mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-26 03:29:02 +00:00
Merge pull request #9608 from fidencio/topic/tdx-depend-on-distro-host-stack-part-II
tdx: Adapt kata-deploy to use QEMU / OVMF from the distros
This commit is contained in:
commit
2f686b1179
@ -146,7 +146,8 @@ DEFROOTFSTYPE := $(ROOTFSTYPE_EXT4)
|
||||
FIRMWAREPATH :=
|
||||
FIRMWAREVOLUMEPATH :=
|
||||
|
||||
FIRMWARETDVFPATH := $(PREFIXDEPS)/share/tdvf/OVMF.fd
|
||||
#FIRMWARETDVFPATH := $(PREFIXDEPS)/share/tdvf/OVMF.fd
|
||||
FIRMWARETDVFPATH := PLACEHOLDER_FOR_DISTRO_OVMF_WITH_TDX_SUPPORT
|
||||
FIRMWARETDVFVOLUMEPATH :=
|
||||
|
||||
FIRMWARESEVPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd
|
||||
@ -175,7 +176,8 @@ HYPERVISORS := $(HYPERVISOR_ACRN) $(HYPERVISOR_FC) $(HYPERVISOR_QEMU) $(HYPERVIS
|
||||
QEMUPATH := $(QEMUBINDIR)/$(QEMUCMD)
|
||||
QEMUVALIDHYPERVISORPATHS := [\"$(QEMUPATH)\"]
|
||||
|
||||
QEMUTDXPATH := $(QEMUBINDIR)/$(QEMUTDXCMD)
|
||||
#QEMUTDXPATH := $(QEMUBINDIR)/$(QEMUTDXCMD)
|
||||
QEMUTDXPATH := PLACEHOLDER_FOR_DISTRO_QEMU_WITH_TDX_SUPPORT
|
||||
QEMUTDXVALIDHYPERVISORPATHS := [\"$(QEMUTDXPATH)\"]
|
||||
|
||||
QEMUSNPPATH := $(QEMUBINDIR)/$(QEMUSNPCMD)
|
||||
|
@ -363,7 +363,6 @@ func (object Object) QemuParams(config *Config) []string {
|
||||
|
||||
case TDXGuest:
|
||||
objectParams = append(objectParams, string(object.Type))
|
||||
objectParams = append(objectParams, "sept-ve-disable=on")
|
||||
objectParams = append(objectParams, fmt.Sprintf("id=%s", object.ID))
|
||||
if object.Debug {
|
||||
objectParams = append(objectParams, "debug=on")
|
||||
@ -2664,10 +2663,6 @@ type Knobs struct {
|
||||
|
||||
// IOMMUPlatform will enable IOMMU for supported devices
|
||||
IOMMUPlatform bool
|
||||
|
||||
// Whether private memory should be used or not
|
||||
// This is required by TDX, at least.
|
||||
Private bool
|
||||
}
|
||||
|
||||
// IOThread allows IO to be performed on a separate thread.
