Skip to content

Support booting isolated SNP from a GuestStateFile rather than separate kernel/initrd. #1206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
anmaxvl merged 2 commits into from
Nov 2, 2021
Merged

Support booting isolated SNP from a GuestStateFile rather than separate kernel/initrd. #1206

anmaxvl merged 2 commits into from
Nov 2, 2021

Conversation

@KenGordon
Copy link
Collaborator

@KenGordon KenGordon commented Oct 22, 2021

Support booting isolated SNP from a GuestStateFile rather than separate kernel and userland (initrd.img)

Mainly this refactors the code that creates the hcs api json document into two paths. One is the previous logic that will create a kernel command line and boot the kernel and userland from individual files using the "LinuxKernelDirect" scheme. With isolation enabled this must be replaced with "GuestState/GuestStateFilePath" etc to load from a vmgs file.

There are updates and addition files in the schema2 directory to support the newer hcs API so that the existing way where an object that represents the hcs api json is built and then serialised to json can be used with isolation_setting etc.

If a SecurityPolicy annotation is present it will boot the vmgs file unless "io.microsoft.virtualmachine.lcow.no_security_hardware" is set to true. The various example pod.json files will need to be updated for use with non SNP machines.

@dummygithubaccount @KenGordon
Support booting isolated SNP from a GuestStateFile rather than separa…
4b26b8b 
…te kernel and userland (initrd.img)

Mainly this refactors the code that creates the hcs api json document into two paths. One is the previous
logic that will create a kernel command line and boot the kernel and userland from individual files using
the "LinuxKernelDirect" scheme. With isolation enabled this must be replaced with "GuestState/GuestStateFilePath"
etc to load from a vmgs file.

There are updates and addition files in the schema2 directory to support the newer hcs API so that the existing
way where an object that represents the hcs api json is built and then serialised to json can be used with
isolation_setting etc.

If a SecurityPolicy annotation is present it will boot the vmgs file unless
"io.microsoft.virtualmachine.lcow.no_security_hardware" is set to true. The various example pod.json files
will need to be updated for use with non SNP machines.

Signed-off-by: Ken Gordon <[email protected]>
@KenGordon KenGordon marked this pull request as ready for review October 22, 2021 15:34
@KenGordon KenGordon requested a review from a team as a code owner October 22, 2021 15:34
@anmaxvl
Copy link
Contributor

anmaxvl commented Oct 28, 2021

Looks like this needs to be rebased again.

@anmaxvl anmaxvl merged commit 47b6171 into microsoft:master Nov 2, 2021
anmaxvl pushed a commit to anmaxvl/hcsshim that referenced this pull request Nov 17, 2021
@ambarve
Merged PR 5361442: Update ADO to hcsshim db9908f
f584e1e 
Related work items: microsoft#1067, microsoft#1097, microsoft#1119, microsoft#1170, microsoft#1176, microsoft#1180, microsoft#1181, microsoft#1182, microsoft#1183, microsoft#1184, microsoft#1185, microsoft#1186, microsoft#1187, microsoft#1188, microsoft#1189, microsoft#1191, microsoft#1193, microsoft#1194, microsoft#1195, microsoft#1196, microsoft#1197, microsoft#1200, microsoft#1201, microsoft#1202, microsoft#1203, microsoft#1204, microsoft#1205, microsoft#1206, microsoft#1207, microsoft#1209, microsoft#1210, microsoft#1211, microsoft#1218, microsoft#1219, microsoft#1220, microsoft#1223
princepereira pushed a commit to princepereira/hcsshim that referenced this pull request Aug 29, 2024
@KenGordon
Support booting isolated SNP from a GuestStateFile rather than separa…
e121cc3 
…te kernel and userland (initrd.img) (microsoft#1206)

Mainly this refactors the code that creates the hcs api json document into two paths. One is the previous
logic that will create a kernel command line and boot the kernel and userland from individual files using
the "LinuxKernelDirect" scheme. With isolation enabled this must be replaced with "GuestState/GuestStateFilePath"
etc to load from a vmgs file.

There are updates and addition files in the schema2 directory to support the newer hcs API so that the existing
way where an object that represents the hcs api json is built and then serialised to json can be used with
isolation_setting etc.

If a SecurityPolicy annotation is present it will boot the vmgs file unless
"io.microsoft.virtualmachine.lcow.no_security_hardware" is set to true. The various example pod.json files
will need to be updated for use with non SNP machines.

Signed-off-by: Ken Gordon <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anmaxvl anmaxvl anmaxvl approved these changes

@msscotb msscotb msscotb approved these changes

Assignees

@dcantah dcantah

@msscotb msscotb

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@KenGordon @anmaxvl @msscotb @dcantah @dummygithubaccount