github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2026-05-17 04:52:23 +00:00
Code Issues Projects Releases Wiki Activity

kata-types: add ExtraImage struct and extra_images field to BootInfo

Browse Source 
Introduce the ExtraImage type to describe addon block-device images
(e.g. CoCo guest components) that are cold-plugged into the VM
alongside the main rootfs.

Each ExtraImage carries a short name (used as the virtio-blk serial
and in kernel cmdline verity parameters), a host-side path, and
dm-verity parameters (required -- addon images must be integrity-
protected).

A new extra_images Vec is added to BootInfo so that both the Rust
and Go runtimes can iterate the configured addons when building the
VM device list and kernel command line.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
Assisted-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Fabiano Fidêncio
2026-05-10 19:02:20 +02:00
parent 284db5421f
commit da552c118a
1 changed files with 48 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
src/libs/kata-types/src/config/hypervisor/mod.rs
View File

@@ -444,6 +444,25 @@ pub fn validate_block_device_sector_size(size: u32) -> Result<()> {
Ok(())
}
/// Extra block device image to attach to the VM (e.g. CoCo addon, GPU addon).
#[derive(Clone, Debug, Default, Deserialize, Serialize)]
pub struct ExtraImage {
/// Short name for this addon (e.g. "coco", "gpu"). Used as the virtio-blk
/// serial so the guest can discover the device via
/// `/dev/disk/by-id/virtio-addon-<name>` and match kernel cmdline verity
/// params `kata.addon.<name>.verity_params=...`.
pub name: String,
/// Path to the addon image file on the host.
#[serde(default)]
pub path: String,
/// DM-verity parameters for this addon image (root_hash, salt, etc.).
/// Populated at install time from the image build artifacts.
#[serde(default)]
pub verity_params: String,
}
/// Guest kernel boot information.
#[derive(Clone, Debug, Default, Deserialize, Serialize)]
pub struct BootInfo {
@@ -484,6 +503,7 @@ pub struct BootInfo {
/// - `virtio-blk-mmio`
#[serde(default)]
pub vm_rootfs_driver: String,
}
impl BootInfo {
@@ -1733,6 +1753,15 @@ pub struct Hypervisor {
#[serde(default, flatten)]
pub boot_info: BootInfo,
/// Additional block device images to attach to the VM (e.g. CoCo addon).
/// Each image is cold-plugged as a read-only virtio-blk device.
///
/// This field lives on Hypervisor rather than BootInfo because
/// BootInfo is deserialized via `#[serde(flatten)]`, and the toml crate
/// does not forward TOML array-of-tables through a flatten boundary.
#[serde(default)]
pub extra_images: Vec<ExtraImage>,
/// Guest virtual CPU configuration information.
#[serde(default, flatten)]
pub cpu_info: CpuInfo,
@@ -1842,6 +1871,9 @@ impl ConfigOps for Hypervisor {
})?;
hv.blockdev_info.adjust_config()?;
hv.boot_info.adjust_config()?;
for extra in &mut hv.extra_images {
resolve_path!(extra.path, "extra image file {} is invalid: {}")?;
}
hv.cpu_info.adjust_config()?;
hv.debug_info.adjust_config()?;
hv.device_info.adjust_config()?;
@@ -1882,6 +1914,22 @@ impl ConfigOps for Hypervisor {
let hv = conf.hypervisor.get(hypervisor).unwrap();
hv.blockdev_info.validate()?;
hv.boot_info.validate()?;
for extra in &hv.extra_images {
validate_path!(extra.path, "extra image file {} is invalid: {}")?;
if extra.name.is_empty() {
return Err(std::io::Error::other(
"extra_images entry is missing required 'name' field",
));
}
if !extra.verity_params.trim().is_empty() {
parse_kernel_verity_params(&extra.verity_params).map_err(|e| {
std::io::Error::other(format!(
"extra_images '{}' has invalid verity_params: {}",
extra.name, e
))
})?;
}
}
hv.cpu_info.validate()?;
hv.debug_info.validate()?;
hv.device_info.validate()?;