parent
445a6abc54
commit
1d0ab60403
@ -0,0 +1,25 @@
|
||||
From d6ed92f6f6bffbf98700002eeed231af3336b40e Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Thu, 5 Sep 2024 12:36:01 +0200
|
||||
Subject: [PATCH] ci: rename beta branch to match dist-git name
|
||||
|
||||
rhel-only: ci
|
||||
|
||||
Related: RHEL-57603
|
||||
---
|
||||
.github/tracker-validator.yml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml
|
||||
index 2e858606ff..1226b8a92a 100644
|
||||
--- a/.github/tracker-validator.yml
|
||||
+++ b/.github/tracker-validator.yml
|
||||
@@ -6,7 +6,7 @@ labels:
|
||||
products:
|
||||
- Red Hat Enterprise Linux 10
|
||||
- CentOS Stream 10
|
||||
- - rhel-10.0.beta
|
||||
+ - rhel-10.0-beta
|
||||
- rhel-10.0
|
||||
- rhel-10.0.z
|
||||
- rhel-10.1
|
@ -0,0 +1,41 @@
|
||||
From ab07d071227dd878a7376296ab4baaca4522e4fb Mon Sep 17 00:00:00 2001
|
||||
From: Chengen Du <chengen.du@canonical.com>
|
||||
Date: Mon, 12 Aug 2024 11:41:52 +0800
|
||||
Subject: [PATCH] udev: Handle PTP device symlink properly on udev action
|
||||
'change'
|
||||
|
||||
PTP device symlink creation rules are currently executed only when the
|
||||
udev action is 'add'. If a user reloads the rules and runs the udevadm
|
||||
trigger command to reapply changes, the symlink may be deleted, which
|
||||
can prevent the chronyd service from restarting properly.
|
||||
|
||||
Signed-off-by: Chengen Du <chengen.du@canonical.com>
|
||||
(cherry picked from commit 6bd12be3fa7761f190e17efdbdbff4440da7528b)
|
||||
|
||||
Resolves: RHEL-59871
|
||||
---
|
||||
rules.d/50-udev-default.rules.in | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
|
||||
index 9b00c7037e..6f80feeecf 100644
|
||||
--- a/rules.d/50-udev-default.rules.in
|
||||
+++ b/rules.d/50-udev-default.rules.in
|
||||
@@ -30,6 +30,9 @@ SUBSYSTEM=="pci|usb|platform", IMPORT{builtin}="path_id"
|
||||
|
||||
SUBSYSTEM=="net", IMPORT{builtin}="net_driver"
|
||||
|
||||
+SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm"
|
||||
+SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv"
|
||||
+
|
||||
ACTION!="add", GOTO="default_end"
|
||||
|
||||
SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666"
|
||||
@@ -116,7 +119,4 @@ KERNEL=="vhost-net", GROUP="kvm", MODE="{{DEV_KVM_MODE}}", OPTIONS+="static_node
|
||||
|
||||
KERNEL=="udmabuf", GROUP="kvm"
|
||||
|
||||
-SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm"
|
||||
-SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv"
|
||||
-
|
||||
LABEL="default_end"
|
@ -0,0 +1,121 @@
|
||||
From 1fbfcb7d98c95e80e9332770b78613a803c15c20 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||
Date: Tue, 30 Jul 2024 10:51:21 +0100
|
||||
Subject: [PATCH] Fix detection of TDX confidential VM on Azure platform
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The original CVM detection logic for TDX assumes that the guest can see
|
||||
the standard TDX CPUID leaf. This was true in Azure when this code was
|
||||
originally written, however, current Azure now blocks that leaf in the
|
||||
paravisor. Instead it is required to use the same Azure specific CPUID
|
||||
leaf that is used for SEV-SNP detection, which reports the VM isolation
|
||||
type.
