udev: add 'conf-virt' constant for confidential virtualization tech

Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/man/udev.xml b/man/udev.xml
index 332c7ac0967a071f23991046f3c3cdb56fc91208..5533c68a0de16935fb8db34eef1ab2628651e9a4 100644 (file)
--- a/man/udev.xml
+++ b/man/udev.xml
@@ -279,6 +279,14 @@
                     for possible values.</para>
                   </listitem>
                 </varlistentry>
+                <varlistentry>
+                  <term><literal>cvm</literal></term>
+                  <listitem>
+                    <para>System's confidential virtualization technology. See
+                    <citerefentry><refentrytitle>systemd-detect-virt</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+                    for possible values.</para>
+                  </listitem>
+                </varlistentry>
               </variablelist>
               <para>Unknown keys will never match.</para>
             </listitem>

diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
index 6c1ac488e98605ef6e04e6675bbb851e9374d84e..265d328cd37df361014aa14b463f9d209ad06086 100644 (file)
--- a/src/udev/udev-rules.c
+++ b/src/udev/udev-rules.c
@@ -6,6 +6,7 @@
 #include "architecture.h"
 #include "conf-files.h"
 #include "conf-parser.h"
+#include "confidential-virt.h"
 #include "constants.h"
 #include "device-private.h"
 #include "device-util.h"
@@ -1920,6 +1921,8 @@ static int udev_rule_apply_token_to_event(
                         val = architecture_to_string(uname_architecture());
                 else if (streq(k, "virt"))
                         val = virtualization_to_string(detect_virtualization());
+                else if (streq(k, "cvm"))
+                        val = confidential_virtualization_to_string(detect_confidential_virtualization());
                 else
                         assert_not_reached();
                 return token_match_string(token, val);