From: Daniel P. Berrangé <berrange@redhat.com>

If we fail to find either SEV or TDX on x86, we can explicitly
say there is no secure guest support on the platform.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 tools/virt-host-validate-common.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index 344f9656e5..6bca661ffc 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -492,13 +492,17 @@ int virHostValidateSecureGuests(const char *hvname,
                             "support for IBM Secure Execution");
             return VIR_VALIDATE_FAILURE(level);
         }
-    } else if (hasAMDSev) {
-        return virHostValidateAMDSev(hvname, level);
-    } else if (hasIntelTDX) {
-        return virHostValidateIntelTDX(level);
+    } else if (arch == VIR_ARCH_X86_64) {
+        if (hasAMDSev) {
+            return virHostValidateAMDSev(level);
+        } else if (hasIntelTDX) {
+            return virHostValidateIntelTDX(level);
+        } else {
+            virValidateFail(level, "None of SEV, SEV-ES, SEV-SNP, TDX available");
+        }
+    } else {
+        virValidateFail(level,
+                        "Unknown if this platform has Secure Guest support");
     }
-
-    virValidateFail(level,
-                    "Unknown if this platform has Secure Guest support");
     return VIR_VALIDATE_FAILURE(level);
 }
-- 
2.51.1

On Thu, Nov 20, 2025 at 10:14:50 +0000, Daniel P. Berrangé via Devel wrote:
> From: Daniel P. Berrangé <berrange@redhat.com>
> 
> If we fail to find either SEV or TDX on x86, we can explicitly
> say there is no secure guest support on the platform.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  tools/virt-host-validate-common.c | 18 +++++++++++-------
>  1 file changed, 11 insertions(+), 7 deletions(-)

Reviewed-by: Peter Krempa <pkrempa@redhat.com>