github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-17 14:58:16 +00:00
Code Issues Projects Releases Wiki Activity

runtime-rs: Introduce host-data in SevSnpConfig for validation

Browse Source 
To facilitate the transfer of initdata generated during
`prepare_initdata_device_config`, a new parameter has been
introduced into the `prepare_protection_device_config` function.

Furthermore, to specifically pass initdata to SEV-SNP Guests, a
`host_data` field has been added to the `SevSnpConfig` structure.
However, this field is exclusively applicable to the SEV-SNP platform.

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
This commit is contained in:
alex.lyn
2025-06-13 17:36:37 +08:00
parent 5c8170dbb9
commit 4a4361393c
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/runtime-rs/crates/hypervisor/src/device/driver/protection_device.rs
View File

@@ -22,6 +22,7 @@ pub struct SevSnpConfig {
pub is_snp: bool, pub is_snp: bool,
pub cbitpos: u32, pub cbitpos: u32,
pub firmware: String, pub firmware: String,
pub host_data: Option<String>,
} }
#[derive(Debug, Clone)] #[derive(Debug, Clone)]

7
src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs
View File

@@ -164,7 +164,7 @@ impl VirtSandbox {
} }
// prepare protection device config // prepare protection device config
let _init_data = if let Some(initdata) = self let init_data = if let Some(initdata) = self
.prepare_initdata_device_config(&self.hypervisor.hypervisor_config().await) .prepare_initdata_device_config(&self.hypervisor.hypervisor_config().await)
.await .await
.context("failed to prepare initdata device config")? .context("failed to prepare initdata device config")?
@@ -178,7 +178,7 @@ impl VirtSandbox {
// prepare protection device config // prepare protection device config
if let Some(protection_dev_config) = self if let Some(protection_dev_config) = self
.prepare_protection_device_config(&self.hypervisor.hypervisor_config().await) .prepare_protection_device_config(&self.hypervisor.hypervisor_config().await, init_data)
.await .await
.context("failed to prepare protection device config")? .context("failed to prepare protection device config")?
{ {
@@ -372,6 +372,7 @@ impl VirtSandbox {
async fn prepare_protection_device_config( async fn prepare_protection_device_config(
&self, &self,
hypervisor_config: &HypervisorConfig, hypervisor_config: &HypervisorConfig,
init_data: Option<String>,
) -> Result<Option<ProtectionDeviceConfig>> { ) -> Result<Option<ProtectionDeviceConfig>> {
if !hypervisor_config.security_info.confidential_guest { if !hypervisor_config.security_info.confidential_guest {
return Ok(None); return Ok(None);
@@ -393,6 +394,7 @@ impl VirtSandbox {
is_snp: false, is_snp: false,
cbitpos: details.cbitpos, cbitpos: details.cbitpos,
firmware: hypervisor_config.boot_info.firmware.clone(), firmware: hypervisor_config.boot_info.firmware.clone(),
host_data: None,
}))) })))
} }
GuestProtection::Snp(details) => { GuestProtection::Snp(details) => {
@@ -412,6 +414,7 @@ impl VirtSandbox {
is_snp, is_snp,
cbitpos: details.cbitpos, cbitpos: details.cbitpos,
firmware: hypervisor_config.boot_info.firmware.clone(), firmware: hypervisor_config.boot_info.firmware.clone(),
host_data: init_data,
}))) })))
} }
GuestProtection::Se => { GuestProtection::Se => {