|
||||
|
||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
(cherry picked from commit 9d7be044cad1ae54e344daf8f2ec37da46faf0fd)
|
||||
|
||||
Related: RHEL-56144
|
||||
---
|
||||
src/basic/confidential-virt.c | 11 ++++++++---
|
||||
src/boot/efi/vmm.c | 9 ++++++---
|
||||
src/fundamental/confidential-virt-fundamental.h | 1 +
|
||||
3 files changed, 15 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
|
||||
index b6521cf5bf..8a88a3eb83 100644
|
||||
--- a/src/basic/confidential-virt.c
|
||||
+++ b/src/basic/confidential-virt.c
|
||||
@@ -76,7 +76,7 @@ static uint64_t msr(uint64_t index) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
-static bool detect_hyperv_sev(void) {
|
||||
+static bool detect_hyperv_cvm(uint32_t isoltype) {
|
||||
uint32_t eax, ebx, ecx, edx, feat;
|
||||
char sig[13] = {};
|
||||
|
||||
@@ -100,7 +100,7 @@ static bool detect_hyperv_sev(void) {
|
||||
ebx = ecx = edx = 0;
|
||||
cpuid(&eax, &ebx, &ecx, &edx);
|
||||
|
||||
- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == CPUID_HYPERV_ISOLATION_TYPE_SNP)
|
||||
+ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype)
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -133,7 +133,7 @@ static ConfidentialVirtualization detect_sev(void) {
|
||||
if (!(eax & EAX_SEV)) {
|
||||
log_debug("No sev in CPUID, trying hyperv CPUID");
|
||||
|
||||
- if (detect_hyperv_sev())
|
||||
+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_SNP))
|
||||
return CONFIDENTIAL_VIRTUALIZATION_SEV_SNP;
|
||||
|
||||
log_debug("No hyperv CPUID");
|
||||
@@ -171,6 +171,11 @@ static ConfidentialVirtualization detect_tdx(void) {
|
||||
if (memcmp(sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
|
||||
return CONFIDENTIAL_VIRTUALIZATION_TDX;
|
||||
|
||||
+ log_debug("No tdx in CPUID, trying hyperv CPUID");
|
||||
+
|
||||
+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_TDX))
|
||||
+ return CONFIDENTIAL_VIRTUALIZATION_TDX;
|
||||
+
|
||||
return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
}
|
||||
|
||||
diff --git a/src/boot/efi/vmm.c b/src/boot/efi/vmm.c
|
||||
index 60e216d54c..3459461390 100644
|
||||
--- a/src/boot/efi/vmm.c
|
||||
+++ b/src/boot/efi/vmm.c
|
||||
@@ -337,7 +337,7 @@ static uint64_t msr(uint32_t index) {
|
||||
return val;
|
||||
}
|
||||
|
||||
-static bool detect_hyperv_sev(void) {
|
||||
+static bool detect_hyperv_cvm(uint32_t isoltype) {
|
||||
uint32_t eax, ebx, ecx, edx, feat;
|
||||
char sig[13] = {};
|
||||
|
||||
@@ -354,7 +354,7 @@ static bool detect_hyperv_sev(void) {
|
||||
if (ebx & CPUID_HYPERV_ISOLATION && !(ebx & CPUID_HYPERV_CPU_MANAGEMENT)) {
|
||||
__cpuid(CPUID_HYPERV_ISOLATION_CONFIG, eax, ebx, ecx, edx);
|
||||
|
||||
- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == CPUID_HYPERV_ISOLATION_TYPE_SNP)
|
||||
+ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype)
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -379,7 +379,7 @@ static bool detect_sev(void) {
|
||||
* specific CPUID checks.
