github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-19 09:51:29 +00:00
Code Issues Projects Releases Wiki Activity

runtime: enable kernel-hashes for SNP confidential container

Browse Source 
This is required to provide the hashes of kernel, initrd and cmdline
needed during the attestation of the coco.

Fixes: #9150

Signed-off-by: Niteesh Dubey <niteesh@us.ibm.com>
This commit is contained in:
Niteesh Dubey 2024-02-23 21:02:38 +00:00
parent b30d085271
commit 62d3d7c58f
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/runtime/Makefile
View File

@ -149,7 +149,7 @@ FIRMWARETDVFPATH := PLACEHOLDER_FOR_DISTRO_OVMF_WITH_TDX_SUPPORT
FIRMWARETDVFVOLUMEPATH := FIRMWARETDVFVOLUMEPATH :=
FIRMWARESEVPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd FIRMWARESEVPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd
FIRMWARESNPPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd FIRMWARESNPPATH := $(PREFIXDEPS)/share/ovmf/AMDSEV.fd
ROOTMEASURECONFIG ?= "" ROOTMEASURECONFIG ?= ""
KERNELPARAMS += $(ROOTMEASURECONFIG) KERNELPARAMS += $(ROOTMEASURECONFIG)

9
src/runtime/pkg/govmm/qemu/qemu.go
View File

@ -375,12 +375,19 @@ func (object Object) QemuParams(config *Config) []string {
objectParams = append(objectParams, prepareObjectWithTdxQgs(object)) objectParams = append(objectParams, prepareObjectWithTdxQgs(object))
config.Bios = object.File config.Bios = object.File
case SEVGuest: case SEVGuest:
fallthrough objectParams = append(objectParams, string(object.Type))
objectParams = append(objectParams, fmt.Sprintf("id=%s", object.ID))
objectParams = append(objectParams, fmt.Sprintf("cbitpos=%d", object.CBitPos))
objectParams = append(objectParams, fmt.Sprintf("reduced-phys-bits=%d", object.ReducedPhysBits))
driveParams = append(driveParams, "if=pflash,format=raw,readonly=on")
driveParams = append(driveParams, fmt.Sprintf("file=%s", object.File))
case SNPGuest: case SNPGuest:
objectParams = append(objectParams, string(object.Type)) objectParams = append(objectParams, string(object.Type))
objectParams = append(objectParams, fmt.Sprintf("id=%s", object.ID)) objectParams = append(objectParams, fmt.Sprintf("id=%s", object.ID))
objectParams = append(objectParams, fmt.Sprintf("cbitpos=%d", object.CBitPos)) objectParams = append(objectParams, fmt.Sprintf("cbitpos=%d", object.CBitPos))
objectParams = append(objectParams, fmt.Sprintf("reduced-phys-bits=%d", object.ReducedPhysBits)) objectParams = append(objectParams, fmt.Sprintf("reduced-phys-bits=%d", object.ReducedPhysBits))
objectParams = append(objectParams, "kernel-hashes=on")
driveParams = append(driveParams, "if=pflash,format=raw,readonly=on") driveParams = append(driveParams, "if=pflash,format=raw,readonly=on")
driveParams = append(driveParams, fmt.Sprintf("file=%s", object.File)) driveParams = append(driveParams, fmt.Sprintf("file=%s", object.File))