ci: run qemu-coco-dev-runtime-rs tests on arm64

Add qemu-coco-dev-runtime-rs to the arm64 k8s test matrix so that the
CoCo non-TEE configuration is exercised on aarch64 runners.

Also enable auto-generated policy for qemu-coco-dev on aarch64 (matching
the existing x86_64 behavior) and register the new job as a required
gatekeeper check.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
Made-with: Cursor

.github/cargo-deny-composite-action/cargo-deny-skeleton.yaml.in

@@ -14,7 +14,7 @@ runs:
   using: "composite"
   steps:
     - name: Install Rust
-      uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0.6
+      uses: actions-rs/toolchain@v1
       with:
         profile: minimal
         toolchain: nightly

.github/workflows/build-kata-static-tarball-arm64.yaml

@@ -43,6 +43,7 @@ jobs:
           - agent
           - busybox
           - cloud-hypervisor
+          - coco-guest-components
           - firecracker
           - kernel
           - kernel-debug
@@ -51,6 +52,7 @@ jobs:
           - kernel-cca-confidential
           - nydus
           - ovmf
+          - pause-image
           - qemu
           - virtiofsd
     env:
@@ -151,6 +153,7 @@ jobs:
       matrix:
         asset:
           - rootfs-image
+          - rootfs-image-confidential
           - rootfs-image-nvidia-gpu
           - rootfs-initrd
     steps:
@@ -216,7 +219,9 @@ jobs:
       matrix:
         asset:
           - busybox
+          - coco-guest-components
           - kernel-nvidia-gpu-modules
+          - pause-image
     steps:
       - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0
         with:
@@ -288,6 +293,7 @@ jobs:
           ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
           TARGET_BRANCH: ${{ inputs.target-branch }}
           RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
+          MEASURED_ROOTFS: yes
 
       - name: store-artifact shim-v2
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
@@ -297,6 +303,116 @@ jobs:
           retention-days: 15
           if-no-files-found: error
 
+  build-tools-asset:
+    name: build-tools-asset
+    runs-on: ubuntu-24.04-arm
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        asset:
+          - agent-ctl
+          - genpolicy
+          - kata-ctl
+          - kata-manager
+          - trace-forwarder
+        stage:
+          - ${{ inputs.stage }}
+    steps:
+      - name: Login to Kata Containers quay.io
+        if: ${{ inputs.push-to-registry == 'yes' }}
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          registry: quay.io
+          username: ${{ vars.QUAY_DEPLOYER_USERNAME }}
+          password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
+
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ inputs.commit-hash }}
+          fetch-depth: 0 # This is needed in order to keep the commit ids history
+          persist-credentials: false
+
+      - name: Rebase atop of the latest target branch
+        run: |
+          ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
+        env:
+          TARGET_BRANCH: ${{ inputs.target-branch }}
+
+      - name: Build ${{ matrix.asset }}
+        id: build
+        run: |
+          make "${KATA_ASSET}-tarball"
+          build_dir=$(readlink -f build)
+          # store-artifact does not work with symlink
+          mkdir -p kata-tools-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-tools-build/.
+        env:
+          KATA_ASSET: ${{ matrix.asset }}
+          TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
+          PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }}
+          ARTEFACT_REGISTRY: ghcr.io
+          ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }}
+          ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+          TARGET_BRANCH: ${{ inputs.target-branch }}
+          RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
+
+      - name: store-artifact ${{ matrix.asset }}
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: kata-tools-artifacts-arm64-${{ matrix.asset }}${{ inputs.tarball-suffix }}
+          path: kata-tools-build/kata-static-${{ matrix.asset }}.tar.zst
+          retention-days: 15
+          if-no-files-found: error
+
+  create-kata-tools-tarball:
+    name: create-kata-tools-tarball
+    runs-on: ubuntu-24.04-arm
+    needs: [build-tools-asset]
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ inputs.commit-hash }}
+          fetch-depth: 0
+          fetch-tags: true
+          persist-credentials: false
+      - name: Rebase atop of the latest target branch
+        run: |
+          ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
+        env:
+          TARGET_BRANCH: ${{ inputs.target-branch }}
+      - name: get-artifacts
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          pattern: kata-tools-artifacts-arm64-*${{ inputs.tarball-suffix }}
+          path: kata-tools-artifacts
+          merge-multiple: true
+      - name: merge-artifacts
+        run: |
+          ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-tools-artifacts versions.yaml kata-tools-static.tar.zst
+        env:
+          RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }}
+      - name: Check kata-tools tarball size (GitHub release asset limit)
+        run: |
+          # https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases#storage-and-bandwidth-quotas
+          GITHUB_ASSET_MAX_BYTES=2147483648
+          tarball_size=$(stat -c "%s" kata-tools-static.tar.zst)
+          if [[ "${tarball_size}" -ge "${GITHUB_ASSET_MAX_BYTES}" ]]; then
+            echo "::error::tarball size (${tarball_size} bytes) >= GitHub release asset limit (${GITHUB_ASSET_MAX_BYTES} bytes)"
+            exit 1
+          fi
+          echo "tarball size: ${tarball_size} bytes"
+      - name: store-artifacts
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: kata-tools-static-tarball-arm64${{ inputs.tarball-suffix }}
+          path: kata-tools-static.tar.zst
+          retention-days: 15
+          if-no-files-found: error
+
   create-kata-tarball:
     name: create-kata-tarball
     runs-on: ubuntu-24.04-arm