|
||||
*/
|
||||
if (!(eax & EAX_SEV))
|
||||
- return detect_hyperv_sev();
|
||||
+ return detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_SNP);
|
||||
|
||||
msrval = msr(MSR_AMD64_SEV);
|
||||
|
||||
@@ -403,6 +403,9 @@ static bool detect_tdx(void) {
|
||||
if (memcmp(sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
|
||||
return true;
|
||||
|
||||
+ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_TDX))
|
||||
+ return true;
|
||||
+
|
||||
return false;
|
||||
}
|
||||
#endif /* ! __i386__ && ! __x86_64__ */
|
||||
diff --git a/src/fundamental/confidential-virt-fundamental.h b/src/fundamental/confidential-virt-fundamental.h
|
||||
index 986923e1c2..618b5800ea 100644
|
||||
--- a/src/fundamental/confidential-virt-fundamental.h
|
||||
+++ b/src/fundamental/confidential-virt-fundamental.h
|
||||
@@ -65,6 +65,7 @@
|
||||
|
||||
#define CPUID_HYPERV_ISOLATION_TYPE_MASK UINT32_C(0xf)
|
||||
#define CPUID_HYPERV_ISOLATION_TYPE_SNP 2
|
||||
+#define CPUID_HYPERV_ISOLATION_TYPE_TDX 3
|
||||
|
||||
#define EAX_SEV (UINT32_C(1) << 1)
|
||||
#define MSR_SEV (UINT64_C(1) << 0)
|
@ -0,0 +1,76 @@
|
||||
From d697ad145aa564aff3ac5cb9b6a63667ce2b391c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||
Date: Fri, 2 Aug 2024 16:26:00 +0100
|
||||
Subject: [PATCH] confidential-virt: split caching of CVM detection into
|
||||
separate method
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
We have different impls of detect_confidential_virtualization per
|
||||
architecture. The detection is cached in the x86_64 impl, and as we
|
||||
add support for more targets, we want to use caching for all. It thus
|
||||
makes sense to split caching out into an architecture independent
|
||||
method.
|
||||
|
||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
(cherry picked from commit 1c4bd7adcc281af2a2dd40867f64f2ac54a43c7a)
|
||||
|
||||
Related: RHEL-56144
|
||||
---
|
||||
src/basic/confidential-virt.c | 25 ++++++++++++++-----------
|
||||
1 file changed, 14 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
|
||||
index 8a88a3eb83..0e05ecffbf 100644
|
||||
--- a/src/basic/confidential-virt.c
|
||||
+++ b/src/basic/confidential-virt.c
|
||||
@@ -194,34 +194,37 @@ static bool detect_hypervisor(void) {
|
||||
return is_hv;
|
||||
}
|
||||
|
||||
-ConfidentialVirtualization detect_confidential_virtualization(void) {
|
||||
- static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID;
|
||||
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
|
||||
char sig[13] = {};
|
||||
- ConfidentialVirtualization cv = CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
-
|
||||
- if (cached_found >= 0)
|
||||
- return cached_found;
|
||||
|
||||
/* Skip everything on bare metal */
|
||||
if (detect_hypervisor()) {
|
||||
cpuid_leaf(0, sig, true);
|
||||
|
||||
if (memcmp(sig, CPUID_SIG_AMD, sizeof(sig)) == 0)
|
||||
- cv = detect_sev();
|
||||
+ return detect_sev();
|
||||
else if (memcmp(sig, CPUID_SIG_INTEL, sizeof(sig)) == 0)
|
||||
- cv = detect_tdx();
|
||||
+ return detect_tdx();
|
||||
}
|
||||
|
||||
- cached_found = cv;
|
||||
- return cv;
|
||||
+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
}
|
||||
#else /* ! x86_64 */
|
||||
-ConfidentialVirtualization detect_confidential_virtualization(void) {
|
||||
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
|
||||
log_debug("No confidential virtualization detection on this architecture");
|
||||
return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
}
|
||||
#endif /* ! x86_64 */
|
||||
|
||||
+ConfidentialVirtualization detect_confidential_virtualization(void) {
|
||||
+ static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID;
|
||||
+
|
||||
+ if (cached_found == _CONFIDENTIAL_VIRTUALIZATION_INVALID)
|
||||
+ cached_found = detect_confidential_virtualization_impl();
|
||||
+
|
||||
+ return cached_found;
|
||||
+}
|
||||
+
|
||||
static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = {
|
||||
[CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
|
||||
[CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",
|
@ -0,0 +1,90 @@
|
||||
From a9da2854f199bb3729b29ea4175858067313659e Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||
Date: Fri, 2 Aug 2024 11:03:10 +0100
|
||||
Subject: [PATCH] confidential-virt: add detection for s390x target
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The s390x platform provides confidential VMs using the "Secure Execution"
|
||||
technology, which is also referred to as "Protected Virtualization" or
|
||||
just "prot virt" in Linux / QEMU.
|
||||
|
||||
This can be detected through a simple sysfs attribute.
