From 5ef522f7c3b1840d5c58a5670e7818bed184f8a6 Mon Sep 17 00:00:00 2001
From: Pierre Kohler <pierre.kohler@cysec.systems>
Date: Tue, 7 Dec 2021 11:52:53 +0100
Subject: [PATCH] runtime: check kvm module `sev` correctly

Runtime now accepts both `1` and `Y` as valid values for
kvm_amd module parameter kvm_amd.sev.

Fixes #3273

Signed-off-by: Pierre Kohler <pierre.kohler@cysec.systems>
---
 src/runtime/virtcontainers/hypervisor_amd64.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/runtime/virtcontainers/hypervisor_amd64.go b/src/runtime/virtcontainers/hypervisor_amd64.go
index e74183d56b..97a30ea01c 100644
--- a/src/runtime/virtcontainers/hypervisor_amd64.go
+++ b/src/runtime/virtcontainers/hypervisor_amd64.go
@@ -18,9 +18,9 @@ func availableGuestProtection() (guestProtection, error) {
 	if d, err := os.Stat(tdxSysFirmwareDir); (err == nil && d.IsDir()) || flags[tdxCPUFlag] {
 		return tdxProtection, nil
 	}
-	// SEV is supported and enabled when the kvm module `sev` parameter is set to `1`
+	// SEV is supported and enabled when the kvm module `sev` parameter is set to `1` (or `Y` for linux >= 5.12)
 	if _, err := os.Stat(sevKvmParameterPath); err == nil {
-		if c, err := os.ReadFile(sevKvmParameterPath); err == nil && len(c) > 0 && c[0] == '1' {
+		if c, err := os.ReadFile(sevKvmParameterPath); err == nil && len(c) > 0 && (c[0] == '1' || c[0] == 'Y') {
 			return sevProtection, nil
 		}
 	}