From: Jim Fehlig <jfehlig@suse.com>
Date: Wed, 6 Oct 2021 04:34:57 +0000 (-0600)
Subject: tools: Fix virt-host-validate SEV detection
X-Git-Tag: v7.9.0-rc1~246
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f9c1a4bb8416dafdaa89358498233aa6684377c;p=thirdparty%2Flibvirt.git

tools: Fix virt-host-validate SEV detection

virt-host-validate checks if AMD SEV is enabled by verifying
/sys/module/kvm_amd/parameters/sev is set to '1'. On a system
running kernel 5.13, the parameter is reported as 'Y'. To be
extra paranoid, add a check for 'y' along with 'Y' to complement
the existing check for '1'.

Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1188715

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
---

diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index 7a5cda4104..aba1bdf6cf 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -501,7 +501,7 @@ int virHostValidateSecureGuests(const char *hvname,
             return VIR_HOST_VALIDATE_FAILURE(level);
         }
 
-        if (mod_value[0] != '1') {
+        if (mod_value[0] != '1' && mod_value[0] != 'Y' && mod_value[0] != 'y') {
             virHostMsgFail(level,
                            "AMD Secure Encrypted Virtualization appears to be "
                            "disabled in kernel. Add kvm_amd.sev=1 "