.github/workflows/ci.yaml

@@ -266,6 +266,7 @@ jobs:
     needs: publish-kata-deploy-payload-arm64
     uses: ./.github/workflows/run-k8s-tests-on-arm64.yaml
     with:
+      tarball-suffix: -${{ inputs.tag }}
       registry: ghcr.io
       repo: ${{ github.repository_owner }}/kata-deploy-ci
       tag: ${{ inputs.tag }}-arm64

.github/workflows/run-k8s-tests-on-arm64.yaml

@@ -21,6 +21,9 @@ on:
         required: false
         type: string
         default: ""
+      tarball-suffix:
+        required: false
+        type: string
 
 permissions: {}
 
@@ -32,6 +35,7 @@ jobs:
       matrix:
         vmm:
           - qemu
+          - qemu-coco-dev-runtime-rs
           - qemu-runtime-rs
         k8s:
           - kubeadm
@@ -58,6 +62,17 @@ jobs:
         env:
           TARGET_BRANCH: ${{ inputs.target-branch }}
 
+      - name: get-kata-tools-tarball
+        if: ${{ startsWith(matrix.vmm, 'qemu-coco-dev') }}
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          name: kata-tools-static-tarball-arm64${{ inputs.tarball-suffix }}
+          path: kata-tools-artifacts
+
+      - name: Install kata-tools
+        if: ${{ startsWith(matrix.vmm, 'qemu-coco-dev') }}
+        run: bash tests/integration/kubernetes/gha-run.sh install-kata-tools kata-tools-artifacts
+
       - name: Deploy Kata
         timeout-minutes: 20
         run: bash tests/integration/kubernetes/gha-run.sh deploy-kata

docs/helm-configuration.md

@@ -108,8 +108,8 @@ Includes:
 - `qemu-se` - IBM Secure Execution for Linux (SEL) (s390x)
 - `qemu-se-runtime-rs` - IBM Secure Execution for Linux (SEL) Rust runtime (s390x)
 - `qemu-cca` - Arm Confidential Compute Architecture (arm64)
-- `qemu-coco-dev` - Confidential Containers development (amd64, s390x)
-- `qemu-coco-dev-runtime-rs` - Confidential Containers development Rust runtime (amd64, s390x)
+- `qemu-coco-dev` - Confidential Containers development (amd64, arm64, s390x)
+- `qemu-coco-dev-runtime-rs` - Confidential Containers development Rust runtime (amd64, arm64, s390x)
 
 ### [`try-kata-nvidia-gpu.values.yaml`](https://github.com/kata-containers/kata-containers/blob/main/tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-nvidia-gpu.values.yaml)
 

docs/use-cases/NVIDIA-GPU-passthrough-and-Kata-QEMU.md

@@ -227,7 +227,7 @@ Kata's non-TEE and TEE GPU workload deployment scenarios for your Kubernetes
 nodes. We provide guidance based on the upstream Kata CI procedures for the
 NVIDIA GPU CI validation jobs. Note that, this setup:
 
-- uses the nydus snapshotter to pull container image layers in the guest
+- uses the guest image pull method to pull container image layers
 - uses the genpolicy tool to attach Kata agent security policies to the pod
   manifest
 - has dedicated (composite) attestation tests, a CUDA vectorAdd test, and a
@@ -250,17 +250,6 @@ Service NRAS
 - container image signature verification and encrypted container images
 - ephemeral container data and image layer storage
 
-For the use of these features, we refer to separate documentation in the
-kata-containers and confidential-containers documentation resources.
-For example, see a
-[list of features](https://confidentialcontainers.org/docs/features/) along
-with their documentation in the confidential-containers documentation.
-
-> **Note:**
->
-> Image signature verification for signed multi-arch images is currently not
-> supported.
-
 ### Requirements
 
 The requirements for the TEE scenario are:
@@ -283,8 +272,8 @@ selecting proper hardware and on properly configuring its firmware and OS.
 #### Containerd and Kubernetes
 
