aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2025-12-18 06:44:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

virtcontainers: define confidential guest framework

Browse Source 
Define the structure and functions needed to support confidential
guests, this commit doesn't add support for any specific technology,
support for TDX, SEV, PEF and others will be added in following
commits.

Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit is contained in:
Julio Montes
2021-05-05 09:12:36 -05:00
parent 539afba03d
commit 0affe8860d
6 changed files with 77 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/runtime/virtcontainers/qemu_arch_base.go
View File

@@ -11,6 +11,7 @@ import (
"errors"
"fmt"
"os"
"runtime"
"strconv"
"strings"
@@ -142,8 +143,33 @@ type qemuArch interface {
// append pvpanic device
appendPVPanicDevice(devices []govmmQemu.Device) ([]govmmQemu.Device, error)
// append protection device.
// This implementation is architecture specific, some archs may need
// a firmware, returns a string containing the path to the firmware that should
// be used with the -bios option, ommit -bios option if the path is empty.
appendProtectionDevice(devices []govmmQemu.Device, firmware string) ([]govmmQemu.Device, string, error)
}
// Kind of guest protection
type guestProtection uint8
const (
noneProtection guestProtection = iota
//Intel Trust Domain Extensions
//https://software.intel.com/content/www/us/en/develop/articles/intel-trust-domain-extensions.html
tdxProtection
// AMD Secure Encrypted Virtualization
// https://developer.amd.com/sev/
sevProtection
// IBM POWER 9 Protected Execution Facility
// https://www.kernel.org/doc/html/latest/powerpc/ultravisor.html
pefProtection
)
type qemuArchBase struct {
qemuMachine govmmQemu.Machine
qemuExePath string
@@ -158,6 +184,7 @@ type qemuArchBase struct {
kernelParams []Param
Bridges []types.Bridge
PFlash []string
protection guestProtection
}
const (
@@ -813,3 +840,9 @@ func (q *qemuArchBase) getPFlash() ([]string, error) {
func (q *qemuArchBase) setPFlash(p []string) {
q.PFlash = p
}
// append protection device
func (q *qemuArchBase) appendProtectionDevice(devices []govmmQemu.Device, firmware string) ([]govmmQemu.Device, string, error) {
virtLog.WithField("arch", runtime.GOARCH).Warnf("Confidential Computing has not been implemented for this architecture")
return devices, firmware, nil
}