On Wed, Apr 03, 2024 at 12:11:36PM +0100, Roy Hopkins wrote:
> An IGVM file contains configuration of a guest that supports
> confidential computing hardware. As part of the PC system
> initialisation, the IGVM needs to be processed to apply this
> configuration before the guest is started.
>
> This patch introduces processing of a provided IGVM file at the end of
> the current PC initialization steps. If an IGVM file has been provided
> then the directives in the file are processed completing the
> initialization of the target.
>
> If no IGVM file has been specified by the user then no there is no
> intended consequences in these changes.
>
> Signed-off-by: Roy Hopkins <roy.hopk...@suse.com>
> ---
> backends/confidential-guest-support.c | 18 ++++++++++++++++++
> hw/i386/pc_piix.c | 4 ++++
> hw/i386/pc_q35.c | 4 ++++
> include/exec/confidential-guest-support.h | 17 +++++++++++++++++
> 4 files changed, 43 insertions(+)
>
> diff --git a/backends/confidential-guest-support.c
> b/backends/confidential-guest-support.c
> index adfe447334..79c0f3fc56 100644
> --- a/backends/confidential-guest-support.c
> +++ b/backends/confidential-guest-support.c
> @@ -88,3 +88,21 @@ static void confidential_guest_support_init(Object *obj)
> static void confidential_guest_support_finalize(Object *obj)
> {
> }
> +
> +bool cgs_is_igvm(ConfidentialGuestSupport *cgs)
> +{
> +#if defined(CONFIG_IGVM)
> + return cgs && cgs->igvm;
> +#else
> + return false;
> +#endif
> +}
> +
> +void cgs_process_igvm(ConfidentialGuestSupport *cgs)
> +{
> +#if defined(CONFIG_IGVM)
> + if (cgs && cgs_is_igvm(cgs)) {
Either remove the 'cgs &&' check which cgs_is_igvm already
does, or fully inline 'cgs_is_igvm'.
> + igvm_process(cgs, &error_fatal);
> + }
> +#endif
> +}
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
