From 5cc028a8b148cd46857085a9aae9d24f55f83bd5 Mon Sep 17 00:00:00 2001 From: Alex Lyn Date: Tue, 19 Aug 2025 20:20:56 +0800 Subject: [PATCH] runtime-rs: Support initdata within NonProtection scenarios we also need support initdat within nonprotection even though the platform is detected as NonProtection or usually is called nontee host. Within these cases, there's no need to validate the item of `confidential_guest=true`, we believe the result of the method `available_guest_protection()?`. Fixes #11697 Signed-off-by: Alex Lyn --- .../crates/runtimes/virt_container/src/sandbox.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs index 51ad550f65..ac483fdfca 100644 --- a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs +++ b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs @@ -374,10 +374,6 @@ impl VirtSandbox { hypervisor_config: &HypervisorConfig, init_data: Option, ) -> Result> { - if !hypervisor_config.security_info.confidential_guest { - return Ok(None); - } - let available_protection = available_guest_protection()?; info!( sl!(), @@ -429,6 +425,7 @@ impl VirtSandbox { debug: false, }))) }, + GuestProtection::NoProtection => Ok(None), _ => Err(anyhow!("confidential_guest requested by configuration but no supported protection available")) } } @@ -453,6 +450,9 @@ impl VirtSandbox { calculate_initdata_digest(&initdata, ProtectedPlatform::Snp)? } GuestProtection::Se => calculate_initdata_digest(&initdata, ProtectedPlatform::Se)?, + GuestProtection::NoProtection => { + calculate_initdata_digest(&initdata, ProtectedPlatform::NoProtection)? + } // TODO: there's more `GuestProtection` types to be supported. _ => return Ok(None), };