mirror of
https://github.com/aljazceru/kata-containers.git
synced 2026-01-02 14:04:22 +01:00
b0a3293d53
Allow Cloud Hypervisor to create a confidential guest (a TD or "Trust Domain") rather than a VM (Virtual Machine) on Intel systems that provide TDX functionality. > **Notes:** > > - At least currently, when built with the `tdx` feature, Cloud Hypervisor > cannot create a standard VM on a TDX capable system: it can only create > a TD. This implies that on TDX capable systems, the Kata Configuration > option `confidential_guest=` must be set to `true`. If it is not, Kata > will detect this and display the following error: > > ``` > TDX guest protection available and must be used with Cloud Hypervisor (set 'confidential_guest=true') > ``` > > - This change expands the scope of the protection code, changing > Intel TDX specific booleans to more generic "available guest protection" > code that could be "none" or "TDX", or some other form of guest > protection. Fixes: #6448. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>