From de57466212e06769165bb821882ce58204ba5a5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 28 Feb 2022 11:57:42 +0100 Subject: [PATCH] config: Expand confidential_guest comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's clarify that an error will be reported in case confidential_guest is enabled, but the hardware where Kata Containers is running doesn't provide the required feature set. Fixes: #3787 Signed-off-by: Fabiano FidĂȘncio --- src/runtime/config/configuration-clh.toml.in | 3 ++- src/runtime/config/configuration-qemu.toml.in | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/runtime/config/configuration-clh.toml.in b/src/runtime/config/configuration-clh.toml.in index 5bdc2cc06..4afafaf08 100644 --- a/src/runtime/config/configuration-clh.toml.in +++ b/src/runtime/config/configuration-clh.toml.in @@ -19,7 +19,8 @@ image = "@IMAGEPATH@" # Toggling that setting may trigger different hardware features, ranging # from memory encryption to both memory and CPU-state encryption and integrity. # The Kata Containers runtime dynamically detects the available feature set and -# aims at enabling the largest possible one. +# aims at enabling the largest possible one, returning an error if none is +# available, or none is supported by the hypervisor. # # Known limitations: # * Does not work by design: diff --git a/src/runtime/config/configuration-qemu.toml.in b/src/runtime/config/configuration-qemu.toml.in index 00c5dbfff..af5c58364 100644 --- a/src/runtime/config/configuration-qemu.toml.in +++ b/src/runtime/config/configuration-qemu.toml.in @@ -20,7 +20,8 @@ machine_type = "@MACHINETYPE@" # Toggling that setting may trigger different hardware features, ranging # from memory encryption to both memory and CPU-state encryption and integrity. # The Kata Containers runtime dynamically detects the available feature set and -# aims at enabling the largest possible one. +# aims at enabling the largest possible one, returning an error if none is +# available, or none is supported by the hypervisor. # # Known limitations: # * Does not work by design: