kata-types: Introduce initdata to SecurityInfo for data injection

This commit introduces a new `initdata` field of type String to hypervisor `SecurityInfo`. In accordance with the Initdata Specification, this field will facilitate the injection of well-defined data from an untrusted host into the TEE. To ensure the integrity of this injected data, the TEE evidence's hostdata capability or the (v)TPM dynamic measurement capability will be leveraged, as outlined in the specification. Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
2025-07-14 15:44:58 +00:00 · 2025-06-13 16:21:46 +08:00 · 2025-06-13 16:21:46 +08:00 · 2603ee66b8
commit 2603ee66b8
parent 89dcc8fb27
1 changed files with 6 additions and 0 deletions
--- a/src/libs/kata-types/src/config/hypervisor/mod.rs
+++ b/src/libs/kata-types/src/config/hypervisor/mod.rs
@ -885,6 +885,12 @@ pub struct SecurityInfo {
    #[serde(default)]
    pub guest_hook_path: String,

+    /// Initdata is dynamic configuration (like policies, configs, and identity files) with encoded format that users inject
+    /// into the TEE Guest upon CVM launch. And it's implemented based on the `InitData Specification`:
+    /// https://github.com/confidential-containers/trustee/blob/61c1dc60ee1f926c2eb95d69666c2430c3fea808/kbs/docs/initdata.md
+    #[serde(default)]
+    pub initdata: String,
+
    /// List of valid annotation names for the hypervisor.
    ///
    /// Each member of the list is a regular expression, which is the base name of the annotation,