confidential-virt: add detection for aarch64 CCA

author Jeremy Linton <jeremy.linton@arm.com>

Fri, 10 Jan 2025 03:24:07 +0000 (21:24 -0600)

committer Yu Watanabe <watanabe.yu+github@gmail.com>

Wed, 15 Jan 2025 04:51:12 +0000 (13:51 +0900)
author Jeremy Linton <jeremy.linton@arm.com>
Fri, 10 Jan 2025 03:24:07 +0000 (21:24 -0600)
committer Yu Watanabe <watanabe.yu+github@gmail.com>
Wed, 15 Jan 2025 04:51:12 +0000 (13:51 +0900)
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml

index a4fcdfbc9d57e40be47e1dd5d90f0ab0e02dc90b..e89f72bc22908393ef639fa066e8b5d67ee8b0fd 100644 (file)
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -258,6 +258,11 @@
              <entry><varname>protvirt</varname></entry>
              <entry>IBM Protected Virtualization (Secure Execution)</entry>
            </row>
+          <row>
+            <entry>arm64</entry>
+            <entry><varname>cca</varname></entry>
+            <entry>Arm Confidential Compute Architecture</entry>
+          </row>
          </tbody>
        </tgroup>
      </table>
diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c

index 986a57e046230a1b1fc2f2a8626354434ea691c8..796ae6143c9119d8918b03df55214fb97758dfe5 100644 (file)
--- a/src/basic/confidential-virt.c
+++ b/src/basic/confidential-virt.c
@@ -10,6 +10,7 @@
  
  #include "confidential-virt-fundamental.h"
  #include "confidential-virt.h"
+#include "errno-util.h"
  #include "fd-util.h"
  #include "fileio.h"
  #include "missing_threads.h"
@@ -226,7 +227,18 @@ static ConfidentialVirtualization detect_confidential_virtualization_impl(void)
  
          return CONFIDENTIAL_VIRTUALIZATION_NONE;
  }
+#elif defined(__aarch64__)
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
+        int r;
  
+        r = RET_NERRNO(access("/sys/devices/platform/arm-cca-dev", F_OK));
+        if (r < 0) {
+                log_debug_errno(r, "Unable to check /sys/devices/platform/arm-cca-dev: %m");
+                return CONFIDENTIAL_VIRTUALIZATION_NONE;
+        }
+
+        return CONFIDENTIAL_VIRTUALIZATION_CCA;
+}
  #else /* ! x86_64 */
  static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
          log_debug("No confidential virtualization detection on this architecture");
@@ -250,6 +262,7 @@ static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUAL
          [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP]  = "sev-snp",
          [CONFIDENTIAL_VIRTUALIZATION_TDX]      = "tdx",
          [CONFIDENTIAL_VIRTUALIZATION_PROTVIRT] = "protvirt",
+        [CONFIDENTIAL_VIRTUALIZATION_CCA]      = "cca",
  };
  
  DEFINE_STRING_TABLE_LOOKUP(confidential_virtualization, ConfidentialVirtualization);
diff --git a/src/basic/confidential-virt.h b/src/basic/confidential-virt.h

index 07379bca7c9356379e8f228f10a17b781913f5ed..097bbf7cfe28fa574c7c6c16e119064e94682dc3 100644 (file)
--- a/src/basic/confidential-virt.h
+++ b/src/basic/confidential-virt.h
@@ -14,6 +14,7 @@ typedef enum ConfidentialVirtualization {
          CONFIDENTIAL_VIRTUALIZATION_SEV_SNP,
          CONFIDENTIAL_VIRTUALIZATION_TDX,
          CONFIDENTIAL_VIRTUALIZATION_PROTVIRT,
+        CONFIDENTIAL_VIRTUALIZATION_CCA,
  
          _CONFIDENTIAL_VIRTUALIZATION_MAX,
          _CONFIDENTIAL_VIRTUALIZATION_INVALID = -EINVAL,
author	Jeremy Linton <jeremy.linton@arm.com>
	Fri, 10 Jan 2025 03:24:07 +0000 (21:24 -0600)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Wed, 15 Jan 2025 04:51:12 +0000 (13:51 +0900)
man/systemd-detect-virt.xml		patch \| blob \| blame \| history
src/basic/confidential-virt.c		patch \| blob \| blame \| history
src/basic/confidential-virt.h		patch \| blob \| blame \| history