diff --git a/src/runtime/Makefile b/src/runtime/Makefile index 54f47d6fa9..1ad2340b11 100644 --- a/src/runtime/Makefile +++ b/src/runtime/Makefile @@ -489,6 +489,9 @@ ifneq (,$(QEMUCMD)) KERNELPARAMS_NV += "pci=nocrs" KERNELPARAMS_NV += "pci=assign-busses" + KERNELPARAMS_CONFIDENTIAL_NV = $(KERNELPARAMS_NV) + KERNELPARAMS_CONFIDENTIAL_NV += "nvrc.smi.srs=1" + # Setting this to false can lead to cgroup leakages in the host # Best practice for production is to set this to true DEFSANDBOXCGROUPONLY_NV = true @@ -661,6 +664,7 @@ USER_VARS += DEFAULTMEMORY_NV USER_VARS += DEFAULTVFIOPORT_NV USER_VARS += DEFAULTPCIEROOTPORT_NV USER_VARS += KERNELPARAMS_NV +USER_VARS += KERNELPARAMS_CONFIDENTIAL_NV USER_VARS += KERNELVERITYPARAMS_NV USER_VARS += KERNELVERITYPARAMS_CONFIDENTIAL_NV USER_VARS += DEFAULTTIMEOUT_NV diff --git a/src/runtime/config/configuration-qemu-nvidia-gpu-snp.toml.in b/src/runtime/config/configuration-qemu-nvidia-gpu-snp.toml.in index eff87f6f9a..633d85bef4 100644 --- a/src/runtime/config/configuration-qemu-nvidia-gpu-snp.toml.in +++ b/src/runtime/config/configuration-qemu-nvidia-gpu-snp.toml.in @@ -90,7 +90,7 @@ snp_guest_policy = 196608 # may stop the virtual machine from booting. # To see the list of default parameters, enable hypervisor debug, create a # container and look for 'default-kernel-parameters' log entries. -kernel_params = "@KERNELPARAMS_NV@" +kernel_params = "@KERNELPARAMS_CONFIDENTIAL_NV@" # Optional dm-verity parameters (comma-separated key=value list): # root_hash=...,salt=...,data_blocks=...,data_block_size=...,hash_block_size=... diff --git a/src/runtime/config/configuration-qemu-nvidia-gpu-tdx.toml.in b/src/runtime/config/configuration-qemu-nvidia-gpu-tdx.toml.in index eab536be0e..7f8b7456b0 100644 --- a/src/runtime/config/configuration-qemu-nvidia-gpu-tdx.toml.in +++ b/src/runtime/config/configuration-qemu-nvidia-gpu-tdx.toml.in @@ -67,7 +67,7 @@ valid_hypervisor_paths = @QEMUTDXEXPERIMENTALVALIDHYPERVISORPATHS@ # may stop the virtual machine from booting. # To see the list of default parameters, enable hypervisor debug, create a # container and look for 'default-kernel-parameters' log entries. -kernel_params = "@KERNELPARAMS_NV@" +kernel_params = "@KERNELPARAMS_CONFIDENTIAL_NV@" # Optional dm-verity parameters (comma-separated key=value list): # root_hash=...,salt=...,data_blocks=...,data_block_size=...,hash_block_size=... diff --git a/tests/integration/kubernetes/k8s-nvidia-cuda.bats b/tests/integration/kubernetes/k8s-nvidia-cuda.bats index 6d70afbb83..524583a1e2 100644 --- a/tests/integration/kubernetes/k8s-nvidia-cuda.bats +++ b/tests/integration/kubernetes/k8s-nvidia-cuda.bats @@ -29,14 +29,6 @@ setup() { envsubst < "${pod_yaml_in}" > "${pod_yaml}" - if [ "${TEE}" = "true" ]; then - kernel_params_annotation="io.katacontainers.config.hypervisor.kernel_params" - kernel_params_value="nvrc.smi.srs=1" - set_metadata_annotation "${pod_yaml}" \ - "${kernel_params_annotation}" \ - "${kernel_params_value}" - fi - policy_settings_dir="$(create_tmp_policy_settings_dir "${pod_config_dir}")" add_requests_to_policy_settings "${policy_settings_dir}" "ReadStreamRequest"