github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-30 23:37:45 +00:00
Code Issues Projects Releases Wiki Activity

runtime: Enable kernel hashes for all SEV guests

Browse Source 
This commit adds the `kernel-hashes=on` flag to the QEMU command line
for all SEV guests (previously, this was only enabled for SEV guests
with `guest_pre_attestation=on`. This change allows the AmdSev firmware
to be used for both encrypted and non-encrypted container images.

**Note:** This change makes the AmdSev OVMF build a requirement for all
SEV guests. The standard host OVMF package will no longer work.

Fixes #5307.

Signed-off-by: Jim Cadden <jcadden@ibm.com>
This commit is contained in:
Jim Cadden 2022-10-31 15:03:05 -04:00
parent 3dd655d60d
commit 411482bf19
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/runtime/virtcontainers/qemu_amd64.go
View File

@ -349,6 +349,7 @@ func (q *qemuAmd64) appendSEVObject(devices []govmmQemu.Device, firmware, firmwa
CBitPos: cpuid.AMDMemEncrypt.CBitPosition,
ReducedPhysBits: cpuid.AMDMemEncrypt.PhysAddrReduction,
SevPolicy: config.Policy,
SevKernelHashes: true,
}), "", nil
}
}