From 7b19a3a531fbabb5785dc7f78352d574f079212f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 30 Jul 2024 10:46:46 +0100 Subject: [PATCH] Fix CVM detection on Azure with TDX MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The current TDX support was tested on Azure, however, since that time they now block the CPUID leaf we were using. Instead it is required to issue the Azure specific CPUID calls as we were already doing for SNP. Signed-off-by: Daniel P. Berrangé (cherry picked from commit 059cbff66740ef74cd663f88c5f96a80a8d6d6ea) --- virt-what-cvm.c | 14 +++++++++----- virt-what-cvm.pod | 4 ++-- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/virt-what-cvm.c b/virt-what-cvm.c index 52b3426bc..0daa6ac35 100644 --- a/virt-what-cvm.c +++ b/virt-what-cvm.c @@ -92,6 +92,7 @@ static bool dodebug = false; #define CPUID_HYPERV_ISOLATION_TYPE_MASK 0xf #define CPUID_HYPERV_ISOLATION_TYPE_SNP 2 +#define CPUID_HYPERV_ISOLATION_TYPE_TDX 3 #if defined(__x86_64__) @@ -147,7 +148,7 @@ msr (off_t index) } static bool -cpu_sig_amd_hyperv (void) +cpu_sig_cvm_hyperv (uint32_t isoltype) { uint32_t eax, ebx, ecx, edx; char sig[13]; @@ -175,8 +176,7 @@ cpu_sig_amd_hyperv (void) ebx = ecx = edx = 0; cpuid(&eax, &ebx, &ecx, &edx); - if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == - CPUID_HYPERV_ISOLATION_TYPE_SNP) { + if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype) { return true; } } @@ -212,7 +212,7 @@ cpu_sig_amd (void) if (!(eax & (1 << 1))) { debug ("No sev in CPUID, try hyperv CPUID\n"); - if (cpu_sig_amd_hyperv ()) { + if (cpu_sig_cvm_hyperv (CPUID_HYPERV_ISOLATION_TYPE_SNP)) { puts ("amd-sev-snp"); puts ("hyperv-hcl"); } else { @@ -252,8 +252,12 @@ cpu_sig_intel (void) memset (sig, 0, sizeof sig); cpuid_leaf (CPUID_INTEL_TDX_ENUMERATION, sig, true); - if (memcmp (sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0) + if (memcmp (sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0) { puts ("intel-tdx"); + } else if (cpu_sig_cvm_hyperv (CPUID_HYPERV_ISOLATION_TYPE_TDX)) { + puts ("intel-tdx"); + puts ("hyperv-hcl"); + } } static bool diff --git a/virt-what-cvm.pod b/virt-what-cvm.pod index 0f9076569..70213abd7 100644 --- a/virt-what-cvm.pod +++ b/virt-what-cvm.pod @@ -50,7 +50,7 @@ Status: tested on Fedora 38 QEMU+KVM SEV-SNP (devel snapshot) This is a confidential guest running with Intel TDX technology -Status: tested on Microsoft Azure TDX CVM (preview) +Status: tested on Microsoft Azure TDX CVM =item B @@ -58,7 +58,7 @@ This is a confidential guest running unenlightened under the HyperV (Azure) HCL (Host Compatibility Layer). This will be paired with B. -Status: tested on Microsoft Azure SEV-SNP CVM +Status: tested on Microsoft Azure SEV-SNP & TDX CVM =back -- 2.43.0