[PATCH v4 08/31] i386/sev: Add a sev_snp

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v4 08/31] i386/sev: Add a sev_snp_enabled() helper

From:	Pankaj Gupta
Subject:	[PATCH v4 08/31] i386/sev: Add a sev_snp_enabled() helper
Date:	Thu, 30 May 2024 06:16:20 -0500

From: Michael Roth <michael.roth@amd.com>

Add a simple helper to check if the current guest type is SNP. Also have
SNP-enabled imply that SEV-ES is enabled as well, and fix up any places
where the sev_es_enabled() check is expecting a pure/non-SNP guest.

Signed-off-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@amd.com>
---
 target/i386/sev.c | 13 ++++++++++++-
 target/i386/sev.h |  2 ++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 841b45f59b..f4f1971202 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -333,12 +333,21 @@ sev_enabled(void)
     return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_COMMON);
 }
 
+bool
+sev_snp_enabled(void)
+{
+    ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs;
+
+    return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_SNP_GUEST);
+}
+
 bool
 sev_es_enabled(void)
 {
     ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs;
 
-    return sev_enabled() && (SEV_GUEST(cgs)->policy & SEV_POLICY_ES);
+    return sev_snp_enabled() ||
+            (sev_enabled() && SEV_GUEST(cgs)->policy & SEV_POLICY_ES);
 }
 
 uint32_t
@@ -954,7 +963,9 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, 
Error **errp)
                        "support", __func__);
             goto err;
         }
+    }
 
+    if (sev_es_enabled() && !sev_snp_enabled()) {
         if (!(status.flags & SEV_STATUS_FLAGS_CONFIG_ES)) {
             error_setg(errp, "%s: guest policy requires SEV-ES, but "
                          "host SEV-ES support unavailable",
diff --git a/target/i386/sev.h b/target/i386/sev.h
index bedc667eeb..94295ee74f 100644
--- a/target/i386/sev.h
+++ b/target/i386/sev.h
@@ -45,9 +45,11 @@ typedef struct SevKernelLoaderContext {
 #ifdef CONFIG_SEV
 bool sev_enabled(void);
 bool sev_es_enabled(void);
+bool sev_snp_enabled(void);
 #else
 #define sev_enabled() 0
 #define sev_es_enabled() 0
+#define sev_snp_enabled() 0
 #endif
 
 uint32_t sev_get_cbit_position(void);
-- 
2.34.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v4 05/31] i386/sev: Move sev_launch_update to separate class method, (continued)
- [PATCH v4 05/31] i386/sev: Move sev_launch_update to separate class method, Pankaj Gupta, 2024/05/30
- [PATCH v4 10/31] i386/sev: Add snp_kvm_init() override for SNP class, Pankaj Gupta, 2024/05/30
  - Re: [PATCH v4 10/31] i386/sev: Add snp_kvm_init() override for SNP class, Paolo Bonzini, 2024/05/31
- [PATCH v4 04/31] i386/sev: Introduce "sev-common" type to encapsulate common SEV state, Pankaj Gupta, 2024/05/30
  - Re: [PATCH v4 04/31] i386/sev: Introduce "sev-common" type to encapsulate common SEV state, Paolo Bonzini, 2024/05/31
- [PATCH v4 07/31] i386/sev: Introduce 'sev-snp-guest' object, Pankaj Gupta, 2024/05/30
  - Re: [PATCH v4 07/31] i386/sev: Introduce 'sev-snp-guest' object, Paolo Bonzini, 2024/05/31
- [PATCH v4 06/31] i386/sev: Move sev_launch_finish to separate class method, Pankaj Gupta, 2024/05/30
- [PATCH v4 09/31] i386/sev: Add sev_kvm_init() override for SEV class, Pankaj Gupta, 2024/05/30
  - Re: [PATCH v4 09/31] i386/sev: Add sev_kvm_init() override for SEV class, Paolo Bonzini, 2024/05/31
- [PATCH v4 08/31] i386/sev: Add a sev_snp_enabled() helper, Pankaj Gupta <=
- [PATCH v4 11/31] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled, Pankaj Gupta, 2024/05/30
- [PATCH v4 13/31] i386/sev: Add a class method to determine KVM VM type for SNP guests, Pankaj Gupta, 2024/05/30
- [PATCH v4 17/31] i386/sev: Set CPU state to protected once SNP guest payload is finalized, Pankaj Gupta, 2024/05/30
- [PATCH v4 12/31] i386/sev: Don't return launch measurements for SEV-SNP guests, Pankaj Gupta, 2024/05/30
- [PATCH v4 15/31] i386/sev: Add the SNP launch start context, Pankaj Gupta, 2024/05/30
- [PATCH v4 14/31] i386/sev: Update query-sev QAPI format to handle SEV-SNP, Pankaj Gupta, 2024/05/30
- [PATCH v4 20/31] i386/sev: Add support for SNP CPUID validation, Pankaj Gupta, 2024/05/30
- [PATCH v4 21/31] i386/sev: Extract build_kernel_loader_hashes, Pankaj Gupta, 2024/05/30
- [PATCH v4 16/31] i386/sev: Add handling to encrypt/finalize guest launch data, Pankaj Gupta, 2024/05/30
- [PATCH v4 24/31] hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled, Pankaj Gupta, 2024/05/30

Prev by Date: [PATCH v4 09/31] i386/sev: Add sev_kvm_init() override for SEV class
Next by Date: [PATCH v4 11/31] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled
Previous by thread: Re: [PATCH v4 09/31] i386/sev: Add sev_kvm_init() override for SEV class
Next by thread: [PATCH v4 11/31] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled
Index(es):
- Date
- Thread