From ee158ff3ad95587872c17eae36c2018f501042ed Mon Sep 17 00:00:00 2001 From: Alex Lyn Date: Fri, 15 Aug 2025 14:21:30 +0800 Subject: [PATCH] runtime-rs: Support initdata within NonProtection scenarios we also need support initdat within nonprotection even though the platform is detected as NonProtection or usually is called nontee host. Within these cases, there's no need to validate the item of `confidential_guest=true`, we believe the result of the method `available_guest_protection()?`. Signed-off-by: Alex Lyn --- .../crates/runtimes/virt_container/src/sandbox.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs index 8eb0ca3776..ddfb87411e 100644 --- a/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs +++ b/src/runtime-rs/crates/runtimes/virt_container/src/sandbox.rs @@ -392,10 +392,6 @@ impl VirtSandbox { hypervisor_config: &HypervisorConfig, init_data: Option, ) -> Result> { - if !hypervisor_config.security_info.confidential_guest { - return Ok(None); - } - let available_protection = available_guest_protection()?; info!( sl!(), @@ -447,6 +443,7 @@ impl VirtSandbox { debug: false, }))) }, + GuestProtection::NoProtection => Ok(None), _ => Err(anyhow!("confidential_guest requested by configuration but no supported protection available")) } } @@ -471,6 +468,9 @@ impl VirtSandbox { calculate_initdata_digest(&initdata, ProtectedPlatform::Snp)? } GuestProtection::Se => calculate_initdata_digest(&initdata, ProtectedPlatform::Se)?, + GuestProtection::NoProtection => { + calculate_initdata_digest(&initdata, ProtectedPlatform::NoProtection)? + } // TODO: there's more `GuestProtection` types to be supported. _ => return Ok(None), };