From 4a4361393ce580a9eff1a9c6c9e1e5cf20e46a90 Mon Sep 17 00:00:00 2001
From: "alex.lyn" <alex.lyn@antgroup.com>
Date: Fri, 13 Jun 2025 17:36:37 +0800
Subject: [PATCH] runtime-rs: Introduce host-data in SevSnpConfig for
 validation

To facilitate the transfer of initdata generated during
`prepare_initdata_device_config`, a new parameter has been
introduced into the `prepare_protection_device_config` function.

Furthermore, to specifically pass initdata to SEV-SNP Guests, a
`host_data` field has been added to the `SevSnpConfig` structure.
However, this field is exclusively applicable to the SEV-SNP platform.

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
---
 .../hypervisor/src/device/driver/protection_device.rs      | 1 +
 .../crates/runtimes/virt_container/src/sandbox.rs          | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/runtime-rs/crates/hypervisor/src/device/driver/protection_device.rs b/src/runtime-rs/crates/hypervisor/src/device/driver/protection_device.rs
index 83d0718967..e990cc873c 100644
--- a/src/runtime-rs/crates/hypervisor/src/device/driver/protection_device.rs
+++ b/src/runtime-rs/crates/hypervisor/src/device/driver/protection_device.rs
@@ -22,6 +22,7 @@ pub struct SevSnpConfig {
     pub is_snp: bool,
     pub cbitpos: u32,
     pub firmware: String,
+    pub host_data: Option<String>,
 }
 
 #[derive(Debug, Clone)]
diff --git a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs
index 14afb19a10..4357a32fd9 100644
--- a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs
+++ b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs
@@ -164,7 +164,7 @@ impl VirtSandbox {
         }
 
         // prepare protection device config
-        let _init_data = if let Some(initdata) = self
+        let init_data = if let Some(initdata) = self
             .prepare_initdata_device_config(&self.hypervisor.hypervisor_config().await)
             .await
             .context("failed to prepare initdata device config")?
@@ -178,7 +178,7 @@ impl VirtSandbox {
 
         // prepare protection device config
         if let Some(protection_dev_config) = self
-            .prepare_protection_device_config(&self.hypervisor.hypervisor_config().await)
+            .prepare_protection_device_config(&self.hypervisor.hypervisor_config().await, init_data)
             .await
             .context("failed to prepare protection device config")?
         {
@@ -372,6 +372,7 @@ impl VirtSandbox {
     async fn prepare_protection_device_config(
         &self,
         hypervisor_config: &HypervisorConfig,
+        init_data: Option<String>,
     ) -> Result<Option<ProtectionDeviceConfig>> {
         if !hypervisor_config.security_info.confidential_guest {
             return Ok(None);
@@ -393,6 +394,7 @@ impl VirtSandbox {
                     is_snp: false,
                     cbitpos: details.cbitpos,
                     firmware: hypervisor_config.boot_info.firmware.clone(),
+                    host_data: None,
                 })))
             }
             GuestProtection::Snp(details) => {
@@ -412,6 +414,7 @@ impl VirtSandbox {
                     is_snp,
                     cbitpos: details.cbitpos,
                     firmware: hypervisor_config.boot_info.firmware.clone(),
+                    host_data: init_data,
                 })))
             }
             GuestProtection::Se => {