From: Daniel P. Berrangé <berrange@redhat.com>

For AMD, the virt-host-validate 'secure guest' check reports
support for SEV, and there are then further check results
printed for SEV-ES/SEV-SNP which are overly verbose and the
long lines break output alignment.

This uses the new ability to report details with PASS results
to concisely tell the user which out of SEV/SEV-ES/SEV-SNP
are found. Only a single answer is neede, as SEV-SNP implies
SEV & SEV-ES, and SEV-ES implies SEV.

The TDX s390x PROT-VIRT checks also identify themselves.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 tools/virt-host-validate-common.c | 36 ++++++++-----------------------
 1 file changed, 9 insertions(+), 27 deletions(-)

diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index 6516d96484..344f9656e5 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -378,8 +378,7 @@ bool virHostKernelModuleIsLoaded(const char *module)
 
 
 static int
-virHostValidateAMDSev(const char *hvname,
-                      virValidateLevel level)
+virHostValidateAMDSev(virValidateLevel level)
 {
     g_autofree char *mod_value = NULL;
     uint32_t eax, ebx;
@@ -405,31 +404,14 @@ virHostValidateAMDSev(const char *hvname,
         return VIR_VALIDATE_FAILURE(level);
     }
 
-    virValidatePass();
-
-    virValidateCheck(hvname, "%s",
-                     _("Checking for AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES)"));
-
     virHostCPUX86GetCPUID(0x8000001F, 0, &eax, &ebx, NULL, NULL);
 
-    if (eax & (1U << 3)) {
-        virValidatePass();
-    } else {
-        virValidateFail(level,
-                        "AMD SEV-ES is not supported");
-        return VIR_VALIDATE_FAILURE(level);
-    }
-
-    virValidateCheck(hvname, "%s",
-                     _("Checking for AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP)"));
-
-    if (eax & (1U << 4)) {
-        virValidatePass();
-    } else {
-        virValidateFail(level,
-                        "AMD SEV-SNP is not supported");
-        return VIR_VALIDATE_FAILURE(level);
-    }
+    if (eax & (1U << 4))
+        virValidatePassDetails("SEV-SNP");
+    else if (eax & (1U << 3))
+        virValidatePassDetails("SEV-ES");
+    else
+        virValidatePassDetails("SEV");
 
     return 1;
 }
@@ -453,7 +435,7 @@ static int virHostValidateIntelTDX(virValidateLevel level)
         return VIR_VALIDATE_FAILURE(level);
     }
 
-    virValidatePass();
+    virValidatePassDetails("TDX");
     return 1;
 }
 
@@ -496,7 +478,7 @@ int virHostValidateSecureGuests(const char *hvname,
                                            G_N_ELEMENTS(kIBMValues),
                                            VIR_KERNEL_CMDLINE_FLAGS_SEARCH_FIRST |
                                            VIR_KERNEL_CMDLINE_FLAGS_CMP_PREFIX)) {
-                virValidatePass();
+                virValidatePassDetails("PROT-VIRT");
                 return 1;
             } else {
                 virValidateFail(level,
-- 
2.51.1

On Thu, Nov 20, 2025 at 10:14:49 +0000, Daniel P. Berrangé via Devel wrote:
> From: Daniel P. Berrangé <berrange@redhat.com>
> 
> For AMD, the virt-host-validate 'secure guest' check reports
> support for SEV, and there are then further check results
> printed for SEV-ES/SEV-SNP which are overly verbose and the
> long lines break output alignment.
> 
> This uses the new ability to report details with PASS results
> to concisely tell the user which out of SEV/SEV-ES/SEV-SNP
> are found. Only a single answer is neede, as SEV-SNP implies
> SEV & SEV-ES, and SEV-ES implies SEV.
> 
> The TDX s390x PROT-VIRT checks also identify themselves.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  tools/virt-host-validate-common.c | 36 ++++++++-----------------------
>  1 file changed, 9 insertions(+), 27 deletions(-)

Reviewed-by: Peter Krempa <pkrempa@redhat.com>