security technology is enabled on the system. Currently, the recognized values are
<literal>selinux</literal>, <literal>apparmor</literal>, <literal>tomoyo</literal>,
<literal>ima</literal>, <literal>smack</literal>, <literal>audit</literal>,
- <literal>uefi-secureboot</literal> and <literal>tpm2</literal>. The test may be negated by prepending
- an exclamation mark.</para>
+ <literal>uefi-secureboot</literal>, <literal>tpm2</literal> and <literal>cvm</literal>.
+ The test may be negated by prepending an exclamation mark.</para>
</listitem>
</varlistentry>
#include "cgroup-util.h"
#include "compare-operator.h"
#include "condition.h"
+#include "confidential-virt.h"
#include "cpu-set-util.h"
#include "creds-util.h"
#include "efi-api.h"
return is_efi_secure_boot();
if (streq(c->parameter, "tpm2"))
return has_tpm2();
+ if (streq(c->parameter, "cvm"))
+ return detect_confidential_virtualization() > 0;
return false;
}
#include "battery-util.h"
#include "cgroup-util.h"
#include "condition.h"
+#include "confidential-virt.h"
#include "cpu-set-util.h"
#include "efi-loader.h"
#include "env-util.h"
assert_se(condition);
assert_se(condition_test(condition, environ) == is_efi_secure_boot());
condition_free(condition);
+
+ condition = condition_new(CONDITION_SECURITY, "cvm", false, false);
+ assert_se(condition);
+ assert_se(condition_test(condition, environ) ==
+ (detect_confidential_virtualization() != CONFIDENTIAL_VIRTUALIZATION_NONE));
+ condition_free(condition);
}
TEST(print_securities) {
log_info("SMACK: %s", yes_no(mac_smack_use()));
log_info("Audit: %s", yes_no(use_audit()));
log_info("UEFI secure boot: %s", yes_no(is_efi_secure_boot()));
+ log_info("Confidential VM: %s", yes_no
+ (detect_confidential_virtualization() != CONFIDENTIAL_VIRTUALIZATION_NONE));
log_info("-------------------------------------------");
}
projects / thirdparty / systemd.git / commitdiff