|
||||
@ -3032,9 +3027,6 @@ func (config *Config) appendMemoryKnobs() {
|
||||
numaMemParam = "node,memdev=" + dimmName
|
||||
}
|
||||
|
||||
if config.Knobs.Private {
|
||||
objMemParam += ",private=on"
|
||||
}
|
||||
if config.Knobs.MemShared {
|
||||
objMemParam += ",share=on"
|
||||
}
|
||||
|
@ -586,7 +586,6 @@ func TestAppendMemoryFileBackedMem(t *testing.T) {
|
||||
knobs := Knobs{
|
||||
FileBackedMem: true,
|
||||
MemShared: false,
|
||||
Private: false,
|
||||
}
|
||||
objMemString := "-object memory-backend-file,id=dimm1,size=1G,mem-path=foobar"
|
||||
numaMemString := "-numa node,memdev=dimm1"
|
||||
@ -600,36 +599,6 @@ func TestAppendMemoryFileBackedMem(t *testing.T) {
|
||||
}
|
||||
|
||||
testConfigAppend(conf, knobs, memString+" "+knobsString, t)
|
||||
|
||||
// Reset the conf and memString values
|
||||
conf = &Config{
|
||||
Memory: Memory{
|
||||
Size: "1G",
|
||||
Slots: 8,
|
||||
MaxMem: "3G",
|
||||
Path: "foobar",
|
||||
},
|
||||
}
|
||||
memString = "-m 1G,slots=8,maxmem=3G"
|
||||
testConfigAppend(conf, conf.Memory, memString, t)
|
||||
|
||||
knobs = Knobs{
|
||||
FileBackedMem: true,
|
||||
MemShared: false,
|
||||
Private: true,
|
||||
}
|
||||
objMemString = "-object memory-backend-file,id=dimm1,size=1G,mem-path=foobar,private=on"
|
||||
numaMemString = "-numa node,memdev=dimm1"
|
||||
memBackendString = "-machine memory-backend=dimm1"
|
||||
|
||||
knobsString = objMemString + " "
|
||||
if isDimmSupported(nil) {
|
||||
knobsString += numaMemString
|
||||
} else {
|
||||
knobsString += memBackendString
|
||||
}
|
||||
|
||||
testConfigAppend(conf, knobs, memString+" "+knobsString, t)
|
||||
}
|
||||
|
||||
func TestAppendMemoryFileBackedMemPrealloc(t *testing.T) {
|
||||
|
@ -615,17 +615,6 @@ func (q *qemu) CreateVM(ctx context.Context, id string, network Network, hypervi
|
||||
return err
|
||||
}
|
||||
|
||||
if q.config.ConfidentialGuest {
|
||||
// At this point we're safe to just check for the protection field
|
||||
// on the hypervisor specific code, as availableGuestProtection()
|
||||
// has been called earlier and we know we have the value stored.
|
||||
if q.arch.getProtection() == tdxProtection {
|
||||
|
||||
// TDX relies on ",private=on" passed to the memory object.
|
||||
knobs.Private = true
|
||||
}
|
||||
}
|
||||
|
||||
kernelPath, err := q.config.KernelAssetPath()
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -41,8 +41,10 @@ teardown() {
|
||||
# Run on a specific node so we know from where to inspect the logs
|
||||
set_node "$pod_config" "$node"
|
||||
|
||||
# Add an "allow all" policy if policy testing is enabled.
|
||||
add_allow_all_policy_to_yaml "$pod_config"
|
||||
# Skip adding the policy, as it's causing the test to fail.
|
||||
# See more details on: https://github.com/kata-containers/kata-containers/issues/9612
|
||||
# # Add an "allow all" policy if policy testing is enabled.
|
||||
# add_allow_all_policy_to_yaml "$pod_config"
|
||||
|
||||
# For debug sake
|
||||
echo "Pod $pod_config file:"
|
||||
@ -52,4 +54,4 @@ teardown() {
|
||||
|
||||
assert_logs_contain "$node" kata "$node_start_time" \
|
||||
'verity: .* metadata block .* is corrupted'
|
||||
}
|
||||
}
|
||||
|
@ -58,6 +58,8 @@ spec:
|
||||
mountPath: /opt/kata/
|
||||
- name: local-bin
|
||||
mountPath: /usr/local/bin/
|
||||
- name: host
|
||||
mountPath: /host/
|
