(RHEL-56144) Backport confidential virt. improvements #41
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The original CVM detection logic for TDX assumes that the guest can see the standard TDX CPUID leaf. This was true in Azure when this code was originally written, however, current Azure now blocks that leaf in the paravisor. Instead it is required to use the same Azure specific CPUID leaf that is used for SEV-SNP detection, which reports the VM isolation type. Signed-off-by: Daniel P. Berrangé <[email protected]> (cherry picked from commit 9d7be04) Related: RHEL-56144
We have different impls of detect_confidential_virtualization per architecture. The detection is cached in the x86_64 impl, and as we add support for more targets, we want to use caching for all. It thus makes sense to split caching out into an architecture independent method. Signed-off-by: Daniel P. Berrangé <[email protected]> (cherry picked from commit 1c4bd7a) Related: RHEL-56144
The s390x platform provides confidential VMs using the "Secure Execution" technology, which is also referred to as "Protected Virtualization" or just "prot virt" in Linux / QEMU. This can be detected through a simple sysfs attribute. Signed-off-by: Daniel P. Berrangé <[email protected]> (cherry picked from commit 6c35e0a) Resolves: RHEL-56144
This fixes commit 9b0688f Author: Yu Watanabe <[email protected]> Date: Tue Jan 9 10:52:49 2024 +0900 virt: add Google Compute Engine support Signed-off-by: Daniel P. Berrangé <[email protected]> (cherry picked from commit 9ffdfc6) Related: RHEL-56144
Add a section which lists the known confidential virtual machine technologies. Signed-off-by: Daniel P. Berrangé <[email protected]> (cherry picked from commit a8fb5d2) Related: RHEL-56144
github-actions
bot
changed the title
Commit validationTracker - RHEL-56144 The following commits meet all requirements
Tracker validationSuccess🟢 Tracker RHEL-56144 has set desired product: Pull Request validationSuccess🟢 CI - All checks have passed Auto MergeSuccess🟢 Pull Request is not marked as draft and it's not blocked by |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves: RHEL-56144