In preparation for qemu being able to set SEV features through the cli, add a check to ensure that SEV features are not also set if using IGVM files.
Reviewed-by: Tom Lendacky <[email protected]> Signed-off-by: Naveen N Rao (AMD) <[email protected]> --- target/i386/sev.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 22c350fe14b7..641a295c42b7 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1908,6 +1908,16 @@ static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) * as SEV_STATE_UNINIT. */ if (x86machine->igvm) { + /* + * Test only the user-set SEV features by masking out + * SVM_SEV_FEAT_SNP_ACTIVE which is set by default. + */ + if (sev_common->sev_features & ~SVM_SEV_FEAT_SNP_ACTIVE) { + error_setg(errp, + "%s: SEV features can't be specified when using IGVM files", + __func__); + return -1; + } if (IGVM_CFG_GET_CLASS(x86machine->igvm) ->process(x86machine->igvm, machine, true, errp) == -1) { return -1; -- 2.54.0
