runtime-rs: support initdata within nontee scenarios

NoProtection cases Signed-off-by: Alex Lyn <alex.lyn@antgroup.com>
2025-08-17 15:38:00 +00:00 · 2025-08-12 14:26:23 +08:00 · 2025-08-12 14:26:23 +08:00 · 730c600286
commit 730c600286
parent 3c6855e492
1 changed files with 8 additions and 0 deletions
--- a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs
+++ b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs
@ -429,6 +429,7 @@ impl VirtSandbox {
                    debug: false,
                })))
            },
+            GuestProtection::NoProtection => Ok(None),
            _ => Err(anyhow!("confidential_guest requested by configuration but no supported protection available"))
        }
    }
@ -437,6 +438,10 @@ impl VirtSandbox {
        &self,
        hypervisor_config: &HypervisorConfig,
    ) -> Result<Option<InitDataConfig>> {
+        if !hypervisor_config.security_info.confidential_guest {
+            return Ok(None);
+        }
+
        let initdata = hypervisor_config.security_info.initdata.clone();
        if initdata.is_empty() {
            return Ok(None);
@ -452,6 +457,9 @@ impl VirtSandbox {
            GuestProtection::Snp(_details) => {
                calculate_initdata_digest(&initdata, ProtectedPlatform::Snp)?
            }
+            GuestProtection::NoProtection => {
+                calculate_initdata_digest(&initdata, ProtectedPlatform::NoProtection)?
+            }
            // TODO: there's more `GuestProtection` types to be supported.
            _ => return Ok(None),
        };