qemu: Check if INTEL Trust Domain Extention support is enabled

Implement TDX check in order to generate domain feature capability
correctly in case the availability of the feature changed.

For INTEL TDX the verification is:
 - checking if "/sys/module/kvm_intel/parameters/tdx" contains the
   value 'Y': meaning TDX is enabled in the host kernel.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index b02f8e7a01b5f0a6592f94e1623dfa9c6d566a5e..732c89fe294e80a415a84bc57a4b5eaaecdc4725 100644 (file)
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -5322,6 +5322,24 @@ virQEMUCapsKVMSupportsSecureGuestAMD(void)
 }
 
 
+/*
+ * Check whether INTEL Trust Domain Extention (x86) is enabled
+ */
+static bool
+virQEMUCapsKVMSupportsSecureGuestTDX(void)
+{
+    g_autofree char *modValue = NULL;
+
+    if (virFileReadValueString(&modValue, "/sys/module/kvm_intel/parameters/tdx") < 0)
+        return false;
+
+    if (modValue[0] != 'Y')
+        return false;
+
+    return true;
+}
+
+
 /*
  * Check whether the secure guest functionality is enabled.
  * See the specific architecture function for details on the verifications made.
@@ -5335,7 +5353,8 @@ virQEMUCapsKVMSupportsSecureGuest(void)
         return virQEMUCapsKVMSupportsSecureGuestS390();
 
     if (ARCH_IS_X86(arch))
-        return virQEMUCapsKVMSupportsSecureGuestAMD();
+        return virQEMUCapsKVMSupportsSecureGuestAMD() ||
+               virQEMUCapsKVMSupportsSecureGuestTDX();
 
     return false;
 }