 First, set up your Kubernetes cluster. For instance, in Kata CI, our NVIDIA
-jobs use a single-node vanilla Kubernetes cluster with containerd v2.2
-and Kata's current supported Kubernetes version. This cluster is
+jobs use a single-node vanilla Kubernetes cluster with a 2.1 containerd
+version and Kata's current supported Kubernetes version. This cluster is
 being set up using the `deploy_k8s` function from the script file
 `tests/integration/kubernetes/gha-run.sh`. If you intend to run this script,
 follow these steps, and make sure you have `yq` and `helm` installed. Note
@@ -295,7 +284,7 @@ You can execute the function as follows:
 $ export GH_TOKEN="<your-gh-pat>"
 $ export KUBERNETES="vanilla"
 $ export CONTAINER_ENGINE="containerd"
-$ export CONTAINER_ENGINE_VERSION="v2.2"
+$ export CONTAINER_ENGINE_VERSION="v2.1"
 $ source tests/gha-run-k8s-common.sh
 $ deploy_k8s
 ```
@@ -311,13 +300,6 @@ $ deploy_k8s
 > `create_container_timeout` of 1200s, which is the equivalent value on shim
 > side, controlling the time the shim allows for a container to remain in
 > *container creating* state.
-> If you need a timeout of more than 1200s, you will also need to adjust the
-> agent's `image_pull_timeout`, which in turn sets the confidential data
-> hub's image pull API timeout in seconds. For this, add the
-> `agent.image_pull_timeout=<seconds>` kernel parameter to your shim
-> configuration's `kernel_params` field, or pass the parameter explicitly
-> via the `io.katacontainers.config.hypervisor.kernel_params: "..."` pod
-> annotation. The default value for this timeout is 1200s.
 
 > **Note:**
 >
@@ -374,7 +356,7 @@ $ helm install --wait --generate-name \
 
 Install the latest Kata Containers helm chart, similar to
 [existing documentation](https://github.com/kata-containers/kata-containers/blob/main/tools/packaging/kata-deploy/helm-chart/README.md)
-(minimum version: `3.29.0`).
+(minimum version: `3.24.0`).
 
