aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2025-12-19 07:14:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

virtcontainers: Add support for Secure Execution

Browse Source 
Secure Execution is a confidential computing technology on s390x (IBM Z
& LinuxONE). Enable the correspondent virtualization technology in QEMU
(where it is referred to as "Protected Virtualization").

- Introduce enableProtection and appendProtectionDevice functions for
  QEMU s390x.
- Introduce CheckCmdline to check for "prot_virt=1" being present on the
  kernel command line.
- Introduce CPUFacilities and avilableGuestProtection for hypervisor
  s390x to check for CPU support.

Fixes: #1771

Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
This commit is contained in:
Jakob Naucke
2021-04-28 12:14:34 +02:00
parent 78f21710e3
commit c0c05c73e1
8 changed files with 292 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/runtime/virtcontainers/hypervisor_test.go
View File

@@ -401,6 +401,21 @@ func TestGetHostMemorySizeKb(t *testing.T) {
}
}
func TestCheckCmdline(t *testing.T) {
assert := assert.New(t)
cmdlineFp, err := ioutil.TempFile("", "")
assert.NoError(err)
_, err = cmdlineFp.WriteString("quiet root=/dev/sda2")
assert.NoError(err)
cmdlinePath := cmdlineFp.Name()
defer os.Remove(cmdlinePath)
assert.True(CheckCmdline(cmdlinePath, "quiet", []string{}))
assert.True(CheckCmdline(cmdlinePath, "root", []string{"/dev/sda1", "/dev/sda2"}))
assert.False(CheckCmdline(cmdlinePath, "ro", []string{}))
}
// nolint: unused, deadcode
type testNestedVMMData struct {
content []byte