github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-05 19:47:53 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #11329 from Xynnn007/fix-initdata-snp

Browse Source 
Fix | Support initdata for SNP
This commit is contained in:
Steve Horsman 2025-06-02 15:24:12 +01:00 committed by GitHub
commit c575048aa7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/runtime/pkg/govmm/qemu/qemu.go
View File

@ -404,14 +404,6 @@ func (object Object) QemuParams(config *Config) []string {
driveParams = append(driveParams, "if=pflash,format=raw,readonly=on")
driveParams = append(driveParams, fmt.Sprintf("file=%s", object.File))
case SNPGuest:
if len(object.InitdataDigest) > 0 {
// due to https://github.com/confidential-containers/qemu/blob/amd-snp-202402240000/qapi/qom.json#L926-L929
// hostdata in SEV-SNP should be exactly 32 bytes
hostdataSlice := adjustProperLength(object.InitdataDigest, 32)
hostdata := base64.StdEncoding.EncodeToString(hostdataSlice)
objectParams = append(objectParams, fmt.Sprintf("host-data=%s", hostdata))
}
objectParams = append(objectParams, string(object.Type))
objectParams = append(objectParams, fmt.Sprintf("id=%s", object.ID))
objectParams = append(objectParams, fmt.Sprintf("cbitpos=%d", object.CBitPos))
@ -423,6 +415,13 @@ func (object Object) QemuParams(config *Config) []string {
if object.SnpIdAuth != "" {
objectParams = append(objectParams, fmt.Sprintf("id-auth=%s", object.SnpIdAuth))
}
if len(object.InitdataDigest) > 0 {
// due to https://github.com/confidential-containers/qemu/blob/amd-snp-202402240000/qapi/qom.json#L926-L929
// hostdata in SEV-SNP should be exactly 32 bytes
hostdataSlice := adjustProperLength(object.InitdataDigest, 32)
hostdata := base64.StdEncoding.EncodeToString(hostdataSlice)
objectParams = append(objectParams, fmt.Sprintf("host-data=%s", hostdata))
}
config.Bios = object.File
case SecExecGuest:
objectParams = append(objectParams, string(object.Type))

2
tests/integration/kubernetes/k8s-initdata.bats
View File

@ -51,7 +51,7 @@ function setup_kbs_image_policy_for_initdata() {
# TODO: Enable for more archs
case "$KATA_HYPERVISOR" in
"qemu-tdx"|"qemu-coco-dev")
"qemu-tdx"|"qemu-coco-dev"|"qemu-snp")
;;
*)
skip "Test not supported for ${KATA_HYPERVISOR}."