aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2026-01-31 04:04:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

runtime: Enable choice between AMD SEV and SNP

Browse Source 
This is based on a patch from @niteeshkd that adds a config
parameter to choose between AMD SEV and SEV-SNP VMs as the
confidential guest type in case both types are supported. SEV is
the default.

Signed-off-by: Joana Pecholt <joana.pecholt@aisec.fraunhofer.de>
This commit is contained in:
Joana Pecholt
2022-09-09 16:23:05 +02:00
parent 22bda0838c
commit ded60173d4
7 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/runtime/virtcontainers/hypervisor_linux_amd64.go
View File

@@ -29,12 +29,12 @@ func availableGuestProtection() (guestProtection, error) {
return tdxProtection, nil
}
// SEV-SNP is supported and enabled when the kvm module `sev_snp` parameter is set to `Y`
// SEV-SNP support infers SEV (-ES) support
if _, err := os.Stat(snpKvmParameterPath); err == nil {
if c, err := os.ReadFile(snpKvmParameterPath); err == nil && len(c) > 0 && (c[0] == 'Y') {
return snpProtection, nil
}
}
// Only choose SEV if SEV-SNP unsupported
// SEV is supported and enabled when the kvm module `sev` parameter is set to `1` (or `Y` for linux >= 5.12)
if _, err := os.Stat(sevKvmParameterPath); err == nil {
if c, err := os.ReadFile(sevKvmParameterPath); err == nil && len(c) > 0 && (c[0] == '1' || c[0] == 'Y') {