From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Tue, 26 Jan 2021 17:36:49 +0000 (-0600)
Subject: sev/i386: Enable an SEV-ES guest based on SEV policy
X-Git-Tag: v6.0.0-rc0~82^2~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=027b524d6a427d7c89f4e8af44c49d96796adab5;p=thirdparty%2Fqemu.git

sev/i386: Enable an SEV-ES guest based on SEV policy

Update the sev_es_enabled() function return value to be based on the SEV
policy that has been specified. SEV-ES is enabled if SEV is enabled and
the SEV-ES policy bit is set in the policy object.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Venu Busireddy <venu.busireddy@oracle.com>
Message-Id: <c69f81c6029f31fc4c52a9f35f1bd704362476a5.1611682609.git.thomas.lendacky@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 4b70d4284f7..0f414df02f3 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -356,7 +356,7 @@ sev_enabled(void)
 bool
 sev_es_enabled(void)
 {
-    return false;
+    return sev_enabled() && (sev_guest->policy & SEV_POLICY_ES);
 }
 
 uint64_t