||||
volumes:
|
||||
- name: crio-conf
|
||||
hostPath:
|
||||
@ -72,6 +74,9 @@ spec:
|
||||
- name: local-bin
|
||||
hostPath:
|
||||
path: /usr/local/bin/
|
||||
- name: host
|
||||
hostPath:
|
||||
path: /
|
||||
updateStrategy:
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
|
@ -30,10 +30,8 @@ BASE_TARBALLS = serial-targets \
|
||||
ovmf-tarball \
|
||||
qemu-snp-experimental-tarball \
|
||||
qemu-tarball \
|
||||
qemu-tdx-experimental-tarball \
|
||||
stratovirt-tarball \
|
||||
shim-v2-tarball \
|
||||
tdvf-tarball \
|
||||
virtiofsd-tarball
|
||||
BASE_SERIAL_TARBALLS = rootfs-image-tarball \
|
||||
rootfs-image-confidential-tarball \
|
||||
@ -139,9 +137,6 @@ qemu-tarball:
|
||||
boot-image-se-tarball: kernel-confidential-tarball rootfs-initrd-confidential-tarball
|
||||
${MAKE} $@-build
|
||||
|
||||
qemu-tdx-experimental-tarball:
|
||||
${MAKE} $@-build
|
||||
|
||||
stratovirt-tarball:
|
||||
${MAKE} $@-build
|
||||
|
||||
@ -166,9 +161,6 @@ runk-tarball:
|
||||
shim-v2-tarball:
|
||||
${MAKE} $@-build
|
||||
|
||||
tdvf-tarball:
|
||||
${MAKE} $@-build
|
||||
|
||||
trace-forwarder-tarball:
|
||||
${MAKE} $@-build
|
||||
|
||||
|
@ -111,7 +111,6 @@ options:
|
||||
ovmf-sev
|
||||
qemu
|
||||
qemu-snp-experimental
|
||||
qemu-tdx-experimental
|
||||
stratovirt
|
||||
rootfs-image
|
||||
rootfs-image-confidential
|
||||
@ -120,7 +119,6 @@ options:
|
||||
rootfs-initrd-mariner
|
||||
runk
|
||||
shim-v2
|
||||
tdvf
|
||||
trace-forwarder
|
||||
virtiofsd
|
||||
EOF
|
||||
@ -565,17 +563,6 @@ install_qemu() {
|
||||
"${qemu_builder}"
|
||||
}
|
||||
|
||||
install_qemu_tdx_experimental() {
|
||||
export qemu_suffix="tdx-experimental"
|
||||
export qemu_tarball_name="kata-static-qemu-${qemu_suffix}.tar.gz"
|
||||
|
||||
install_qemu_helper \
|
||||
"assets.hypervisor.qemu-${qemu_suffix}.url" \
|
||||
"assets.hypervisor.qemu-${qemu_suffix}.tag" \
|
||||
"qemu-${qemu_suffix}" \
|
||||
"${qemu_experimental_builder}"
|
||||
}
|
||||
|
||||
install_qemu_snp_experimental() {
|
||||
export qemu_suffix="snp-experimental"
|
||||
export qemu_tarball_name="kata-static-qemu-${qemu_suffix}.tar.gz"
|
||||
@ -752,7 +739,6 @@ install_ovmf() {
|
||||
|
||||
local component_name="ovmf"
|
||||
[ "${ovmf_type}" == "sev" ] && component_name="ovmf-sev"
|
||||
[ "${ovmf_type}" == "tdx" ] && component_name="tdvf"
|
||||
|
||||
latest_artefact="$(get_from_kata_deps "externals.ovmf.${ovmf_type}.version")"
|
||||
latest_builder_image="$(get_ovmf_image_name)"
|
||||
@ -769,11 +755,6 @@ install_ovmf() {
|
||||
tar xvf "${builddir}/${tarball_name}" -C "${destdir}"
|
||||
}
|
||||
|
||||
# Install TDVF
|
||||
install_tdvf() {
|
||||
install_ovmf "tdx" "edk2-tdx.tar.gz"
|
||||
}
|
||||
|
||||
# Install OVMF SEV
|
||||
install_ovmf_sev() {
|
||||
install_ovmf "sev" "edk2-sev.tar.gz"
|
||||
@ -982,11 +963,9 @@ handle_build() {
|
||||
install_ovmf_sev
|
||||
install_qemu
|
||||
install_qemu_snp_experimental
|
||||
install_qemu_tdx_experimental
|
||||
install_stratovirt
|
||||
install_runk
|
||||
install_shimv2
|
||||
install_tdvf
|
||||
install_trace_forwarder
|
||||
install_virtiofsd
|
||||
;;
|
||||
@ -1033,8 +1012,6 @@ handle_build() {
|
||||
|
||||
qemu-snp-experimental) install_qemu_snp_experimental ;;
|
||||
|
||||
qemu-tdx-experimental) install_qemu_tdx_experimental ;;
|
||||
|
||||
stratovirt) install_stratovirt ;;
