parent
396de4eb9d
commit
45cdc9a524
@ -1 +1,2 @@
|
|||||||
SOURCES/virt-what-1.26.tar.gz
|
SOURCES/libguestfs.keyring
|
||||||
|
SOURCES/virt-what-1.27.tar.gz
|
||||||
|
@ -1 +1,2 @@
|
|||||||
d5a06a9c87956dd0ac719a30b6d00cfcda69a79c SOURCES/virt-what-1.26.tar.gz
|
1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring
|
||||||
|
9c405e24083821e8d9afe05f20717c66fd343949 SOURCES/virt-what-1.27.tar.gz
|
||||||
|
@ -1,97 +0,0 @@
|
|||||||
From 059cbff66740ef74cd663f88c5f96a80a8d6d6ea Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
|
||||||
Date: Tue, 30 Jul 2024 10:46:46 +0100
|
|
||||||
Subject: [PATCH] Fix CVM detection on Azure with TDX
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
The current TDX support was tested on Azure, however, since that time
|
|
||||||
they now block the CPUID leaf we were using. Instead it is required to
|
|
||||||
issue the Azure specific CPUID calls as we were already doing for SNP.
|
|
||||||
|
|
||||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
||||||
---
|
|
||||||
virt-what-cvm.c | 14 +++++++++-----
|
|
||||||
virt-what-cvm.pod | 4 ++--
|
|
||||||
2 files changed, 11 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/virt-what-cvm.c b/virt-what-cvm.c
|
|
||||||
index 52b3426bc..0daa6ac35 100644
|
|
||||||
--- a/virt-what-cvm.c
|
|
||||||
+++ b/virt-what-cvm.c
|
|
||||||
@@ -92,6 +92,7 @@ static bool dodebug = false;
|
|
||||||
|
|
||||||
#define CPUID_HYPERV_ISOLATION_TYPE_MASK 0xf
|
|
||||||
#define CPUID_HYPERV_ISOLATION_TYPE_SNP 2
|
|
||||||
+#define CPUID_HYPERV_ISOLATION_TYPE_TDX 3
|
|
||||||
|
|
||||||
#if defined(__x86_64__)
|
|
||||||
|
|
||||||
@@ -147,7 +148,7 @@ msr (off_t index)
|
|
||||||
}
|
|
||||||
|
|
||||||
static bool
|
|
||||||
-cpu_sig_amd_hyperv (void)
|
|
||||||
+cpu_sig_cvm_hyperv (uint32_t isoltype)
|
|
||||||
{
|
|
||||||
uint32_t eax, ebx, ecx, edx;
|
|
||||||
char sig[13];
|
|
||||||
@@ -175,8 +176,7 @@ cpu_sig_amd_hyperv (void)
|
|
||||||
ebx = ecx = edx = 0;
|
|
||||||
cpuid(&eax, &ebx, &ecx, &edx);
|
|
||||||
|
|
||||||
- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) ==
|
|
||||||
- CPUID_HYPERV_ISOLATION_TYPE_SNP) {
|
|
||||||
+ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -212,7 +212,7 @@ cpu_sig_amd (void)
|
|
||||||
if (!(eax & (1 << 1))) {
|
|
||||||
debug ("No sev in CPUID, try hyperv CPUID\n");
|
|
||||||
|
|
||||||
- if (cpu_sig_amd_hyperv ()) {
|
|
||||||
+ if (cpu_sig_cvm_hyperv (CPUID_HYPERV_ISOLATION_TYPE_SNP)) {
|
|
||||||
puts ("amd-sev-snp");
|
|
||||||
puts ("hyperv-hcl");
|
|
||||||
} else {
|
|
||||||
@@ -252,8 +252,12 @@ cpu_sig_intel (void)
|
|
||||||
memset (sig, 0, sizeof sig);
|
|
||||||
cpuid_leaf (CPUID_INTEL_TDX_ENUMERATION, sig, true);
|
|
||||||
|
|
||||||
- if (memcmp (sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
|
|
||||||
