confidential-virt: add detection for s390x target

berrange · lnykryn · commit f47239f3e5ae · 2024-08-22T10:45:18.000+02:00
The s390x platform provides confidential VMs using the "Secure Execution"
technology, which is also referred to as "Protected Virtualization" or
just "prot virt" in Linux / QEMU.

This can be detected through a simple sysfs attribute.

Signed-off-by: Daniel P. Berrangé &lt;berrange@redhat.com&gt;
(cherry picked from commit 6c35e0a51cc6a852ce239ea46cd75c133212a68e)

Related: RHEL-50651
diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c
@@ -11,6 +11,7 @@
 
 #include "confidential-virt.h"
 #include "fd-util.h"
+#include "fileio.h"
 #include "missing_threads.h"
 #include "string-table.h"
 #include "utf8.h"
@@ -269,6 +270,24 @@ static ConfidentialVirtualization detect_confidential_virtualization_impl(void)
 
         return CONFIDENTIAL_VIRTUALIZATION_NONE;
 }
+#elif defined(__s390x__)
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
+        _cleanup_free_ char *s = NULL;
+        size_t readsize;
+        int r;
+
+        r = read_full_virtual_file("/sys/firmware/uv/prot_virt_guest", &s, &readsize);
+        if (r < 0) {
+                log_debug_errno(r, "Unable to read /sys/firmware/uv/prot_virt_guest: %m");
+                return CONFIDENTIAL_VIRTUALIZATION_NONE;
+        }
+
+        if (readsize >= 1 && s[0] == '1')
+                return CONFIDENTIAL_VIRTUALIZATION_PROTVIRT;
+
+        return CONFIDENTIAL_VIRTUALIZATION_NONE;
+}
+
 #else /* ! x86_64 */
 static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
         log_debug("No confidential virtualization detection on this architecture");
@@ -286,11 +305,12 @@ ConfidentialVirtualization detect_confidential_virtualization(void) {
 }
 
 static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = {
-        [CONFIDENTIAL_VIRTUALIZATION_NONE]    = "none",
-        [CONFIDENTIAL_VIRTUALIZATION_SEV]     = "sev",
-        [CONFIDENTIAL_VIRTUALIZATION_SEV_ES]  = "sev-es",
-        [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",
-        [CONFIDENTIAL_VIRTUALIZATION_TDX]     = "tdx",
+        [CONFIDENTIAL_VIRTUALIZATION_NONE]     = "none",
+        [CONFIDENTIAL_VIRTUALIZATION_SEV]      = "sev",
+        [CONFIDENTIAL_VIRTUALIZATION_SEV_ES]   = "sev-es",
+        [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP]  = "sev-snp",
+        [CONFIDENTIAL_VIRTUALIZATION_TDX]      = "tdx",
+        [CONFIDENTIAL_VIRTUALIZATION_PROTVIRT] = "protvirt",
 };
 
 DEFINE_STRING_TABLE_LOOKUP(confidential_virtualization, ConfidentialVirtualization);
diff --git a/src/basic/confidential-virt.h b/src/basic/confidential-virt.h
@@ -13,6 +13,7 @@ typedef enum ConfidentialVirtualization {
         CONFIDENTIAL_VIRTUALIZATION_SEV_ES,
         CONFIDENTIAL_VIRTUALIZATION_SEV_SNP,
         CONFIDENTIAL_VIRTUALIZATION_TDX,
+        CONFIDENTIAL_VIRTUALIZATION_PROTVIRT,
 
         _CONFIDENTIAL_VIRTUALIZATION_MAX,
         _CONFIDENTIAL_VIRTUALIZATION_INVALID = -EINVAL,
