:03:10 +0100
|
||
|
Subject: [PATCH] confidential-virt: add detection for s390x target
|
||
|
MIME-Version: 1.0
|
||
|
Content-Type: text/plain; charset=UTF-8
|
||
|
Content-Transfer-Encoding: 8bit
|
||
|
|
||
|
The s390x platform provides confidential VMs using the "Secure Execution"
|
||
|
technology, which is also referred to as "Protected Virtualization" or
|
||
|
just "prot virt" in Linux / QEMU.
|
||
|
|
||
|
This can be detected through a simple sysfs attribute.
|
||
|
|
||
|
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||
|
(cherry picked from commit 6c35e0a51cc6a852ce239ea46cd75c133212a68e)
|
||
|
|
||
|
Resolves: RHEL-56144
|
||
|
---
|
||
|
src/basic/confidential-virt.c | 30 +++++++++++++++++++++++++-----
|
||
|
src/basic/confidential-virt.h | 1 +
|
||
|
2 files changed, 26 insertions(+), 5 deletions(-)
|
||
|
|
||
|
diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
|
||
|
index 0e05ecffbf..c246636c7c 100644
|
||
|
--- a/src/basic/confidential-virt.c
|
||
|
+++ b/src/basic/confidential-virt.c
|
||
|
@@ -11,6 +11,7 @@
|
||
|
#include "confidential-virt-fundamental.h"
|
||
|
#include "confidential-virt.h"
|
||
|
#include "fd-util.h"
|
||
|
+#include "fileio.h"
|
||
|
#include "missing_threads.h"
|
||
|
#include "string-table.h"
|
||
|
#include "utf8.h"
|
||
|
@@ -209,6 +210,24 @@ static ConfidentialVirtualization detect_confidential_virtualization_impl(void)
|
||
|
|
||
|
return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||
|
}
|
||
|
+#elif defined(__s390x__)
|
||
|
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
|
||
|
+ _cleanup_free_ char *s = NULL;
|
||
|
+ size_t readsize;
|
||
|
+ int r;
|
||
|
+
|
||
|
+ r = read_full_virtual_file("/sys/firmware/uv/prot_virt_guest", &s, &readsize);
|
||
|
+ if (r < 0) {
|
||
|
+ log_debug_errno(r, "Unable to read /sys/firmware/uv/prot_virt_guest: %m");
|
||
|
+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||
|
+ }
|
||
|
+
|
||
|
+ if (readsize >= 1 && s[0] == '1')
|
||
|
+ return CONFIDENTIAL_VIRTUALIZATION_PROTVIRT;
|
||
|
+
|
||
|
+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||
|
+}
|
||
|
+
|
||
|
#else /* ! x86_64 */
|
||
|
static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
|
||
|
log_debug("No confidential virtualization detection on this architecture");
|
||
|
@@ -226,11 +245,12 @@ ConfidentialVirtualization detect_confidential_virtualization(void) {
|
||
|
}
|
||
|
|
||
|
static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = {
|
||
|
- [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
|
||
|
- [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",
|
||
|
- [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es",
|
||
|
- [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",
|
||
|
- [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx",
|
||
|
+ [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
|
||
|
+ [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",
|
||
|
+ [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es",
|
||
|
+ [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",
|
||
|
+ [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx",
|
||
|
+ [CONFIDENTIAL_VIRTUALIZATION_PROTVIRT] = "protvirt",
|
||
|
};
|
||
|
|
||
|
DEFINE_STRING_TABLE_LOOKUP(confidential_virtualization, ConfidentialVirtualization);
|
||
|
diff --git a/src/basic/confidential-virt.h b/src/basic/confidential-virt.h
|
||
|
index c02f3b2321..f92e3e883d 100644
|
||
|
--- a/src/basic/confidential-virt.h
|
||
|
+++ b/src/basic/confidential-virt.h
|
||
|
@@ -13,6 +13,7 @@ typedef enum ConfidentialVirtualization {
|
||
|
CONFIDENTIAL_VIRTUALIZATION_SEV_ES,
|
||
|
CONFIDENTIAL_VIRTUALIZATION_SEV_SNP,
|
||
|
CONFIDENTIAL_VIRTUALIZATION_TDX,
|
||
|
+ CONFIDENTIAL_VIRTUALIZATION_PROTVIRT,
|
||
|
|
||
|
_CONFIDENTIAL_VIRTUALIZATION_MAX,
|
||
|
_CONFIDENTIAL_VIRTUALIZATION_INVALID = -EINVAL,
|