protection: add confidential compute frame for arm

Even CCA, which is the confidential compute archtecture, has not been
ready, add a empty implementation to avoid static check error.

Fixes: #2789
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Suggested-by: Fabiano Fidêncio <fidencio@redhat.com>

src/runtime/virtcontainers/hypervisor_arm64.go

@@ -0,0 +1,10 @@
+// Copyright (c) 2021 Arm Ltd.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package virtcontainers
+
+//Returns pefProtection if the firmware directory exists
+func availableGuestProtection() (guestProtection, error) {
+	return noneProtection, nil
+}

src/runtime/virtcontainers/hypervisor_arm64_test.go

@@ -26,3 +26,10 @@ func TestRunningOnVMM(t *testing.T) {
 	assert.NoError(err)
 	assert.Equal(expectedOutput, running)
 }
+
+func TestAvailableGuestProtection(t *testing.T) {
+	assert := assert.New(t)
+
+	out, _ := availableGuestProtection()
+	assert.Equal(out, noneProtection)
+}

src/runtime/virtcontainers/qemu_arm64.go

@@ -9,6 +9,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"runtime"
 	"time"
 
 	govmmQemu "github.com/kata-containers/govmm/qemu"
@@ -77,6 +78,7 @@ func newQemuArch(config HypervisorConfig) (qemuArch, error) {
 			kernelParams:         kernelParams,
 			disableNvdimm:        config.DisableImageNvdimm,
 			dax:                  true,
+			protection:           noneProtection,
 		},
 	}
 
@@ -157,3 +159,18 @@ func (q *qemuArm64) getPFlash() ([]string, error) {
 		return nil, fmt.Errorf("too many pflash images for arm64")
 	}
 }
+
+func (q *qemuArm64) enableProtection() error {
+	q.protection, _ = availableGuestProtection()
+	if q.protection != noneProtection {
+		return fmt.Errorf("Protection %v is not supported on arm64", q.protection)
+	}
+
+	return nil
+}
+
+func (q *qemuArm64) appendProtectionDevice(devices []govmmQemu.Device, firmware string) ([]govmmQemu.Device, string, error) {
+	err := q.enableProtection()
+	virtLog.WithField("arch", runtime.GOARCH).Warnf("%v", err)
+	return devices, firmware, err
+}