|
||||
|
||||
rootfs-image) install_image ;;
|
||||
@ -1051,8 +1028,6 @@ handle_build() {
|
||||
|
||||
shim-v2) install_shimv2 ;;
|
||||
|
||||
tdvf) install_tdvf ;;
|
||||
|
||||
trace-forwarder) install_trace_forwarder ;;
|
||||
|
||||
virtiofsd) install_virtiofsd ;;
|
||||
|
@ -39,6 +39,16 @@ die() {
|
||||
exit 1
|
||||
}
|
||||
|
||||
warn() {
|
||||
msg="$*"
|
||||
echo "WARN: $msg" >&2
|
||||
}
|
||||
|
||||
info() {
|
||||
msg="$*"
|
||||
echo "INFO: $msg" >&2
|
||||
}
|
||||
|
||||
function host_systemctl() {
|
||||
nsenter --target 1 --mount systemctl "${@}"
|
||||
}
|
||||
@ -148,6 +158,63 @@ function get_kata_containers_config_path() {
|
||||
echo "$config_path"
|
||||
}
|
||||
|
||||
function tdx_not_supported() {
|
||||
distro="${1}"
|
||||
version="${2}"
|
||||
|
||||
warn "Distro ${distro} ${version} does not support TDX and the TDX related runtime classes will not work in your cluster!"
|
||||
}
|
||||
|
||||
function tdx_supported() {
|
||||
distro="${1}"
|
||||
version="${2}"
|
||||
config="${3}"
|
||||
|
||||
sed -i -e "s|PLACEHOLDER_FOR_DISTRO_QEMU_WITH_TDX_SUPPORT|$(get_tdx_qemu_path_from_distro ${distro})|g" ${config}
|
||||
sed -i -e "s|PLACEHOLDER_FOR_DISTRO_OVMF_WITH_TDX_SUPPORT|$(get_tdx_ovmf_path_from_distro ${distro})|g" ${config}
|
||||
|
||||
info "In order to use the tdx related runtime classes, ensure TDX is properly configured for ${distro} ${version} by following the instructions provided at: $(get_tdx_distro_instructions ${distro})"
|
||||
}
|
||||
|
||||
function get_tdx_distro_instructions() {
|
||||
distro="${1}"
|
||||
|
||||
case ${distro} in
|
||||
ubuntu)
|
||||
echo "https://github.com/canonical/tdx/tree/noble-24.04"
|
||||
;;
|
||||
centos)
|
||||
echo "https://sigs.centos.org/virt/tdx"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
function get_tdx_qemu_path_from_distro() {
|
||||
distro="${1}"
|
||||
|
||||
case ${distro} in
|
||||
ubuntu)
|
||||
echo "/usr/bin/qemu-system-x86_64"
|
||||
;;
|
||||
centos)
|
||||
echo "/usr/libexec/qemu-kvm"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
function get_tdx_ovmf_path_from_distro() {
|
||||
distro="${1}"
|
||||
|
||||
case ${distro} in
|
||||
ubuntu)
|
||||
echo "/usr/share/ovmf/OVMF.fd"
|
||||
;;
|
||||
centos)
|
||||
echo "/usr/share/edk2/ovmf/OVMF.inteltdx.fd"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
function install_artifacts() {
|
||||
echo "copying kata artifacts onto host"
|
||||
cp -au /opt/kata-artifacts/opt/kata/* /opt/kata/
|
||||
@ -181,6 +248,35 @@ function install_artifacts() {
|
||||
if [ -n "${allowed_hypervisor_annotations}" ]; then
|
||||
sed -i -e "s/^enable_annotations = \[\(.*\)\]/enable_annotations = [\1, $allowed_hypervisor_annotations]/" "${kata_config_file}"
|
||||
fi
|
||||
|
||||
if grep -q "tdx" <<< "$shim"; then
|
||||
source /host/etc/os-release || source /host/usr/lib/os-release
|
||||
case ${ID} in
|
||||
ubuntu)
|
||||
case ${VERSION_ID} in
|
||||
24.04)
|
||||
tdx_supported ${ID} ${VERSION_ID} ${kata_config_file}
|
||||
;;
|
||||
*)
|
||||
tdx_not_supported ${ID} ${VERSION_ID}
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
centos)
|
||||
case ${VERSION_ID} in
|
||||
9)
|
||||
tdx_supported ${ID} ${VERSION_ID} ${kata_config_file}
|
||||
;;
|
||||
*)
|
||||
tdx_not_supported ${ID} ${VERSION_ID}
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
*)
