underhill_confidentiality/
getters.rsuse std::sync::OnceLock;
static CONFIDENTIAL: OnceLock<bool> = OnceLock::new();
static CONFIDENTIAL_DEBUG: OnceLock<bool> = OnceLock::new();
fn get_bool_env_var(name: &str) -> bool {
std::env::var_os(name).is_some_and(|v| !v.is_empty() && v != "0")
}
pub fn is_confidential_vm() -> bool {
*CONFIDENTIAL.get_or_init(|| {
get_bool_env_var(crate::OPENHCL_CONFIDENTIAL_ENV_VAR_NAME)
|| get_bool_env_var(crate::LEGACY_CONFIDENTIAL_ENV_VAR_NAME)
})
}
pub fn confidential_debug_enabled() -> bool {
*CONFIDENTIAL_DEBUG.get_or_init(|| {
get_bool_env_var(crate::OPENHCL_CONFIDENTIAL_DEBUG_ENV_VAR_NAME)
|| get_bool_env_var(crate::LEGACY_CONFIDENTIAL_DEBUG_ENV_VAR_NAME)
})
}
pub fn confidential_filtering_enabled() -> bool {
is_confidential_vm() && !confidential_debug_enabled()
}