runtime: check kvm module sev correctly

Runtime now accepts both `1` and `Y` as valid values for kvm_amd module parameter kvm_amd.sev. Fixes #3273 Signed-off-by: Pierre Kohler <pierre.kohler@cysec.systems>
2025-04-29 04:04:45 +00:00 · 2021-12-07 11:52:53 +01:00 · 2021-12-07 11:52:53 +01:00 · 5ef522f7c3
commit 5ef522f7c3
parent 88a70d32ba
1 changed files with 2 additions and 2 deletions
--- a/src/runtime/virtcontainers/hypervisor_amd64.go
+++ b/src/runtime/virtcontainers/hypervisor_amd64.go
@ -18,9 +18,9 @@ func availableGuestProtection() (guestProtection, error) {
 	if d, err := os.Stat(tdxSysFirmwareDir); (err == nil && d.IsDir()) || flags[tdxCPUFlag] {
 		return tdxProtection, nil
 	}
-	// SEV is supported and enabled when the kvm module `sev` parameter is set to `1`
+	// SEV is supported and enabled when the kvm module `sev` parameter is set to `1` (or `Y` for linux >= 5.12)
 	if _, err := os.Stat(sevKvmParameterPath); err == nil {
-		if c, err := os.ReadFile(sevKvmParameterPath); err == nil && len(c) > 0 && c[0] == '1' {
+		if c, err := os.ReadFile(sevKvmParameterPath); err == nil && len(c) > 0 && (c[0] == '1' || c[0] == 'Y') {
 			return sevProtection, nil
 		}
 	}