virtcontainers: Support SEV

fixes #1869 Signed-off-by: Jim Cadden <jcadden@ibm.com>
2025-12-23 01:04:25 +01:00 · 2021-04-05 23:37:44 +00:00
parent 81c6e4ca9f
commit b26d5b1d08
3 changed files with 49 additions and 6 deletions
--- a/src/runtime/virtcontainers/qemu_amd64_test.go
+++ b/src/runtime/virtcontainers/qemu_amd64_test.go
@@ -12,6 +12,7 @@ import (
 	"os"
 	"testing"

+	"github.com/intel-go/cpuid"
 	govmmQemu "github.com/kata-containers/govmm/qemu"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types"
 	"github.com/stretchr/testify/assert"
@@ -300,12 +301,25 @@ func TestQemuAmd64AppendProtectionDevice(t *testing.T) {
 	assert.Empty(bios)

 	// sev protection
-	// TODO: update once it's supported
 	amd64.(*qemuAmd64).protection = sevProtection
+
 	devices, bios, err = amd64.appendProtectionDevice(devices, firmware)
-	assert.Error(err)
+	assert.NoError(err)
 	assert.Empty(bios)

+	expectedOut := []govmmQemu.Device{
+		govmmQemu.Object{
+			Type:            govmmQemu.SEVGuest,
+			ID:              "sev",
+			Debug:           false,
+			File:            firmware,
+			CBitPos:         cpuid.AMDMemEncrypt.CBitPosition,
+			ReducedPhysBits: cpuid.AMDMemEncrypt.PhysAddrReduction,
+		},
+	}
+
+	assert.Equal(expectedOut, devices)
+
 	// tdxProtection
 	amd64.(*qemuAmd64).protection = tdxProtection

@@ -313,7 +327,7 @@ func TestQemuAmd64AppendProtectionDevice(t *testing.T) {
 	assert.NoError(err)
 	assert.Empty(bios)

-	expectedOut := []govmmQemu.Device{
+	expectedOut = []govmmQemu.Device{
 		govmmQemu.Object{
 			Driver:   govmmQemu.Loader,
 			Type:     govmmQemu.TDXGuest,