From 55b36212e6130e7ec1900c83eba5b686e3061c67 Mon Sep 17 00:00:00 2001 From: Niteesh Dubey Date: Tue, 29 Nov 2022 21:25:58 +0000 Subject: [PATCH] CCv0: Remove qemu paramter 'policy' for SNP container Removed the qemu paramter 'policy' (and also dh-cert-file, session-file, kernel-hashes=on) for SNP container. Fixes: #5795 Signed-off-by: Niteesh Dubey --- src/runtime/pkg/govmm/qemu/qemu.go | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/runtime/pkg/govmm/qemu/qemu.go b/src/runtime/pkg/govmm/qemu/qemu.go index 7a7fb4608e..3f936efb1f 100644 --- a/src/runtime/pkg/govmm/qemu/qemu.go +++ b/src/runtime/pkg/govmm/qemu/qemu.go @@ -274,11 +274,11 @@ type Object struct { FirmwareVolume string // CBitPos is the location of the C-bit in a guest page table entry - // This is only relevant for sev-guest objects + // This is only relevant for sev-guest and sev-snp-guest objects CBitPos uint32 // ReducedPhysBits is the reduction in the guest physical address space - // This is only relevant for sev-guest objects + // This is only relevant for sev-guest and sev-snp-guest objects ReducedPhysBits uint32 // ReadOnly specifies whether `MemPath` is opened read-only or read/write (default) @@ -370,8 +370,6 @@ func (object Object) QemuParams(config *Config) []string { deviceParams = append(deviceParams, fmt.Sprintf("config-firmware-volume=%s", object.FirmwareVolume)) } case SEVGuest: - fallthrough - case SNPGuest: objectParams = append(objectParams, string(object.Type)) objectParams = append(objectParams, fmt.Sprintf("id=%s", object.ID)) objectParams = append(objectParams, fmt.Sprintf("cbitpos=%d", object.CBitPos)) @@ -389,6 +387,14 @@ func (object Object) QemuParams(config *Config) []string { // Add OVMF firmware as pflash drive driveParams = append(driveParams, "if=pflash,format=raw,readonly=on") driveParams = append(driveParams, fmt.Sprintf("file=%s", object.File)) + case SNPGuest: + objectParams = append(objectParams, string(object.Type)) + objectParams = append(objectParams, fmt.Sprintf("id=%s", object.ID)) + objectParams = append(objectParams, fmt.Sprintf("cbitpos=%d", object.CBitPos)) + objectParams = append(objectParams, fmt.Sprintf("reduced-phys-bits=%d", object.ReducedPhysBits)) + // Add OVMF firmware as pflash drive + driveParams = append(driveParams, "if=pflash,format=raw,readonly=on") + driveParams = append(driveParams, fmt.Sprintf("file=%s", object.File)) case SecExecGuest: objectParams = append(objectParams, string(object.Type)) objectParams = append(objectParams, fmt.Sprintf("id=%s", object.ID))