Check if SEV/SME is enabled, by looking at cpu flags, kernel config, and kernel cmdline. We can check MSR by looking at /dev/cpu/0/msr, but using kernel config and cmdline is sufficient. Signed-off-by: Kairui Song <kasong(a)redhat.com&gt; --- kdump-lib.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/kdump-lib.sh b/kdump-lib.sh index 2e2775c9..55388807 100755 --- a/kdump-lib.sh +++ b/kdump-lib.sh @@ -780,6 +780,48 @@ prepare_cmdline() echo "$cmdline" } +get_kdump_kernel_config() +{ + local _config_opt="$1" + local _config_file + + # Make sure KDUMP_KERNELVER is set before calling this function + local _config_file="/boot/config-${KDUMP_KERNELVER:?}" + [[ ! -s $_config_file ]] && _config_file="/lib/modules/${KDUMP_KERNELVER:?}/config" + [[ -s $_config_file ]] || return + + sed -ne "s/^$_config_opt=//p" "$_config_file" +} + + +# Check if memory encription is enabled +# returns 1 if disabled +# returns 0 if enabled +check_memory_encrypt_enabled() +{ + local _cpu_flags _kernel_config _kernel_cmdline + local _cpu_enabled _runtime_enabled + + _cpu_flags=$(sed -ne "s/^flags\s*:\s*//p" /proc/cpuinfo) + [[ " $_cpu_flags " == *" sme "* ]] && _cpu_enabled=1 + [[ " $_cpu_flags " == *" sev "* ]] && _cpu_enabled=1 + [[ " $_cpu_flags " == *" seves "* ]] && _cpu_enabled=1 + + [[ $_cpu_enabled ]] || return 1 + + if _kernel_config=$(get_kdump_kernel_config CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT); then + [[ "$_kernel_config" == "y" ]] && _runtime_enabled=1 + fi + + _kernel_cmdline=$(sed -ne "s/^.*\<mem_encrypt=\(\S\+\).*/\1/p" /proc/cmdline) + [[ $_kernel_cmdline == "on" ]] && _runtime_enabled=1 + [[ $_kernel_cmdline == "off" ]] && _runtime_enabled=0 + + [[ $_runtime_enabled == 0 ]] && return 1 + + return 0 +} + #get system memory size in the unit of GB get_system_size() { -- 2.31.1