From eaf440dbba21e2b3987295488dab1ffae52aca73 Mon Sep 17 00:00:00 2001 From: Alex Lyn Date: Fri, 15 Aug 2025 14:21:30 +0800 Subject: [PATCH] runtime-rs: Support initdata within NonProtection scenarios we also need support initdat within nonprotection even though the platform is detected as NonProtection or usually is called nontee host. Within these cases, there's no need to validate the item of `confidential_guest=true`, we believe the result of the method `available_guest_protection()?`. Signed-off-by: Alex Lyn --- .../crates/runtimes/virt_container/src/sandbox.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs index dfec87d3ff..ed9665f360 100644 --- a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs +++ b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs @@ -392,10 +392,6 @@ impl VirtSandbox { hypervisor_config: &HypervisorConfig, init_data: Option, ) -> Result> { - if !hypervisor_config.security_info.confidential_guest { - return Ok(None); - } - let available_protection = available_guest_protection()?; info!( sl!(), @@ -447,6 +443,7 @@ impl VirtSandbox { debug: false, }))) }, + GuestProtection::NoProtection => Ok(None), _ => Err(anyhow!("confidential_guest requested by configuration but no supported protection available")) } } @@ -470,6 +467,9 @@ impl VirtSandbox { GuestProtection::Snp(_details) => { calculate_initdata_digest(&initdata, ProtectedPlatform::Snp)? } + GuestProtection::NoProtection => { + calculate_initdata_digest(&initdata, ProtectedPlatform::NoProtection)? + } // TODO: there's more `GuestProtection` types to be supported. _ => return Ok(None), };