From 067e2b1e33b34b6bd0a55246f8f3db36dce3b3f2 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Fri, 30 Sep 2022 14:12:38 -0700 Subject: [PATCH] runtime: clh: Use the new API to boot with TDX firmware (td-shim) The new way to boot from TDX firmware (e.g. td-shim) is using the combination of '--platform tdx=on' with '--firmware tdshim'. Fixes: #5309 Signed-off-by: Bo Chen --- src/runtime/virtcontainers/clh.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/runtime/virtcontainers/clh.go b/src/runtime/virtcontainers/clh.go index 7595eaaad..9d40c882c 100644 --- a/src/runtime/virtcontainers/clh.go +++ b/src/runtime/virtcontainers/clh.go @@ -417,7 +417,13 @@ func (clh *cloudHypervisor) enableProtection() error { return errors.New("Firmware path is not specified") } - clh.vmconfig.Tdx = chclient.NewTdxConfig(firmwarePath) + clh.vmconfig.Payload.SetFirmware(firmwarePath) + + if clh.vmconfig.Platform == nil { + clh.vmconfig.Platform = chclient.NewPlatformConfig() + } + clh.vmconfig.Platform.SetTdx(true) + return nil case sevProtection: