virtcontainers: Move guest protection definitions to hypervisor.go

They're not QEMU specific, other VMMs may implement support for it. Signed-off-by: Samuel Ortiz <s.ortiz@apple.com>
2025-06-24 22:43:05 +00:00 · 2021-11-24 19:10:53 +01:00 · 2021-11-24 19:10:53 +01:00 · 10ae05914c
commit 10ae05914c
parent b28d0274ff
4 changed files with 59 additions and 57 deletions
--- a/src/runtime/virtcontainers/hypervisor.go
+++ b/src/runtime/virtcontainers/hypervisor.go
@ -908,6 +908,57 @@ func generateVMSocket(id string, vmStogarePath string) (interface{}, error) {
 	}, nil
 }

+// Kind of guest protection
+type guestProtection uint8
+
+const (
+	noneProtection guestProtection = iota
+
+	//Intel Trust Domain Extensions
+	//https://software.intel.com/content/www/us/en/develop/articles/intel-trust-domain-extensions.html
+	// Exclude from lint checking for it won't be used on arm64 code
+	tdxProtection
+
+	// AMD Secure Encrypted Virtualization
+	// https://developer.amd.com/sev/
+	// Exclude from lint checking for it won't be used on arm64 code
+	sevProtection
+
+	// IBM POWER 9 Protected Execution Facility
+	// https://www.kernel.org/doc/html/latest/powerpc/ultravisor.html
+	// Exclude from lint checking for it won't be used on arm64 code
+	pefProtection
+
+	// IBM Secure Execution (IBM Z & LinuxONE)
+	// https://www.kernel.org/doc/html/latest/virt/kvm/s390-pv.html
+	// Exclude from lint checking for it won't be used on arm64 code
+	seProtection
+)
+
+var guestProtectionStr = [...]string{
+	noneProtection: "none",
+	pefProtection:  "pef",
+	seProtection:   "se",
+	sevProtection:  "sev",
+	tdxProtection:  "tdx",
+}
+
+func (gp guestProtection) String() string {
+	return guestProtectionStr[gp]
+}
+
+func genericAvailableGuestProtections() (protections []string) {
+	return
+}
+
+func AvailableGuestProtections() (protections []string) {
+	gp, err := availableGuestProtection()
+	if err != nil || gp == noneProtection {
+		return genericAvailableGuestProtections()
+	}
+	return []string{gp.String()}
+}
+
 // hypervisor is the virtcontainers hypervisor interface.
 // The default hypervisor implementation is Qemu.
 type Hypervisor interface {
--- a/src/runtime/virtcontainers/hypervisor_amd64.go
+++ b/src/runtime/virtcontainers/hypervisor_amd64.go
@ -7,6 +7,14 @@ package virtcontainers

 import "os"

+const (
+	tdxSysFirmwareDir = "/sys/firmware/tdx_seam/"
+
+	tdxCPUFlag = "tdx"
+
+	sevKvmParameterPath = "/sys/module/kvm_amd/parameters/sev"
+)
+
 // Implementation of this function is architecture specific
 func availableGuestProtection() (guestProtection, error) {
 	flags, err := CPUFlags(procCPUInfo)
--- a/src/runtime/virtcontainers/qemu_amd64.go
+++ b/src/runtime/virtcontainers/qemu_amd64.go
@ -36,12 +36,6 @@ const (
 	defaultQemuMachineOptions = "accel=kvm,kernel_irqchip=on"

 	qmpMigrationWaitTimeout = 5 * time.Second
-
-	tdxSysFirmwareDir = "/sys/firmware/tdx_seam/"
-
-	tdxCPUFlag = "tdx"
-
-	sevKvmParameterPath = "/sys/module/kvm_amd/parameters/sev"
 )

 var qemuPaths = map[string]string{
--- a/src/runtime/virtcontainers/qemu_arch_base.go
+++ b/src/runtime/virtcontainers/qemu_arch_base.go
@ -150,57 +150,6 @@ type qemuArch interface {
 	appendProtectionDevice(devices []govmmQemu.Device, firmware, firmwareVolume string) ([]govmmQemu.Device, string, error)
 }

-// Kind of guest protection
-type guestProtection uint8
-
-const (
-	noneProtection guestProtection = iota
-
-	//Intel Trust Domain Extensions
-	//https://software.intel.com/content/www/us/en/develop/articles/intel-trust-domain-extensions.html
-	// Exclude from lint checking for it won't be used on arm64 code
-	tdxProtection
-
-	// AMD Secure Encrypted Virtualization
-	// https://developer.amd.com/sev/
-	// Exclude from lint checking for it won't be used on arm64 code
-	sevProtection
-
-	// IBM POWER 9 Protected Execution Facility
-	// https://www.kernel.org/doc/html/latest/powerpc/ultravisor.html
-	// Exclude from lint checking for it won't be used on arm64 code
-	pefProtection
-
-	// IBM Secure Execution (IBM Z & LinuxONE)
-	// https://www.kernel.org/doc/html/latest/virt/kvm/s390-pv.html
-	// Exclude from lint checking for it won't be used on arm64 code
-	seProtection
-)
-
-var guestProtectionStr = [...]string{
-	noneProtection: "none",
-	pefProtection:  "pef",
-	seProtection:   "se",
-	sevProtection:  "sev",
-	tdxProtection:  "tdx",
-}
-
-func (gp guestProtection) String() string {
-	return guestProtectionStr[gp]
-}
-
-func genericAvailableGuestProtections() (protections []string) {
-	return
-}
-
-func AvailableGuestProtections() (protections []string) {
-	gp, err := availableGuestProtection()
-	if err != nil || gp == noneProtection {
-		return genericAvailableGuestProtections()
-	}
-	return []string{gp.String()}
-}
-
 type qemuArchBase struct {
 	qemuExePath          string
 	qemuMachine          govmmQemu.Machine