Check if SEV/SME is enabled, by looking at cpu flags, kernel config, and
kernel cmdline.
We can check MSR by looking at /dev/cpu/0/msr, but using kernel config
and cmdline is sufficient.
Signed-off-by: Kairui Song <kasong(a)redhat.com>
---
kdump-lib.sh | 42 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/kdump-lib.sh b/kdump-lib.sh
index 2e2775c9..55388807 100755
--- a/kdump-lib.sh
+++ b/kdump-lib.sh
@@ -780,6 +780,48 @@ prepare_cmdline()
echo "$cmdline"
}
+get_kdump_kernel_config()
+{
+ local _config_opt="$1"
+ local _config_file
+
+ # Make sure KDUMP_KERNELVER is set before calling this function
+ local _config_file="/boot/config-${KDUMP_KERNELVER:?}"
+ [[ ! -s $_config_file ]] &&
_config_file="/lib/modules/${KDUMP_KERNELVER:?}/config"
+ [[ -s $_config_file ]] || return
+
+ sed -ne "s/^$_config_opt=//p" "$_config_file"
+}
+
+
+# Check if memory encription is enabled
+# returns 1 if disabled
+# returns 0 if enabled
+check_memory_encrypt_enabled()
+{
+ local _cpu_flags _kernel_config _kernel_cmdline
+ local _cpu_enabled _runtime_enabled
+
+ _cpu_flags=$(sed -ne "s/^flags\s*:\s*//p" /proc/cpuinfo)
+ [[ " $_cpu_flags " == *" sme "* ]] && _cpu_enabled=1
+ [[ " $_cpu_flags " == *" sev "* ]] && _cpu_enabled=1
+ [[ " $_cpu_flags " == *" seves "* ]] && _cpu_enabled=1
+
+ [[ $_cpu_enabled ]] || return 1
+
+ if _kernel_config=$(get_kdump_kernel_config CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT);
then
+ [[ "$_kernel_config" == "y" ]] && _runtime_enabled=1
+ fi
+
+ _kernel_cmdline=$(sed -ne "s/^.*\<mem_encrypt=\(\S\+\).*/\1/p"
/proc/cmdline)
+ [[ $_kernel_cmdline == "on" ]] && _runtime_enabled=1
+ [[ $_kernel_cmdline == "off" ]] && _runtime_enabled=0
+
+ [[ $_runtime_enabled == 0 ]] && return 1
+
+ return 0
+}
+
#get system memory size in the unit of GB
get_system_size()
{
--
2.31.1
Show replies by thread