 ```bash
 $ export VERSION=$(curl -sSL https://api.github.com/repos/kata-containers/kata-containers/releases/latest | jq .tag_name | tr -d '"')
@@ -389,13 +371,6 @@ $ helm install kata-deploy \
     "${CHART}" --version "${VERSION}"
 ```
 
-> **Note:**
->
-> For node lifecycle management, see the
-> [lifecycle-manager](https://github.com/kata-containers/lifecycle-manager)
-> repository which enables Argo Workflows-based lifecycle management for your
-> node's Kata deployments.
-
 #### Trustee's KBS for remote attestation
 
 For our Kata CI runners we use Trustee's KBS for composite attestation for
@@ -591,21 +566,21 @@ With GPU passthrough being supported by the
 you can use the tool to create a Kata agent security policy. Our CI deploys
 all sample pod manifests with a Kata agent security policy.
 
-Note that, in Kata CI, we use snippets such as the following to modify the
-genpolicy default settings:
+Note that, using containerd 2.1 in upstream's CI, we use the following
+modification to the genpolicy default settings:
 ```bash
 [
   {
     "op": "replace",
     "path": "/kata_config/oci_version",
-    "value": "1.3.0"
+    "value": "1.2.1"
   }
 ]
 ```
 This modification is applied via the genpolicy drop-in configuration file
-`src/tools/genpolicy/drop-in-examples/20-oci-1.3.0-drop-in.json`.
-When using a newer (or older) containerd version, the OCI version field
-may need to be adjusted accordingly.
+`src\tools\genpolicy\drop-in-examples\20-oci-1.2.1-drop-in.json`.
+When using a newer containerd version, such as containerd 2.2, the OCI
+version field needs to be adjusted to "1.3.0", for instance.
 
 #### Deploy pods using your own containers and manifests
 

src/runtime/Makefile

@@ -495,9 +495,6 @@ ifneq (,$(QEMUCMD))
     KERNELPARAMS_NV += "pci=nocrs"
     KERNELPARAMS_NV += "pci=assign-busses"
 
-    KERNELPARAMS_CONFIDENTIAL_NV = $(KERNELPARAMS_NV)
-    KERNELPARAMS_CONFIDENTIAL_NV += "nvrc.smi.srs=1"
-
     # Setting this to false can lead to cgroup leakages in the host
     # Best practice for production is to set this to true
     DEFSANDBOXCGROUPONLY_NV = true
@@ -670,7 +667,6 @@ USER_VARS += DEFAULTMEMORY_NV
 USER_VARS += DEFAULTVFIOPORT_NV
 USER_VARS += DEFAULTPCIEROOTPORT_NV
 USER_VARS += KERNELPARAMS_NV
-USER_VARS += KERNELPARAMS_CONFIDENTIAL_NV
 USER_VARS += KERNELVERITYPARAMS_NV
 USER_VARS += KERNELVERITYPARAMS_CONFIDENTIAL_NV
 USER_VARS += DEFAULTTIMEOUT_NV

src/runtime/config/configuration-qemu-nvidia-gpu-snp.toml.in

@@ -90,7 +90,7 @@ snp_guest_policy = 196608
 # may stop the virtual machine from booting.
 # To see the list of default parameters, enable hypervisor debug, create a
 # container and look for 'default-kernel-parameters' log entries.
-kernel_params = "@KERNELPARAMS_CONFIDENTIAL_NV@"
+kernel_params = "@KERNELPARAMS_NV@"
 
 # Optional dm-verity parameters (comma-separated key=value list):
 # root_hash=...,salt=...,data_blocks=...,data_block_size=...,hash_block_size=...

src/runtime/config/configuration-qemu-nvidia-gpu-tdx.toml.in

@@ -67,7 +67,7 @@ valid_hypervisor_paths = @QEMUTDXEXPERIMENTALVALIDHYPERVISORPATHS@
 # may stop the virtual machine from booting.
 # To see the list of default parameters, enable hypervisor debug, create a
 # container and look for 'default-kernel-parameters' log entries.
-kernel_params = "@KERNELPARAMS_CONFIDENTIAL_NV@"
+kernel_params = "@KERNELPARAMS_NV@"
 
 # Optional dm-verity parameters (comma-separated key=value list):
 # root_hash=...,salt=...,data_blocks=...,data_block_size=...,hash_block_size=...

tests/gha-run-k8s-common.sh

@@ -715,7 +715,7 @@ function helm_helper() {
 						;;
 					qemu-coco-dev|qemu-coco-dev-runtime-rs)
 						yq -i ".shims.${shim}.enabled = true" "${values_yaml}"
-						yq -i ".shims.${shim}.supportedArches = [\"amd64\", \"s390x\"]" "${values_yaml}"
+						yq -i ".shims.${shim}.supportedArches = [\"amd64\", \"arm64\", \"s390x\"]" "${values_yaml}"
 						;;
 					qemu-nvidia-gpu)
 						yq -i ".shims.${shim}.enabled = true" "${values_yaml}"

tests/integration/kubernetes/confidential_kbs.sh

@@ -45,7 +45,7 @@ kbs_set_allow_all_resources() {
 