+ if (memcmp (sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0) {
|
|
||||||
puts ("intel-tdx");
|
|
||||||
+ } else if (cpu_sig_cvm_hyperv (CPUID_HYPERV_ISOLATION_TYPE_TDX)) {
|
|
||||||
+ puts ("intel-tdx");
|
|
||||||
+ puts ("hyperv-hcl");
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
static bool
|
|
||||||
diff --git a/virt-what-cvm.pod b/virt-what-cvm.pod
|
|
||||||
index 0f9076569..70213abd7 100644
|
|
||||||
--- a/virt-what-cvm.pod
|
|
||||||
+++ b/virt-what-cvm.pod
|
|
||||||
@@ -50,7 +50,7 @@ Status: tested on Fedora 38 QEMU+KVM SEV-SNP (devel snapshot)
|
|
||||||
|
|
||||||
This is a confidential guest running with Intel TDX technology
|
|
||||||
|
|
||||||
-Status: tested on Microsoft Azure TDX CVM (preview)
|
|
||||||
+Status: tested on Microsoft Azure TDX CVM
|
|
||||||
|
|
||||||
=item B<hyperv-hcl>
|
|
||||||
|
|
||||||
@@ -58,7 +58,7 @@ This is a confidential guest running unenlightened under the
|
|
||||||
HyperV (Azure) HCL (Host Compatibility Layer). This will be
|
|
||||||
paired with B<amd-sev-snp>.
|
|
||||||
|
|
||||||
-Status: tested on Microsoft Azure SEV-SNP CVM
|
|
||||||
+Status: tested on Microsoft Azure SEV-SNP & TDX CVM
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
@ -1,65 +0,0 @@
|
|||||||
From 037689fbe95e403b050c1eb736ebc8fdc2e601a5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
|
||||||
Date: Fri, 2 Aug 2024 16:07:46 +0100
|
|
||||||
Subject: [PATCH] Add support for detecting protected virtualization on s390x
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
||||||
---
|
|
||||||
virt-what-cvm.c | 21 ++++++++++++++++++++-
|
|
||||||
virt-what-cvm.pod | 5 +++++
|
|
||||||
2 files changed, 25 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/virt-what-cvm.c b/virt-what-cvm.c
|
|
||||||
index 0daa6ac35..320df478b 100644
|
|
||||||
--- a/virt-what-cvm.c
|
|
||||||
+++ b/virt-what-cvm.c
|
|
||||||
@@ -295,7 +295,26 @@ cpu_sig (void)
|
|
||||||
cpu_sig_intel ();
|
|
||||||
}
|
|
||||||
|
|
||||||
-#else /* !x86_64 */
|
|
||||||
+#elif defined(__s390x__)
|
|
||||||
+
|
|
||||||
+#define SYSFS_PROT_VIRT "/sys/firmware/uv/prot_virt_guest"
|
|
||||||
+
|
|
||||||
+static void
|
|
||||||
+cpu_sig (void)
|
|
||||||
+{
|
|
||||||
+ int fd = open("/sys/firmware/uv/prot_virt_guest", O_RDONLY);
|
|
||||||
+ char c;
|
|
||||||
+ if (fd < 0)
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ if (read(fd, &c, 1) == 1 && c == '1')
|
|
||||||
+ puts("s390-protvirt");
|
|
||||||
+
|
|
||||||
+ close(fd);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+#else /* ! x86_64 && ! s390x */
|
|
||||||
|
|
||||||
static void
|
|
||||||
cpu_sig (void)
|
|
||||||
diff --git a/virt-what-cvm.pod b/virt-what-cvm.pod
|
|
||||||
index 70213abd7..00e21cb70 100644
|
|
||||||
--- a/virt-what-cvm.pod
|
|
||||||
+++ b/virt-what-cvm.pod
|
|
||||||
@@ -60,6 +60,11 @@ paired with B<amd-sev-snp>.
