diff --git a/src/runtime-rs/crates/hypervisor/src/device/driver/mod.rs b/src/runtime-rs/crates/hypervisor/src/device/driver/mod.rs index e10d66c005..d1069dade7 100644 --- a/src/runtime-rs/crates/hypervisor/src/device/driver/mod.rs +++ b/src/runtime-rs/crates/hypervisor/src/device/driver/mod.rs @@ -16,7 +16,7 @@ mod virtio_net; mod virtio_vsock; pub use port_device::{PCIePortDevice, PortDeviceConfig}; -pub use protection_device::{ProtectionDevice, ProtectionDeviceConfig, SevSnpConfig}; +pub use protection_device::{ProtectionDevice, ProtectionDeviceConfig, SevSnpConfig, TdxConfig}; pub use vfio::{ bind_device_to_host, bind_device_to_vfio, get_vfio_device, HostDevice, VfioBusMode, VfioConfig, VfioDevice, diff --git a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs index 8864bade94..09a6766aee 100644 --- a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs +++ b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs @@ -30,7 +30,7 @@ use hypervisor::{dragonball::Dragonball, HYPERVISOR_DRAGONBALL}; use hypervisor::{qemu::Qemu, HYPERVISOR_QEMU}; use hypervisor::{utils::get_hvsock_path, HybridVsockConfig, DEFAULT_GUEST_VSOCK_CID}; use hypervisor::{BlockConfig, Hypervisor}; -use hypervisor::{ProtectionDeviceConfig, SevSnpConfig}; +use hypervisor::{ProtectionDeviceConfig, SevSnpConfig, TdxConfig}; use kata_sys_util::hooks::HookStates; use kata_sys_util::protection::{available_guest_protection, GuestProtection}; use kata_types::capabilities::CapabilityBits; @@ -398,6 +398,15 @@ impl VirtSandbox { GuestProtection::Se => { Ok(Some(ProtectionDeviceConfig::Se)) } + GuestProtection::Tdx(_details) => { + Ok(Some(ProtectionDeviceConfig::Tdx(TdxConfig { + id: "tdx".to_owned(), + firmware: hypervisor_config.boot_info.firmware.clone(), + qgs_port: 4050, + mrconfigid: None, + debug: false, + }))) + }, _ => Err(anyhow!("confidential_guest requested by configuration but no supported protection available")) } }