 kbs_set_default_policy() {
 	kbs_set_resources_policy \
-		"${COCO_KBS_DIR}/sample_policies/default.rego"
+		"${COCO_KBS_DIR}/src/policy_engine/opa/default_policy.rego"
 }
 
 # Set "deny all" policy to resources.

tests/integration/kubernetes/gha-run.sh

@@ -493,7 +493,7 @@ function main() {
 		if [[ "${KATA_HOST_OS}" = "cbl-mariner" ]]; then
 			AUTO_GENERATE_POLICY="yes"
 		elif [[ "${KATA_HYPERVISOR}" = qemu-coco-dev* && \
-		        "${TARGET_ARCH}" = "x86_64" && \
+		        ( "${TARGET_ARCH}" = "x86_64" || "${TARGET_ARCH}" = "aarch64" ) && \
 		        "${PULL_TYPE}" != "experimental-force-guest-pull" ]]; then
 			AUTO_GENERATE_POLICY="yes"
 		elif [[ "${KATA_HYPERVISOR}" = qemu-nvidia-gpu-* ]]; then

tests/integration/kubernetes/k8s-exec.bats

@@ -69,11 +69,11 @@ EOF"
 
 	## Cases for target container
 	### First container
-	container_name=$(kubectl exec $pod_name -c $first_container_name -- $env_command | grep CONTAINER_NAME | tr -d '\r')
+	container_name=$(kubectl exec $pod_name -c $first_container_name -- $env_command | grep CONTAINER_NAME)
 	[ "$container_name" == "CONTAINER_NAME=$first_container_name" ]
 
 	### Second container
-	container_name=$(kubectl exec $pod_name -c $second_container_name -- $env_command | grep CONTAINER_NAME | tr -d '\r')
+	container_name=$(kubectl exec $pod_name -c $second_container_name -- $env_command | grep CONTAINER_NAME)
 	[ "$container_name" == "CONTAINER_NAME=$second_container_name" ]
 
 }

tests/integration/kubernetes/k8s-nvidia-cuda.bats

@@ -29,6 +29,14 @@ setup() {
 
     envsubst < "${pod_yaml_in}" > "${pod_yaml}"
 
+    if [ "${TEE}" = "true" ]; then
+        kernel_params_annotation="io.katacontainers.config.hypervisor.kernel_params"
+        kernel_params_value="nvrc.smi.srs=1"
+        set_metadata_annotation "${pod_yaml}" \
+            "${kernel_params_annotation}" \
+            "${kernel_params_value}"
+    fi
+
     policy_settings_dir="$(create_tmp_policy_settings_dir "${pod_config_dir}")"
     add_requests_to_policy_settings "${policy_settings_dir}" "ReadStreamRequest"
 

tests/integration/kubernetes/k8s-pid-ns.bats

@@ -35,16 +35,15 @@ setup() {
 	kubectl wait --for=condition=Ready --timeout=$timeout pod $pod_name
 
 	# Check PID from first container
-	# Strip \r — containers with tty: true return \r\n line endings
 	first_pid_container=$(kubectl exec $pod_name -c $first_container_name \
-		-- $ps_command | grep "/pause" | tr -d '\r')
+		-- $ps_command | grep "/pause")
 	# Verify that is not empty
 	check_first_pid=$(echo $first_pid_container | wc -l)
 	[ "$check_first_pid" == "1" ]
 
 	# Check PID from second container
 	second_pid_container=$(kubectl exec $pod_name -c $second_container_name \
-		-- $ps_command | grep "/pause" | tr -d '\r')
+		-- $ps_command | grep "/pause")
 	# Verify that is not empty
 	check_second_pid=$(echo $second_pid_container | wc -l)
 	[ "$check_second_pid" == "1" ]

tools/osbuilder/rootfs-builder/nvidia/nvidia_chroot.sh

@@ -68,12 +68,12 @@ install_userspace_components() {
 		libnvidia-decode libnvidia-fbc1 libnvidia-encode \
 		libnvidia-nscq libnvidia-compute nvidia-settings
 
-	# Needed for confidential-data-hub and NVAT runtime dependencies
+	# Needed for confidential-data-hub runtime dependencies
 	eval "${APT_INSTALL}" cryptsetup-bin dmsetup         \
-		libargon2-1 e2fsprogs libxml2
+		libargon2-1 e2fsprogs
 
 	apt-mark hold cryptsetup-bin dmsetup libargon2-1     \
-		e2fsprogs libxml2
+		e2fsprogs
 }
 
 setup_apt_repositories() {

tools/osbuilder/rootfs-builder/nvidia/nvidia_rootfs.sh

@@ -224,26 +224,6 @@ chisseled_gpudirect() {
 	exit 1
 }
 
-chisseled_nvat() {
-	if [[ "${type}" != "confidential" ]]; then
-                return
-	fi
-
-	echo "nvidia: chisseling NVAT"
-
-	local libdir="lib/${machine_arch}-linux-gnu"
-
-	# NVAT shared library (bundled via coco-guest-components tarball)
-	cp -a "${stage_one}"/usr/local/lib/libnvat.so* "${libdir}"/.
-
-	# NVAT runtime dependencies (per ldd on attestation-agent)
-	cp -a "${stage_one}/${libdir}"/libxml2.so.2*     "${libdir}"/.
-	cp -a "${stage_one}/${libdir}"/libstdc++.so.6*   "${libdir}"/.