|
|
||||||
|
|
||||||
Status: tested on Microsoft Azure SEV-SNP & TDX CVM
|
|
||||||
|
|
||||||
+=item B<s390x-protvirt>
|
|
||||||
+
|
|
||||||
+This is a confidential guest running on s390x with the
|
|
||||||
+Protected Virtualization (Secure Execution) technology
|
|
||||||
+
|
|
||||||
=back
|
|
||||||
|
|
||||||
=head1 EXIT STATUS
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
@ -1,28 +0,0 @@
|
|||||||
From 963676c4dd4c2a9c070b76da6f8835ceb131dbe0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
||||||
Date: Tue, 13 Aug 2024 13:23:06 +0100
|
|
||||||
Subject: [PATCH] virt-what-cvm.pod: Fix man page typo s390x-protvirt ->
|
|
||||||
s390-protvirt
|
|
||||||
|
|
||||||
Reported-by: Yongkui Guo
|
|
||||||
Fixes: commit 037689fbe95e403b050c1eb736ebc8fdc2e601a5
|
|
||||||
---
|
|
||||||
virt-what-cvm.pod | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/virt-what-cvm.pod b/virt-what-cvm.pod
|
|
||||||
index 00e21cb70..a76717984 100644
|
|
||||||
--- a/virt-what-cvm.pod
|
|
||||||
+++ b/virt-what-cvm.pod
|
|
||||||
@@ -60,7 +60,7 @@ paired with B<amd-sev-snp>.
|
|
||||||
|
|
||||||
Status: tested on Microsoft Azure SEV-SNP & TDX CVM
|
|
||||||
|
|
||||||
-=item B<s390x-protvirt>
|
|
||||||
+=item B<s390-protvirt>
|
|
||||||
|
|
||||||
This is a confidential guest running on s390x with the
|
|
||||||
Protected Virtualization (Secure Execution) technology
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
@ -0,0 +1,17 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmbS4bURHHJpY2hAYW5u
|
||||||
|
ZXhpYS5vcmcACgkQkXOPc+G3aKDwuw//aneF5kGO24fVlZ2r+gtoE/yKabzpv913
|
||||||
|
Y5YNq1otagI/Na5nBiOiCqP9lg8XfW2mCGwYASFx9pQ5AXf9P9u6hf1qzI8ZkNSl
|
||||||
|
sHqNeQNLBSGySt5ODGYyyA6CWGqhyvNIGalmCqUrAkPoKKya2hJjA70b0F3fsuU1
|
||||||
|
G6Hm3Huv9WcUWKnY+2tg3mUu0geWhH6ED6dWiqS1l22wCNG0AorXeBjYV9tFA5T7
|
||||||
|
qzUwcif3AN2FP1LFiCOOEqorEgmRtiUUuPPtDXrZWR1csrN7Y/SeOHk4Ik5wHcZ8
|
||||||
|
e2+rk6fxPgZp90J1jUw12DELlD9WwoYFRjsyfhgud8hp978CUHG7MZOnNkGCE+HE
|
||||||
|
jZQ0I5xQ9rRAiw/XpuJFR/E3NF4oZuslMyLYrTGZ5u/feW+EcnHNN8jsj/8LsgA0
|
||||||
|
4KWjiNtO4Wy9Kov5hpNKlYwZZ84Pae3ffj0MtyQAsxXwlsBzHOf0AySX5FeY0Zeq
|
||||||
|
J0EhRyfHNLkeI5n5kIlp4/PcRTItwrUP+cUicTe+PDYYxJJuna5EEl4NmUjOE/76
|
||||||
|
v1xE3IqURXoK+cuIm39iZQ1/PDpXIZ0/kcCScs4rwTH4avG/fiNuOVxNXd/vLWcC
|
||||||
|
tCfW7kXzesgKJfVUijQ6fUtKSC239pGyFKCV1OhpuXlchIm8/iCi/o+G2zcN8itE
|
||||||
|
XgItGGqncXI=
|
||||||
|
=dbrV
|
||||||
|
-----END PGP SIGNATURE-----
|
Loading…
Reference in new issue