|
||||
|
||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
(cherry picked from commit 6c35e0a51cc6a852ce239ea46cd75c133212a68e)
|
||||
|
||||
Resolves: RHEL-56144
|
||||
---
|
||||
src/basic/confidential-virt.c | 30 +++++++++++++++++++++++++-----
|
||||
src/basic/confidential-virt.h | 1 +
|
||||
2 files changed, 26 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
|
||||
index 0e05ecffbf..c246636c7c 100644
|
||||
--- a/src/basic/confidential-virt.c
|
||||
+++ b/src/basic/confidential-virt.c
|
||||
@@ -11,6 +11,7 @@
|
||||
#include "confidential-virt-fundamental.h"
|
||||
#include "confidential-virt.h"
|
||||
#include "fd-util.h"
|
||||
+#include "fileio.h"
|
||||
#include "missing_threads.h"
|
||||
#include "string-table.h"
|
||||
#include "utf8.h"
|
||||
@@ -209,6 +210,24 @@ static ConfidentialVirtualization detect_confidential_virtualization_impl(void)
|
||||
|
||||
return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
}
|
||||
+#elif defined(__s390x__)
|
||||
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
|
||||
+ _cleanup_free_ char *s = NULL;
|
||||
+ size_t readsize;
|
||||
+ int r;
|
||||
+
|
||||
+ r = read_full_virtual_file("/sys/firmware/uv/prot_virt_guest", &s, &readsize);
|
||||
+ if (r < 0) {
|
||||
+ log_debug_errno(r, "Unable to read /sys/firmware/uv/prot_virt_guest: %m");
|
||||
+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
+ }
|
||||
+
|
||||
+ if (readsize >= 1 && s[0] == '1')
|
||||
+ return CONFIDENTIAL_VIRTUALIZATION_PROTVIRT;
|
||||
+
|
||||
+ return CONFIDENTIAL_VIRTUALIZATION_NONE;
|
||||
+}
|
||||
+
|
||||
#else /* ! x86_64 */
|
||||
static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
|
||||
log_debug("No confidential virtualization detection on this architecture");
|
||||
@@ -226,11 +245,12 @@ ConfidentialVirtualization detect_confidential_virtualization(void) {
|
||||
}
|
||||
|
||||
static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = {
|
||||
- [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
|
||||
- [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",
|
||||
- [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es",
|
||||
- [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",
|
||||
- [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx",
|
||||
+ [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none",
|
||||
+ [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev",
|
||||
+ [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es",
|
||||
+ [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",
|
||||
+ [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx",
|
||||
+ [CONFIDENTIAL_VIRTUALIZATION_PROTVIRT] = "protvirt",
|
||||
};
|
||||
|
||||
DEFINE_STRING_TABLE_LOOKUP(confidential_virtualization, ConfidentialVirtualization);
|
||||
diff --git a/src/basic/confidential-virt.h b/src/basic/confidential-virt.h
|
||||
index c02f3b2321..f92e3e883d 100644
|
||||
--- a/src/basic/confidential-virt.h
|
||||
+++ b/src/basic/confidential-virt.h
|
||||
@@ -13,6 +13,7 @@ typedef enum ConfidentialVirtualization {
|
||||
CONFIDENTIAL_VIRTUALIZATION_SEV_ES,
|
||||
CONFIDENTIAL_VIRTUALIZATION_SEV_SNP,
|
||||
CONFIDENTIAL_VIRTUALIZATION_TDX,
|
||||
+ CONFIDENTIAL_VIRTUALIZATION_PROTVIRT,
|
||||
|
||||
_CONFIDENTIAL_VIRTUALIZATION_MAX,
|
||||
_CONFIDENTIAL_VIRTUALIZATION_INVALID = -EINVAL,
|
@ -0,0 +1,37 @@
|
||||
From 776706c0b675a52ea83d1790e3598253592dd6a6 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||
Date: Fri, 2 Aug 2024 13:07:13 +0100
|
||||
Subject: [PATCH] man/systemd-detect-virt: fix row spanning for VM header
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This fixes
|
||||