-	cp -a "${stage_one}/${libdir}"/liblzma.so.5*     "${libdir}"/.
-	cp -a "${stage_one}/${libdir}"/libicuuc.so.*     "${libdir}"/.
-	cp -a "${stage_one}/${libdir}"/libicudata.so.*   "${libdir}"/.
-}
-
 setup_nvrc_init_symlinks() {
 	local nvrc="NVRC-${machine_arch}-unknown-linux-musl"
 	# make sure NVRC is the init process for the initrd and image case
@@ -378,7 +358,7 @@ coco_guest_components() {
 	local -r pause_dir="pause_bundle"
 
 	mkdir -p "${coco_bin_dir}"
-	cp -a "${stage_one}/${coco_bin_dir}"/attestation-agent-nv  "${coco_bin_dir}/attestation-agent"
+	cp -a "${stage_one}/${coco_bin_dir}"/attestation-agent     "${coco_bin_dir}/."
 	cp -a "${stage_one}/${coco_bin_dir}"/api-server-rest       "${coco_bin_dir}/."
 	cp -a "${stage_one}/${coco_bin_dir}"/confidential-data-hub "${coco_bin_dir}/."
 
@@ -438,7 +418,6 @@ setup_nvidia_gpu_rootfs_stage_two() {
 		done
 
 		coco_guest_components
-		chisseled_nvat
 	fi
 
 	compress_rootfs

tools/packaging/kata-deploy/binary/src/config.rs

@@ -724,7 +724,7 @@ fn parse_custom_runtimes() -> Result<Vec<CustomRuntime>> {
 fn get_default_shims_for_arch(arch: &str) -> &'static str {
     match arch {
         "x86_64" => "clh cloud-hypervisor dragonball fc qemu qemu-coco-dev qemu-coco-dev-runtime-rs qemu-runtime-rs qemu-nvidia-gpu qemu-nvidia-gpu-snp qemu-nvidia-gpu-tdx qemu-snp qemu-snp-runtime-rs qemu-tdx qemu-tdx-runtime-rs",
-        "aarch64" => "clh cloud-hypervisor dragonball fc qemu qemu-runtime-rs qemu-nvidia-gpu qemu-cca",
+        "aarch64" => "clh cloud-hypervisor dragonball fc qemu qemu-coco-dev qemu-coco-dev-runtime-rs qemu-runtime-rs qemu-nvidia-gpu qemu-cca",
         "s390x" => "qemu qemu-runtime-rs qemu-se qemu-se-runtime-rs qemu-coco-dev qemu-coco-dev-runtime-rs",
         "ppc64le" => "qemu",
         _ => "qemu", // Fallback to qemu for unknown architectures

tools/packaging/kata-deploy/helm-chart/kata-deploy/try-kata-tee.values.yaml

@@ -120,6 +120,7 @@ shims:
     enabled: true
     supportedArches:
       - amd64
+      - arm64
       - s390x
     allowedHypervisorAnnotations: []
     containerd:
@@ -135,6 +136,7 @@ shims:
     enabled: true
     supportedArches:
       - amd64
+      - arm64
       - s390x
     allowedHypervisorAnnotations: []
     containerd:

tools/packaging/kata-deploy/helm-chart/kata-deploy/values.yaml

@@ -295,6 +295,7 @@ shims:
     enabled: ~
     supportedArches:
       - amd64
+      - arm64
       - s390x
     allowedHypervisorAnnotations: []
     containerd:
@@ -310,6 +311,7 @@ shims:
     enabled: ~
     supportedArches:
       - amd64
+      - arm64
       - s390x
     allowedHypervisorAnnotations: []
     containerd:

tools/packaging/kata-deploy/local-build/Makefile

@@ -60,6 +60,7 @@ BASE_TARBALLS = serial-targets \
 	shim-v2-tarball \
 	virtiofsd-tarball
 BASE_SERIAL_TARBALLS = rootfs-image-tarball \
+	rootfs-image-confidential-tarball \
 	rootfs-cca-confidential-image-tarball \
 	rootfs-cca-confidential-initrd-tarball \
 	rootfs-initrd-tarball

tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh

@@ -705,6 +705,11 @@ install_kernel() {
 			export MEASURED_ROOTFS="no"
 			extra_cmd="-x"
 			;;
+		aarch64)
+			export CONFIDENTIAL_GUEST="yes"
+			export MEASURED_ROOTFS="yes"
+			extra_cmd="-x"
+			;;
 		x86_64)
 			export CONFIDENTIAL_GUEST="yes"
 			export MEASURED_ROOTFS="yes"

tools/packaging/kernel/build-kernel.sh

@@ -578,8 +578,11 @@ install_kata() {
 	if [[ ${gpu_vendor} != "" ]]; then
 		suffix="-${gpu_vendor}-gpu${suffix}"
 	elif [[ ${conf_guest} != "" ]]; then
-		# CCA on aarch64 uses -confidential suffix; x86_64/s390x unified kernel does not
-		if [[ "${arch_target}" == "aarch64" ]]; then
+		# CCA kernel on aarch64 needs a -confidential suffix to coexist
+		# with the unified kernel; the regular kernel with -x does not
+		# get the suffix (matching x86_64/s390x unified kernel behavior).
+		# CCA builds are identified by -H (linux_headers) being set.
+		if [[ "${arch_target}" == "aarch64" ]] && [[ -n "${linux_headers}" ]]; then
 			suffix="-${conf_guest}${suffix}"
 		fi
 	fi

tools/packaging/static-build/coco-guest-components/Dockerfile

