From 39c1dc0e36f27b2ed191acf2095603f1ba391f2e Mon Sep 17 00:00:00 2001 From: Alex Lyn Date: Fri, 15 Aug 2025 14:21:30 +0800 Subject: [PATCH] runtime-rs: Support initdata within NonProtection scenarios we also need support initdat within nonprotection even though the platform is detected as NonProtection or usually is called nontee host. Within these cases, there's no need to validate the item of `confidential_guest=true`, we believe the result of the method `available_guest_protection()?`. Signed-off-by: Alex Lyn --- .../crates/runtimes/virt_container/src/sandbox.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs index dfec87d3ff..ed9665f360 100644 --- a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs +++ b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs @@ -392,10 +392,6 @@ impl VirtSandbox { hypervisor_config: &HypervisorConfig, init_data: Option, ) -> Result> { - if !hypervisor_config.security_info.confidential_guest { - return Ok(None); - } - let available_protection = available_guest_protection()?; info!( sl!(), @@ -447,6 +443,7 @@ impl VirtSandbox { debug: false, }))) }, + GuestProtection::NoProtection => Ok(None), _ => Err(anyhow!("confidential_guest requested by configuration but no supported protection available")) } } @@ -470,6 +467,9 @@ impl VirtSandbox { GuestProtection::Snp(_details) => { calculate_initdata_digest(&initdata, ProtectedPlatform::Snp)? } + GuestProtection::NoProtection => { + calculate_initdata_digest(&initdata, ProtectedPlatform::NoProtection)? + } // TODO: there's more `GuestProtection` types to be supported. _ => return Ok(None), };