mirror of
				https://github.com/kata-containers/kata-containers.git
				synced 2025-10-25 14:23:11 +00:00 
			
		
		
		
	qemu: Add support for Secure Execution
Secure Execution, also known as Protected Virtualization in QEMU, is a confidential computing technology for s390x (IBM Z & LinuxONE). Allow the respective object. Fixes: #172 Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
This commit is contained in:
		| @@ -233,6 +233,9 @@ const ( | |||||||
|  |  | ||||||
| 	// SEVGuest represents an SEV guest object | 	// SEVGuest represents an SEV guest object | ||||||
| 	SEVGuest ObjectType = "sev-guest" | 	SEVGuest ObjectType = "sev-guest" | ||||||
|  |  | ||||||
|  | 	// SecExecGuest represents an s390x Secure Execution (Protected Virtualization in QEMU) object | ||||||
|  | 	SecExecGuest ObjectType = "s390-pv-guest" | ||||||
| ) | ) | ||||||
|  |  | ||||||
| // Object is a qemu object representation. | // Object is a qemu object representation. | ||||||
| @@ -280,6 +283,8 @@ func (object Object) Valid() bool { | |||||||
| 		return object.ID != "" && object.File != "" && object.DeviceID != "" | 		return object.ID != "" && object.File != "" && object.DeviceID != "" | ||||||
| 	case SEVGuest: | 	case SEVGuest: | ||||||
| 		return object.ID != "" && object.File != "" && object.CBitPos != 0 && object.ReducedPhysBits != 0 | 		return object.ID != "" && object.File != "" && object.CBitPos != 0 && object.ReducedPhysBits != 0 | ||||||
|  | 	case SecExecGuest: | ||||||
|  | 		return object.ID != "" | ||||||
| 	default: | 	default: | ||||||
| 		return false | 		return false | ||||||
| 	} | 	} | ||||||
| @@ -319,6 +324,9 @@ func (object Object) QemuParams(config *Config) []string { | |||||||
|  |  | ||||||
| 		driveParams = append(driveParams, "if=pflash,format=raw,readonly=on") | 		driveParams = append(driveParams, "if=pflash,format=raw,readonly=on") | ||||||
| 		driveParams = append(driveParams, fmt.Sprintf(",file=%s", object.File)) | 		driveParams = append(driveParams, fmt.Sprintf(",file=%s", object.File)) | ||||||
|  | 	case SecExecGuest: | ||||||
|  | 		objectParams = append(objectParams, string(object.Type)) | ||||||
|  | 		objectParams = append(objectParams, fmt.Sprintf(",id=%s", object.ID)) | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	if len(deviceParams) > 0 { | 	if len(deviceParams) > 0 { | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user