@@ -14,7 +14,7 @@ ENV PATH="/opt/cargo/bin/:${PATH}"
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-RUN mkdir ${RUSTUP_HOME} ${CARGO_HOME}
+RUN mkdir ${RUSTUP_HOME} ${CARGO_HOME} && chmod -R a+rwX ${RUSTUP_HOME} ${CARGO_HOME}
 
 RUN apt-get update && \
 	apt-get --no-install-recommends install -y \
@@ -38,18 +38,6 @@ RUN apt-get update && \
 	apt-get clean && rm -rf /var/lib/apt/lists/ && \
 	curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain ${RUST_TOOLCHAIN}
 
-ARG NVAT_VERSION
-RUN if [ "$(uname -m)" = "x86_64" ] && [ -n "${NVAT_VERSION}" ]; then \
-	apt-get update && apt-get --no-install-recommends install -y \
-	build-essential libxml2-dev zlib1g-dev && \
-	tmpdir=$(mktemp -d) && pushd "$tmpdir" && \
-	git clone https://github.com/NVIDIA/attestation-sdk && \
-	pushd attestation-sdk && git fetch --depth=1 origin "${NVAT_VERSION}" && \
-	git checkout FETCH_HEAD && pushd nv-attestation-sdk-cpp && cmake . && make install && \
-	mkdir -p /usr/include && ln -sf /usr/local/include/nvat.h /usr/include/nvat.h && ldconfig && \
-	popd && popd && popd && rm -rf "$tmpdir" && \
-	apt-get clean && rm -rf /var/lib/apt/lists/; fi
-
 ENV LIBC="gnu"
 RUN ARCH=$(uname -m); \
 	rust_arch=""; \
@@ -62,5 +50,3 @@ RUN ARCH=$(uname -m); \
     	esac; \
     	echo "RUST_ARCH=${rust_arch}" > /etc/profile.d/rust.sh; \
 	rustup target add "${rust_arch}-unknown-linux-${LIBC}"
-
-RUN chmod -R a+rwX ${RUSTUP_HOME} ${CARGO_HOME}

tools/packaging/static-build/coco-guest-components/build-static-coco-guest-components.sh

@@ -35,22 +35,6 @@ build_coco_guest_components_from_source() {
 	DESTDIR="${DESTDIR}/usr/local/bin" TEE_PLATFORM=${TEE_PLATFORM} make install
 
 	install -D -m0644 "confidential-data-hub/hub/src/image/ocicrypt_config.json" "${DESTDIR}/etc/ocicrypt_config.json"
-
-	if [ -n "${NV_ATTESTER:-}" ]; then
-		echo "build attestation-agent-nv with nvidia-attester support"
-
-		rm "target/${RUST_ARCH}-unknown-linux-${LIBC}/release/attestation-agent"
-
-		ATTESTER="${NV_ATTESTER}" NVAT_USE_SYSTEM_LIB=1 RUSTFLAGS="-L /usr/local/lib" \
-			DESTDIR="${DESTDIR}/usr/local/bin" TEE_PLATFORM=${TEE_PLATFORM} make build
-		strip "target/${RUST_ARCH}-unknown-linux-${LIBC}/release/attestation-agent"
-		install -D -m0755 "target/${RUST_ARCH}-unknown-linux-${LIBC}/release/attestation-agent" \
-			"${DESTDIR}/usr/local/bin/attestation-agent-nv"
-
-		mkdir -p "${DESTDIR}/usr/local/lib"
-		cp -a /usr/local/lib/libnvat.so* "${DESTDIR}/usr/local/lib/"
-	fi
-
 	popd
 }
 

tools/packaging/static-build/coco-guest-components/build.sh

@@ -28,16 +28,12 @@ package_output_dir="${package_output_dir:-}"
 [ -n "${coco_guest_components_version}" ] || die "Failed to get coco-guest-components version or commit"
 [ -n "${coco_guest_components_toolchain}" ] || die "Failed to get the rust toolchain to build coco-guest-components"
 
-nvat_version="${nvat_version:-}"
-[ -n "${nvat_version}" ] || nvat_version=$(get_from_kata_deps ".externals.nvidia.nvat.version" 2>/dev/null || true)
-
 container_image="${COCO_GUEST_COMPONENTS_CONTAINER_BUILDER:-$(get_coco_guest_components_image_name)}"
 [ "${CROSS_BUILD}" == "true" ] && container_image="${container_image}-cross-build"
 
 docker pull ${container_image} || \
 	(docker $BUILDX build $PLATFORM \
 	    	--build-arg RUST_TOOLCHAIN="${coco_guest_components_toolchain}" \
-		--build-arg NVAT_VERSION="${nvat_version}" \
 		-t "${container_image}" "${script_dir}" && \
 	 # No-op unless PUSH_TO_REGISTRY is exported as "yes"
 	 push_to_registry "${container_image}")
@@ -48,8 +44,7 @@ RESOURCE_PROVIDER="kbs,sev"
 # snp-attester and tdx-attester crates require packages only available on x86
 # se-attester crate requires packages only available on s390x
 case "$(uname -m)" in
-	x86_64) ATTESTER="snp-attester,tdx-attester"
-		NV_ATTESTER="snp-attester,tdx-attester,nvidia-attester" ;;
+	x86_64) ATTESTER="snp-attester,tdx-attester,nvidia-attester" ;;
 	s390x) ATTESTER="se-attester" ;;
 	aarch64) ATTESTER="cca-attester" ;;
 	*) ATTESTER="none" ;;
@@ -61,7 +56,6 @@ docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	--env TEE_PLATFORM=${TEE_PLATFORM:+"all"} \
