-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(RHEL-56144) Backport confidential virt. improvements #41
(RHEL-56144) Backport confidential virt. improvements #41
Conversation
The original CVM detection logic for TDX assumes that the guest can see the standard TDX CPUID leaf. This was true in Azure when this code was originally written, however, current Azure now blocks that leaf in the paravisor. Instead it is required to use the same Azure specific CPUID leaf that is used for SEV-SNP detection, which reports the VM isolation type. Signed-off-by: Daniel P. Berrangé <[email protected]> (cherry picked from commit 9d7be044cad1ae54e344daf8f2ec37da46faf0fd) Related: RHEL-56144
We have different impls of detect_confidential_virtualization per architecture. The detection is cached in the x86_64 impl, and as we add support for more targets, we want to use caching for all. It thus makes sense to split caching out into an architecture independent method. Signed-off-by: Daniel P. Berrangé <[email protected]> (cherry picked from commit 1c4bd7adcc281af2a2dd40867f64f2ac54a43c7a) Related: RHEL-56144
The s390x platform provides confidential VMs using the "Secure Execution" technology, which is also referred to as "Protected Virtualization" or just "prot virt" in Linux / QEMU. This can be detected through a simple sysfs attribute. Signed-off-by: Daniel P. Berrangé <[email protected]> (cherry picked from commit 6c35e0a51cc6a852ce239ea46cd75c133212a68e) Resolves: RHEL-56144
This fixes commit 9b0688f Author: Yu Watanabe <[email protected]> Date: Tue Jan 9 10:52:49 2024 +0900 virt: add Google Compute Engine support Signed-off-by: Daniel P. Berrangé <[email protected]> (cherry picked from commit 9ffdfc67c6aedcb66c2b18c2c61bc32e585e6d6e) Related: RHEL-56144
Add a section which lists the known confidential virtual machine technologies. Signed-off-by: Daniel P. Berrangé <[email protected]> (cherry picked from commit a8fb5d21fd6127a6d05757c793cc9ba47f65c893) Related: RHEL-56144
Commit validationTracker - RHEL-56144 The following commits meet all requirements
Tracker validationSuccess🟢 Tracker RHEL-56144 has set desired product: Pull Request validationSuccess🟢 CI - All checks have passed Auto MergeSuccess🟢 Pull Request is not marked as draft and it's not blocked by |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Resolves: RHEL-56144