From 39aa481da1b32ce422e6ab640d57bb91246ff91b Mon Sep 17 00:00:00 2001 From: Xynnn007 Date: Thu, 29 May 2025 09:25:59 +0800 Subject: [PATCH 1/2] runtime: fix initdata support for SNP the qemu commandline of SNP should start with `sev-snp-guest`, and then following other parameters separeted by ','. This patch fixes the parameter order. Signed-off-by: Xynnn007 --- src/runtime/pkg/govmm/qemu/qemu.go | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/src/runtime/pkg/govmm/qemu/qemu.go b/src/runtime/pkg/govmm/qemu/qemu.go index 86a70e441..67beb4b24 100644 --- a/src/runtime/pkg/govmm/qemu/qemu.go +++ b/src/runtime/pkg/govmm/qemu/qemu.go @@ -404,14 +404,6 @@ func (object Object) QemuParams(config *Config) []string { driveParams = append(driveParams, "if=pflash,format=raw,readonly=on") driveParams = append(driveParams, fmt.Sprintf("file=%s", object.File)) case SNPGuest: - if len(object.InitdataDigest) > 0 { - // due to https://github.com/confidential-containers/qemu/blob/amd-snp-202402240000/qapi/qom.json#L926-L929 - // hostdata in SEV-SNP should be exactly 32 bytes - hostdataSlice := adjustProperLength(object.InitdataDigest, 32) - hostdata := base64.StdEncoding.EncodeToString(hostdataSlice) - objectParams = append(objectParams, fmt.Sprintf("host-data=%s", hostdata)) - } - objectParams = append(objectParams, string(object.Type)) objectParams = append(objectParams, fmt.Sprintf("id=%s", object.ID)) objectParams = append(objectParams, fmt.Sprintf("cbitpos=%d", object.CBitPos)) @@ -423,6 +415,13 @@ func (object Object) QemuParams(config *Config) []string { if object.SnpIdAuth != "" { objectParams = append(objectParams, fmt.Sprintf("id-auth=%s", object.SnpIdAuth)) } + if len(object.InitdataDigest) > 0 { + // due to https://github.com/confidential-containers/qemu/blob/amd-snp-202402240000/qapi/qom.json#L926-L929 + // hostdata in SEV-SNP should be exactly 32 bytes + hostdataSlice := adjustProperLength(object.InitdataDigest, 32) + hostdata := base64.StdEncoding.EncodeToString(hostdataSlice) + objectParams = append(objectParams, fmt.Sprintf("host-data=%s", hostdata)) + } config.Bios = object.File case SecExecGuest: objectParams = append(objectParams, string(object.Type)) From 8750eadff248a80229acc0a4b2fe4d54f4138225 Mon Sep 17 00:00:00 2001 From: Xynnn007 Date: Thu, 29 May 2025 09:29:48 +0800 Subject: [PATCH 2/2] test: turn SNP on for initdata tests After the last commit, the initdata test on SNP should be ok. Thus we turn on this flag for CI. Fixes #11300 Signed-off-by: Xynnn007 --- tests/integration/kubernetes/k8s-initdata.bats | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/kubernetes/k8s-initdata.bats b/tests/integration/kubernetes/k8s-initdata.bats index b8f1f196d..d98f20747 100644 --- a/tests/integration/kubernetes/k8s-initdata.bats +++ b/tests/integration/kubernetes/k8s-initdata.bats @@ -51,7 +51,7 @@ function setup_kbs_image_policy_for_initdata() { # TODO: Enable for more archs case "$KATA_HYPERVISOR" in - "qemu-tdx"|"qemu-coco-dev") + "qemu-tdx"|"qemu-coco-dev"|"qemu-snp") ;; *) skip "Test not supported for ${KATA_HYPERVISOR}."