 	--env RESOURCE_PROVIDER=${RESOURCE_PROVIDER:-} \
 	--env ATTESTER=${ATTESTER:-} \
-	--env NV_ATTESTER=${NV_ATTESTER:-} \
 	--env coco_guest_components_repo="${coco_guest_components_repo}" \
 	--env coco_guest_components_version="${coco_guest_components_version}" \
 	--user "$(id -u)":"$(id -g)" \

tools/packaging/static-build/tools/Dockerfile

@@ -61,10 +61,21 @@ RUN ARCH=$(uname -m) && \
     rm /tmp/oras.tar.gz && \
     oras version
 
-# Tools only build for x86_64
-RUN rustup target add x86_64-unknown-linux-musl
+RUN ARCH=$(uname -m) && \
+    case "${ARCH}" in \
+        x86_64) MUSL_TARGET="x86_64-unknown-linux-musl" ;; \
+        aarch64) MUSL_TARGET="aarch64-unknown-linux-musl" ;; \
+        *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; \
+    esac && \
+    rustup target add "${MUSL_TARGET}"
 
-RUN kernelname=$(uname -s | tr '[:upper:]' '[:lower:]'); \
-    curl -fsSOL "https://go.dev/dl/go${GO_TOOLCHAIN}.${kernelname}-amd64.tar.gz" && \
-    tar -C "${GO_HOME}" -xzf "go${GO_TOOLCHAIN}.${kernelname}-amd64.tar.gz" && \
-    rm "go${GO_TOOLCHAIN}.${kernelname}-amd64.tar.gz"
+RUN ARCH=$(uname -m) && \
+    case "${ARCH}" in \
+        x86_64) GO_ARCH="amd64" ;; \
+        aarch64) GO_ARCH="arm64" ;; \
+        *) echo "Unsupported architecture: ${ARCH}" && exit 1 ;; \
+    esac && \
+    kernelname=$(uname -s | tr '[:upper:]' '[:lower:]') && \
+    curl -fsSOL "https://go.dev/dl/go${GO_TOOLCHAIN}.${kernelname}-${GO_ARCH}.tar.gz" && \
+    tar -C "${GO_HOME}" -xzf "go${GO_TOOLCHAIN}.${kernelname}-${GO_ARCH}.tar.gz" && \
+    rm "go${GO_TOOLCHAIN}.${kernelname}-${GO_ARCH}.tar.gz"

tools/testing/gatekeeper/required-tests.yaml

@@ -78,6 +78,7 @@ mapping:
       - Kata Containers CI / kata-containers-ci-on-push / run-cri-containerd-amd64 (lts, qemu) / run-cri-containerd-amd64 (lts, qemu)
       - Kata Containers CI / kata-containers-ci-on-push / run-cri-containerd-s390x (active, qemu) / run-cri-containerd-s390x (active, qemu)
       - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-arm64 / run-k8s-tests-on-arm64 (qemu, kubeadm)
+      - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-arm64 / run-k8s-tests-on-arm64 (qemu-coco-dev-runtime-rs, kubeadm)
       - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-aks / run-k8s-tests (cbl-mariner, clh, normal)
       - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-aks / run-k8s-tests (cbl-mariner, clh, small, containerd)
       - Kata Containers CI / kata-containers-ci-on-push / run-k8s-tests-on-aks / run-k8s-tests (cbl-mariner, clh, small, oci-distribution)

versions.yaml

@@ -269,10 +269,6 @@ externals:
     ctk:
       version: "1.18.1-1"
       url: "https://github.com/NVIDIA/nvidia-container-toolkit"
-    nvat:
-      desc: "NVIDIA Attestation SDK"
-      version: "2026.03.02"
-      url: "https://github.com/NVIDIA/attestation-sdk"
 
   busybox:
     desc: "The Swiss Army Knife of Embedded Linux"
@@ -292,18 +288,18 @@ externals:
   coco-guest-components:
     description: "Provides attested key unwrapping for image decryption"
     url: "https://github.com/confidential-containers/guest-components/"
-    version: "30b552e7841b10e656fa28cf643ed25b9d45e33f"
+    version: "ab95914ac84c32a43102463cc0ae330710af47be"
     toolchain: "1.90.0"
 
   coco-trustee:
     description: "Provides attestation and secret delivery components"
     url: "https://github.com/confidential-containers/trustee"
-    version: "22788122660d6e9be3e4bf52704282de5fcc0a2a"
+    version: "f5cb8fc1b51b652fc24e2d6b8742cf417805352e"
     # image / ita_image and image_tag / ita_image_tag must be in sync
     image: "ghcr.io/confidential-containers/staged-images/kbs"
-    image_tag: "22788122660d6e9be3e4bf52704282de5fcc0a2a"
+    image_tag: "f5cb8fc1b51b652fc24e2d6b8742cf417805352e"
     ita_image: "ghcr.io/confidential-containers/staged-images/kbs-ita-as"
-    ita_image_tag: "22788122660d6e9be3e4bf52704282de5fcc0a2a-x86_64"
+    ita_image_tag: "f5cb8fc1b51b652fc24e2d6b8742cf417805352e-x86_64"
     toolchain: "1.90.0"
 
   containerd: