[pve-devel] [PATCH qemu-server v6 1/3] add C program to get AMD SEV hardware parameters from CPUID
Thomas Lamprecht
t.lamprecht at proxmox.com
Mon Apr 22 09:33:01 CEST 2024
Am 19/04/2024 um 12:59 schrieb Markus Frank
> diff --git a/amd-sev-support/amd-sev-support.c b/amd-sev-support/amd-sev-support.c
> new file mode 100644
> index 0000000..73a7bd8
> --- /dev/null
> +++ b/amd-sev-support/amd-sev-support.c
> @@ -0,0 +1,48 @@
> +#include <stdio.h>
> +#include <stdint.h>
> +#include <stdbool.h>
> +
> +int main() {
> + uint32_t eax, ebx, ecx, edx;
> +
> + // query Encrypted Memory Capabilities, see:
> + // https://en.wikipedia.org/wiki/CPUID#EAX=8000001Fh:_Encrypted_Memory_Capabilities
> + uint32_t query_function = 0x8000001F;
> + asm volatile("cpuid"
> + : "=a"(eax), "=b"(ebx), "=c"(ecx), "=d"(edx)
> + : "0"(query_function)
> + );
> +
> + bool sev_support = (eax & (1<<1)) != 0;
> + bool sev_es_support = (eax & (1<<3)) != 0;
> + bool sev_snp_support = (eax & (1<<4)) != 0;
> +
> + uint8_t cbitpos = ebx & 0x3f;
> + uint8_t reduced_phys_bits = (ebx >> 6) & 0x3f;
> +
> + FILE *file;
> + char *filename = "/run/amd-sev-params";
> +
> + file = fopen(filename, "w");
> + if (file == NULL) {
> + perror("Error opening file");
> + return 1;
> + }
> +
> + fprintf(file, "{"
oh, and as per my last mail it might also make sense to move this inside an
"amd-sev" object, so that extending it in the future to get other machine
capabilities can be done without potential clashes.
> + " \"cbitpos\": %u,"
> + " \"reduced-phys-bits\": %u,"
> + " \"sev\": %s,"
> + " \"sev-es\": %s,"
> + " \"sev-snp\": %s"
With above comment the three "sev" prefix options might be better off if changed
to use "sev-support" as prefix instead.
> + " }\n",
> + cbitpos,
> + reduced_phys_bits,
> + sev_support ? "true" : "false",
> + sev_es_support ? "true" : "false",
> + sev_snp_support ? "true" : "false"
> + );
> +
> + fclose(file);
> + return 0;
> +}
More information about the pve-devel
mailing list