From 4ff69cacdffe20e3fa511020c6aa33102028d7b4 Mon Sep 17 00:00:00 2001
From: Keir Fraser <keirf@google.com>
Date: Wed, 12 Jun 2024 12:18:48 +0000
Subject: [PATCH] Enable pkvm based on the relevant sysprop rather than
 /dev/kvm

1. This is simpler, as it can be triggered by logic in the init.rc
2. The old method of probing /dev/kvm fails if non-protected kvm
   is enabled: the device will exist, but pkvm is not enable

Bug: 346525496
Test: observe that pkvm is enabled after double reboot
Change-Id: I2f557ed56f13458a288ede34e672692b511b6bc9
---
 pkvm/pkvm_enabler.c        | 18 +-----------------
 pkvm/pkvm_enabler.gs101.rc |  7 ++++++-
 2 files changed, 7 insertions(+), 18 deletions(-)

diff --git a/pkvm/pkvm_enabler.c b/pkvm/pkvm_enabler.c
index cb14ba6f..b927318c 100644
--- a/pkvm/pkvm_enabler.c
+++ b/pkvm/pkvm_enabler.c
@@ -24,7 +24,6 @@
 
 #include <log/log.h>
 
-#define KVM_DEVICE  "/dev/kvm"
 #define MISC_WRITER "/vendor/bin/misc_writer"
 
 int main() {
@@ -33,22 +32,7 @@ int main() {
     pid_t pid;
     int ret, wstatus;
 
-    /* Check whether KVM device exists. */
-    ret = access(KVM_DEVICE, F_OK);
-
-    /* If KVM device exists, return SUCCESS to continue booting. */
-    if (ret == 0) {
-        exit(EXIT_SUCCESS);
-    }
-
-    if (ret != -ENOENT) {
-        ALOGW("Unexpected error from access(): %d", ret);
-    }
-
-    /*
-     * If KVM device does not exist, run misc_writer and return FAILURE
-     * to force a reboot.
-     */
+    /* Run misc_writer and return FAILURE to force a reboot. */
     pid = fork();
     if (pid == -1) {
         ALOGE("Could not fork: %d", errno);
diff --git a/pkvm/pkvm_enabler.gs101.rc b/pkvm/pkvm_enabler.gs101.rc
index 6695d3a3..4e64d4ba 100644
--- a/pkvm/pkvm_enabler.gs101.rc
+++ b/pkvm/pkvm_enabler.gs101.rc
@@ -2,5 +2,10 @@ service pkvm_enabler /vendor/bin/pkvm_enabler
     reboot_on_failure reboot,pkvm-not-enabled
     user root
 
-on early-init
+# Old bootloaders do not set the protected_vm sysprop when pkvm is disabled
+on early-init && property:ro.boot.hypervisor.protected_vm.supported=
+    exec_start pkvm_enabler
+
+# New bootloaders set the protected_vm sysprop to 0 when pkvm is disabled
+on early-init && property:ro.boot.hypervisor.protected_vm.supported=0
     exec_start pkvm_enabler