Files
kata-containers/tests/spellcheck
Fabiano Fidêncio 84db260d9a docs: detail composable image runtime contracts in proposal
Update the composable-vm-images proposal with the design decisions we only
arrived at after experimenting with the implementation:

* Replace the hardcoded agent path-resolution table with the data-driven
  components.toml manifest (process levels, args/optional_args, env,
  wait_socket, ${...} substitution, and select/variants), keeping the agent
  generic.
* Document the attester-variant contract: NVRC exports KATA_ATTESTER_VARIANT
  and the manifest selects the stock vs NVIDIA attestation-agent.
* Document the runtime dependency requirements found during bring-up: the
  nvidia attester's LD_LIBRARY_PATH (libnvat closure in the coco addon +
  NVML in the gpu addon) and the NVML-init failure mode, plus CDH
  secure_mount tooling placement -- plain storage (mke2fs/mkfs.ext4/dd) in
  the base vs encrypted storage (cryptsetup) in the coco addon, the CDH
  PATH, and the base/addon ABI lockstep.
* Reflect the storage tooling and bundled libraries in the base/coco-addon
  build sections, and mark the GPU addon as implemented.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
Assisted-by: Cursor <cursoragent@cursor.com>
2026-06-22 20:04:25 +02:00
..