github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-09 04:39:17 +00:00
Code Issues Projects Releases Wiki Activity

runtime: do not add virtio-rng-pci device for confidential guests

Browse Source 
Adding:
"-object rng-random,id=rng0,filename=/dev/urandom -device
virtio-rng-pci,rng=rng0"

for confidential guests is not necessary as the RNG source cannot
be trusted and the guest kernel has the driver already disable as well.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
This commit is contained in:
Mikko Ylinen
2025-05-09 16:12:36 +03:00
parent a44dfb8d37
commit ab29c8c979
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/runtime/virtcontainers/qemu.go
View File

@@ -806,8 +806,8 @@ func (q *qemu) CreateVM(ctx context.Context, id string, network Network, hypervi
qemuConfig.IOThreads = []govmmQemu.IOThread{*ioThread} qemuConfig.IOThreads = []govmmQemu.IOThread{*ioThread}
} }
// Add RNG device to hypervisor // Add RNG device to hypervisor
// Skip for s390x as CPACF is used // Skip for s390x (as CPACF is used) or when Confidential Guest is enabled
if machine.Type != QemuCCWVirtio { if machine.Type != QemuCCWVirtio && !q.config.ConfidentialGuest {
rngDev := config.RNGDev{ rngDev := config.RNGDev{
ID: rngID, ID: rngID,
Filename: q.config.EntropySource, Filename: q.config.EntropySource,