|
||||
tdx_not_supported_warning
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
done
|
||||
|
||||
# Allow Mariner to use custom configuration.
|
||||
|
@ -77,9 +77,6 @@ popd
|
||||
|
||||
info "Install fd to destdir"
|
||||
install_dir="${DESTDIR}/${PREFIX}/share/ovmf"
|
||||
if [ "${ovmf_build}" == "tdx" ]; then
|
||||
install_dir="$DESTDIR/$PREFIX/share/tdvf"
|
||||
fi
|
||||
|
||||
mkdir -p "${install_dir}"
|
||||
if [ "${ovmf_build}" == "sev" ]; then
|
||||
|
@ -1,23 +0,0 @@
|
||||
# Copyright (c) 2022 Intel
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
FROM ubuntu:20.04
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
|
||||
ARG RUST_TOOLCHAIN
|
||||
|
||||
RUN apt-get update && \
|
||||
apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
clang \
|
||||
curl \
|
||||
gcc \
|
||||
git \
|
||||
llvm \
|
||||
nasm && \
|
||||
apt-get clean && rm -rf /var/lib/lists/ && \
|
||||
curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN} && \
|
||||
source "$HOME/.cargo/env" && \
|
||||
rustup component add rust-src && \
|
||||
cargo install cargo-xbuild
|
@ -1,42 +0,0 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Copyright (c) 2022 Intel
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
set -o errexit
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
source "${script_dir}/../../scripts/lib.sh"
|
||||
|
||||
tdshim_repo="${tdshim_repo:-}"
|
||||
DESTDIR=${DESTDIR:-${PWD}}
|
||||
PREFIX="${PREFIX:-/opt/kata}"
|
||||
|
||||
[ -n "${tdshim_repo}" ] || die "Failed to get TD-shim repo"
|
||||
[ -n "${tdshim_version}" ] || die "Failed to get TD-shim version or commit"
|
||||
|
||||
info "Build ${tdshim_repo} version: ${tdshim_version}"
|
||||
|
||||
source ${HOME}/.cargo/env
|
||||
|
||||
build_root=$(mktemp -d)
|
||||
pushd ${build_root}
|
||||
git clone --single-branch "${tdshim_repo}"
|
||||
pushd td-shim
|
||||
git checkout "${tdshim_version}"
|
||||
bash sh_script/build_final.sh boot_kernel
|
||||
|
||||
install_dir="${DESTDIR}/${PREFIX}/share/td-shim"
|
||||
mkdir -p ${install_dir}
|
||||
install target/x86_64-unknown-uefi/release/final-boot-kernel.bin ${install_dir}/td-shim.bin
|
||||
popd #td-shim
|
||||
popd #${build_root}
|
||||
|
||||
local_dir=${PWD}
|
||||
pushd ${DESTDIR}
|
||||
tar -czvf "${local_dir}/td-shim.tar.gz" "./$PREFIX"
|
||||
rm -rf $(dirname ./$PREFIX)
|
||||
popd #${DESTDIR}
|
@ -1,48 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# Copyright (c) 2022 Intel
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
set -o errexit
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
readonly tdshim_builder="${script_dir}/build-td-shim.sh"
|
||||
|
||||
source "${script_dir}/../../scripts/lib.sh"
|
||||
|
||||
DESTDIR=${DESTDIR:-${PWD}}
|
||||
PREFIX=${PREFIX:-/opt/kata}
|
||||
kata_version="${kata_version:-}"
