From fe6e918ddc9eacff4358cff7ba6bc065cbb1f1ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 18 May 2023 12:43:51 +0200 Subject: [PATCH] Revert "virtcontainers: Drop check for the `tdx` CPU flag" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 25b3cdd38c12f03aab115fe6b5681e6d26ea49d8. As the Jenkins TDX CI is running on a system with a TDX stack called "2022ww44", we should keep the QEMU / kernel / OVMF versions matching what's provided in that stack. The reason we were able to update this on `main` is because the GHA TDX CI is running on a TDX stack called "2023ww01", but we have decided to NOT take the bullet, NOT updating the Jenkins CI in order to avoid unexepected breakages. This regression was introduced as part of the last CCv0 merge to main, and would've been caught by the CI, and should've been caught by the reviewer (myself :-)), but CI was having a hard time to even build the compoenents and I wrote in the PR and I'm quoting it here: "I rather deal with possible breakages on this later on, than block this PR to get in." ... and here we are. :-) Fixes: #6884 Signed-off-by: Fabiano FidĂȘncio --- src/runtime/virtcontainers/hypervisor_linux_amd64.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/runtime/virtcontainers/hypervisor_linux_amd64.go b/src/runtime/virtcontainers/hypervisor_linux_amd64.go index 043b36c9f5..304d0446a4 100644 --- a/src/runtime/virtcontainers/hypervisor_linux_amd64.go +++ b/src/runtime/virtcontainers/hypervisor_linux_amd64.go @@ -12,6 +12,8 @@ const ( tdxSysFirmwareDir = "/sys/firmware/tdx/" + tdxCPUFlag = "tdx" + sevKvmParameterPath = "/sys/module/kvm_amd/parameters/sev" snpKvmParameterPath = "/sys/module/kvm_amd/parameters/sev_snp" @@ -19,6 +21,10 @@ const ( // TDX is supported and properly loaded when the firmware directory (either tdx or tdx_seam) exists or `tdx` is part of the CPU flag func checkTdxGuestProtection(flags map[string]bool) bool { + if flags[tdxCPUFlag] { + return true + } + if d, err := os.Stat(tdxSysFirmwareDir); err == nil && d.IsDir() { return true }