From 2603ee66b8ab49f034c8727f9320b2d7fbcd5c2c Mon Sep 17 00:00:00 2001 From: "alex.lyn" Date: Fri, 13 Jun 2025 16:21:46 +0800 Subject: [PATCH] kata-types: Introduce initdata to SecurityInfo for data injection This commit introduces a new `initdata` field of type String to hypervisor `SecurityInfo`. In accordance with the Initdata Specification, this field will facilitate the injection of well-defined data from an untrusted host into the TEE. To ensure the integrity of this injected data, the TEE evidence's hostdata capability or the (v)TPM dynamic measurement capability will be leveraged, as outlined in the specification. Signed-off-by: alex.lyn --- src/libs/kata-types/src/config/hypervisor/mod.rs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/libs/kata-types/src/config/hypervisor/mod.rs b/src/libs/kata-types/src/config/hypervisor/mod.rs index 187228c208..8d5115323c 100644 --- a/src/libs/kata-types/src/config/hypervisor/mod.rs +++ b/src/libs/kata-types/src/config/hypervisor/mod.rs @@ -885,6 +885,12 @@ pub struct SecurityInfo { #[serde(default)] pub guest_hook_path: String, + /// Initdata is dynamic configuration (like policies, configs, and identity files) with encoded format that users inject + /// into the TEE Guest upon CVM launch. And it's implemented based on the `InitData Specification`: + /// https://github.com/confidential-containers/trustee/blob/61c1dc60ee1f926c2eb95d69666c2430c3fea808/kbs/docs/initdata.md + #[serde(default)] + pub initdata: String, + /// List of valid annotation names for the hypervisor. /// /// Each member of the list is a regular expression, which is the base name of the annotation,