From 30c01e535d8bed8223c542513f2c93c3ecefa370 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Mon, 24 Jun 2024 09:22:16 +0200 Subject: [PATCH] virt-host-validate: Move AMD SEV into a separate func MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The code that validates AMD SEV is going to be expanded soon. Move it into its own function to avoid lengthening virHostValidateSecureGuests() where the code lives now, even more. Signed-off-by: Michal Privoznik Reviewed-by: Jiri Denemark Reviewed-by: Daniel P. Berrangé --- tools/virt-host-validate-common.c | 55 ++++++++++++++++++------------- 1 file changed, 33 insertions(+), 22 deletions(-) diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c index ad06dfb245..3e6a1c78ae 100644 --- a/tools/virt-host-validate-common.c +++ b/tools/virt-host-validate-common.c @@ -379,6 +379,36 @@ bool virHostKernelModuleIsLoaded(const char *module) } +static int +virHostValidateAMDSev(virValidateLevel level) +{ + g_autofree char *mod_value = NULL; + + if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parameters/sev") < 0) { + virValidateFail(level, "AMD Secure Encrypted Virtualization not " + "supported by the currently used kernel"); + return VIR_VALIDATE_FAILURE(level); + } + + if (mod_value[0] != '1' && mod_value[0] != 'Y' && mod_value[0] != 'y') { + virValidateFail(level, + "AMD Secure Encrypted Virtualization appears to be " + "disabled in kernel. Add kvm_amd.sev=1 " + "to the kernel cmdline arguments"); + return VIR_VALIDATE_FAILURE(level); + } + + if (!virFileExists("/dev/sev")) { + virValidateFail(level, + "AMD Secure Encrypted Virtualization appears to be " + "disabled in firmware."); + return VIR_VALIDATE_FAILURE(level); + } + + return 1; +} + + int virHostValidateSecureGuests(const char *hvname, virValidateLevel level) { @@ -388,7 +418,6 @@ int virHostValidateSecureGuests(const char *hvname, virArch arch = virArchFromHost(); g_autofree char *cmdline = NULL; static const char *kIBMValues[] = {"y", "Y", "on", "ON", "oN", "On", "1"}; - g_autofree char *mod_value = NULL; flags = virHostValidateGetCPUFlags(); @@ -430,29 +459,11 @@ int virHostValidateSecureGuests(const char *hvname, return VIR_VALIDATE_FAILURE(level); } } else if (hasAMDSev) { - if (virFileReadValueString(&mod_value, "/sys/module/kvm_amd/parameters/sev") < 0) { - virValidateFail(level, "AMD Secure Encrypted Virtualization not " - "supported by the currently used kernel"); - return VIR_VALIDATE_FAILURE(level); - } - - if (mod_value[0] != '1' && mod_value[0] != 'Y' && mod_value[0] != 'y') { - virValidateFail(level, - "AMD Secure Encrypted Virtualization appears to be " - "disabled in kernel. Add kvm_amd.sev=1 " - "to the kernel cmdline arguments"); - return VIR_VALIDATE_FAILURE(level); - } + int rc = virHostValidateAMDSev(level); - if (virFileExists("/dev/sev")) { + if (rc > 0) virValidatePass(); - return 1; - } else { - virValidateFail(level, - "AMD Secure Encrypted Virtualization appears to be " - "disabled in firmware."); - return VIR_VALIDATE_FAILURE(level); - } + return rc; } virValidateFail(level, -- 2.39.5