runtime-rs: Introduce host-data in SevSnpConfig for validation

To facilitate the transfer of initdata generated during `prepare_initdata_device_config`, a new parameter has been introduced into the `prepare_protection_device_config` function. Furthermore, to specifically pass initdata to SEV-SNP Guests, a `host_data` field has been added to the `SevSnpConfig` structure. However, this field is exclusively applicable to the SEV-SNP platform. Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
2025-09-17 06:48:51 +00:00 · 2025-06-13 17:36:37 +08:00
parent 5c8170dbb9
commit 4a4361393c
2 changed files with 6 additions and 2 deletions
--- a/src/runtime-rs/crates/hypervisor/src/device/driver/protection_device.rs
+++ b/src/runtime-rs/crates/hypervisor/src/device/driver/protection_device.rs
@@ -22,6 +22,7 @@ pub struct SevSnpConfig {
    pub is_snp: bool,
    pub cbitpos: u32,
    pub firmware: String,
+    pub host_data: Option<String>,
 }

 #[derive(Debug, Clone)]
--- a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs
+++ b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs
@@ -164,7 +164,7 @@ impl VirtSandbox {
        }

        // prepare protection device config
-        let _init_data = if let Some(initdata) = self
+        let init_data = if let Some(initdata) = self
            .prepare_initdata_device_config(&self.hypervisor.hypervisor_config().await)
            .await
            .context("failed to prepare initdata device config")?
@@ -178,7 +178,7 @@ impl VirtSandbox {

        // prepare protection device config
        if let Some(protection_dev_config) = self
-            .prepare_protection_device_config(&self.hypervisor.hypervisor_config().await)
+            .prepare_protection_device_config(&self.hypervisor.hypervisor_config().await, init_data)
            .await
            .context("failed to prepare protection device config")?
        {
@@ -372,6 +372,7 @@ impl VirtSandbox {
    async fn prepare_protection_device_config(
        &self,
        hypervisor_config: &HypervisorConfig,
+        init_data: Option<String>,
    ) -> Result<Option<ProtectionDeviceConfig>> {
        if !hypervisor_config.security_info.confidential_guest {
            return Ok(None);
@@ -393,6 +394,7 @@ impl VirtSandbox {
                    is_snp: false,
                    cbitpos: details.cbitpos,
                    firmware: hypervisor_config.boot_info.firmware.clone(),
+                    host_data: None,
                })))
            }
            GuestProtection::Snp(details) => {
@@ -412,6 +414,7 @@ impl VirtSandbox {
                    is_snp,
                    cbitpos: details.cbitpos,
                    firmware: hypervisor_config.boot_info.firmware.clone(),
+                    host_data: init_data,
                })))
            }
            GuestProtection::Se => {