|
||||
commit 9b0688f491674b53ef7a52bdf561a430c53673d6
|
||||
Author: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Tue Jan 9 10:52:49 2024 +0900
|
||||
|
||||
virt: add Google Compute Engine support
|
||||
|
||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
(cherry picked from commit 9ffdfc67c6aedcb66c2b18c2c61bc32e585e6d6e)
|
||||
|
||||
Related: RHEL-56144
|
||||
---
|
||||
man/systemd-detect-virt.xml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
|
||||
index 2239294145..6b49e3a519 100644
|
||||
--- a/man/systemd-detect-virt.xml
|
||||
+++ b/man/systemd-detect-virt.xml
|
||||
@@ -62,7 +62,7 @@
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
- <entry valign="top" morerows="16">VM</entry>
|
||||
+ <entry valign="top" morerows="17">VM</entry>
|
||||
<entry><varname>qemu</varname></entry>
|
||||
<entry>QEMU software virtualization, without KVM</entry>
|
||||
</row>
|
@ -0,0 +1,74 @@
|
||||
From 390217689905f0e12f080ddf8bd4fdefefcd38df Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||
Date: Fri, 2 Aug 2024 13:17:56 +0100
|
||||
Subject: [PATCH] man/systemd-detect-virt: list known CVM technologies
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Add a section which lists the known confidential virtual machine
|
||||
technologies.
|
||||
|
||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
(cherry picked from commit a8fb5d21fd6127a6d05757c793cc9ba47f65c893)
|
||||
|
||||
Related: RHEL-56144
|
||||
---
|
||||
man/systemd-detect-virt.xml | 44 +++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 44 insertions(+)
|
||||
|
||||
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
|
||||
index 6b49e3a519..a4fcdfbc9d 100644
|
||||
--- a/man/systemd-detect-virt.xml
|
||||
+++ b/man/systemd-detect-virt.xml
|
||||
@@ -217,6 +217,50 @@
|
||||
WSL is categorized as a container for practical purposes.
|
||||
Multiple WSL environments share the same kernel and services
|
||||
should generally behave like when being run in a container.</para>
|
||||
+
|
||||
+ <para>When executed with <option>--cvm</option>, instead of
|
||||
+ printing the virtualization technology, it will display the
|
||||
+ confidential virtual machine technology, if any. The
|
||||
+ following technologies are currently identified:</para>
|
||||
+
|
||||
+ <table>
|
||||
+ <title>Known confidential virtualization technologies</title>
|
||||
+ <tgroup cols='2' align='left' colsep='1' rowsep='1'>
|
||||
+ <colspec colname="id" />
|
||||
+ <colspec colname="product" />
|
||||
+ <thead>
|
||||
+ <row>
|
||||
+ <entry>Arch</entry>
|
||||
+ <entry>ID</entry>
|
||||
+ <entry>Technology</entry>
|
||||
+ </row>
|
||||
+ </thead>
|
||||
+ <tbody>
|
||||
+ <row>
|
||||
+ <entry valign="top" morerows="3">x86_64</entry>
|
||||
+ <entry><varname>sev</varname></entry>
|
||||
+ <entry>AMD Secure Encrypted Virtualization</entry>
|
||||
+ </row>
|
||||
+ <row>
|
||||
+ <entry><varname>sev-es</varname></entry>
|
||||
+ <entry>AMD Secure Encrypted Virtualization - Encrypted State</entry>
|
||||
+ </row>
|
||||
+ <row>
|
||||
+ <entry><varname>sev-snp</varname></entry>
|
||||
+ <entry>AMD Secure Encrypted Virtualization - Secure Nested Paging</entry>
|
||||
+ </row>
|
||||
+ <row>
|
||||
+ <entry><varname>tdx</varname></entry>
|
||||
+ <entry>Intel Trust Domain Extensions</entry>
|
||||
+ </row>
|
||||
+ <row>
|
||||
+ <entry>s390x</entry>
|
||||
+ <entry><varname>protvirt</varname></entry>
|
||||
+ <entry>IBM Protected Virtualization (Secure Execution)</entry>
|
||||
+ </row>
|
||||
+ </tbody>
|
||||
+ </tgroup>
|
||||
+ </table>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
Loading…
Reference in new issue