Merge pull request #11257 from mythi/coco-guest-hardening

confidential guest kernel hardening changes
2025-09-06 19:30:24 +00:00 · 2025-05-16 08:52:36 +02:00
parent 02ce395a69 ab29c8c979
commit 219d6e8ea6
8 changed files with 20 additions and 12 deletions
--- a/src/runtime/virtcontainers/qemu.go
+++ b/src/runtime/virtcontainers/qemu.go
@@ -806,8 +806,8 @@ func (q *qemu) CreateVM(ctx context.Context, id string, network Network, hypervi
 		qemuConfig.IOThreads = []govmmQemu.IOThread{*ioThread}
 	}
 	// Add RNG device to hypervisor
-	// Skip for s390x as CPACF is used
-	if machine.Type != QemuCCWVirtio {
+	// Skip for s390x (as CPACF is used) or when Confidential Guest is enabled
+	if machine.Type != QemuCCWVirtio && !q.config.ConfidentialGuest {
 		rngDev := config.RNGDev{
 			ID:       rngID,
 			Filename: q.config.EntropySource,