|
||||
tdshim_repo="${tdshim_repo:-}"
|
||||
tdshim_version="${tdshim_version:-}"
|
||||
tdshim_toolchain="${tdshim_toolchain:-}"
|
||||
package_output_dir="${package_output_dir:-}"
|
||||
|
||||
[ -n "${tdshim_repo}" ] || tdshim_repo=$(get_from_kata_deps "externals.td-shim.url")
|
||||
[ -n "${tdshim_version}" ] || tdshim_version=$(get_from_kata_deps "externals.td-shim.version")
|
||||
[ -n "${tdshim_toolchain}" ] || tdshim_toolchain=$(get_from_kata_deps "externals.td-shim.toolchain")
|
||||
|
||||
[ -n "${tdshim_repo}" ] || die "Failed to get TD-shim repo"
|
||||
[ -n "${tdshim_version}" ] || die "Failed to get TD-shim version or commit"
|
||||
[ -n "${tdshim_toolchain}" ] || die "Failed to get TD-shim toolchain to be used to build the project"
|
||||
|
||||
container_image="${TDSHIM_CONTAINER_BUILDER:-${BUILDER_REGISTRY}:td-shim-${tdshim_toolchain}-$(get_last_modification ${script_dir})-$(uname -m)}"
|
||||
|
||||
sudo docker pull ${container_image} || (sudo docker build \
|
||||
--build-arg RUST_TOOLCHAIN="${tdshim_toolchain}" \
|
||||
-t "${container_image}" \
|
||||
"${script_dir}" && \
|
||||
# No-op unless PUSH_TO_REGISTRY is exported as "yes"
|
||||
push_to_registry "${container_image}")
|
||||
|
||||
sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
|
||||
-w "${PWD}" \
|
||||
--env DESTDIR="${DESTDIR}" \
|
||||
--env PREFIX="${PREFIX}" \
|
||||
--env tdshim_repo="${tdshim_repo}" \
|
||||
--env tdshim_version="${tdshim_version}" \
|
||||
"${container_image}" \
|
||||
bash -c "${tdshim_builder}"
|
@ -99,11 +99,6 @@ assets:
|
||||
https://github.com/qemu/qemu/tags
|
||||
.*/v?(\d\S+)\.tar\.gz
|
||||
|
||||
qemu-tdx-experimental:
|
||||
description: ¨QEMU with TDX support"
|
||||
url: "https://github.com/intel/qemu-tdx"
|
||||
tag: "tdx-qemu-next-2023.9.21-v8.1.0"
|
||||
|
||||
qemu-snp-experimental:
|
||||
description: "QEMU with SNP support"
|
||||
url: "https://github.com/confidential-containers/qemu.git"
|
||||
@ -337,18 +332,6 @@ externals:
|
||||
version: "edk2-stable202302"
|
||||
package: "OvmfPkg/AmdSev/AmdSevX64.dsc"
|
||||
package_output_dir: "AmdSev"
|
||||
tdx:
|
||||
# yamllint disable-line rule:line-length
|
||||
description: "QEMU with TDX support - based on https://github.com/intel/tdx-tools/releases/tag/2023ww15"
|
||||
version: "edk2-stable202302"
|
||||
package: "OvmfPkg/IntelTdx/IntelTdxX64.dsc"
|
||||
package_output_dir: "IntelTdx"
|
||||
|
||||
td-shim:
|
||||
description: "Confidential Containers Shim Firmware"
|
||||
url: "https://github.com/confidential-containers/td-shim"
|
||||
version: "cf9592ef70bd6ba4c7ab1330d278a743f5ba3133"
|
||||
toolchain: "nightly-2022-05-15"
|
||||
|
||||
virtiofsd:
|
||||
description: "vhost-user virtio-fs device backend written in Rust"
|
||||
|
Loading…
Reference in New Issue
Block a user