Re: [PATCH] tools: Fix virt-host-validate SEV detection

[Andrea Bolognani]

On Tue, Oct 05, 2021 at 10:41:47PM -0600, Jim Fehlig wrote:
> virt-host-validate checks if AMD SEV is enabled by verifying
> /sys/module/kvm_amd/parameters/sev is set to '1'. On a system
> running kernel 5.13, the parameter is reported as 'Y'. To be
> extra paranoid, add a check for 'y' along with 'Y' to complement
> the existing check for '1'.
>
> Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1188715
>
> Signed-off-by: Jim Fehlig 
> ---
>  tools/virt-host-validate-common.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Andrea Bolognani 

-- 
Andrea Bolognani / Red Hat / Virtualization

[PATCH] tools: Fix virt-host-validate SEV detection

[Jim Fehlig]

virt-host-validate checks if AMD SEV is enabled by verifying
/sys/module/kvm_amd/parameters/sev is set to '1'. On a system
running kernel 5.13, the parameter is reported as 'Y'. To be
extra paranoid, add a check for 'y' along with 'Y' to complement
the existing check for '1'.

Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1188715

Signed-off-by: Jim Fehlig 
---
 tools/virt-host-validate-common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/virt-host-validate-common.c 
b/tools/virt-host-validate-common.c
index 556223242d..ba7f54b4ce 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -501,7 +501,7 @@ int virHostValidateSecureGuests(const char *hvname,
 return VIR_HOST_VALIDATE_FAILURE(level);
 }
 
-if (mod_value[0] != '1') {
+if (mod_value[0] != '1' && mod_value[0] != 'Y' && mod_value[0] != 'y') 
{
 virHostMsgFail(level,
"AMD Secure Encrypted Virtualization appears to be "
"disabled in kernel. Add kvm_amd.sev=1 "
-- 
2.33.0