Arron Wang

CCv0: Add cryptsetup support in Guest kernel and rootfs

4

Add required kernel config for dm-crypt/dm-integrity/dm-verity and related crypto config. Add userspace command line tools for disk encryption support and ext4 file system utilities. Fixes: #4761 Signed-off-by: Arron Wang

CCv0: Improve the bundle merge process between pod config and container image config

4

Since container image is pulled inside the guest, we need merge the image bundle OCI spec with the container creation request OCI spec which implemented in commit: ab6b1cbfe94667b54d14f4f72fbd9fa7b1538b2a But as...

CCv0: Integrate pause image inside rootfs

5

For CoCo stack, the pause image is managed by host side, then it may configure a malicious pause image, we need package a pause image inside the rootfs and don't...

For CoCo stack, the pause image is managed by host side, then it may configure a malicious pause image, we need package an pause image inside the rootfs and don't...

CoCo runtime will need support trust storage and measured boot image: https://github.com/confidential-containers/documentation/issues/39 https://github.com/confidential-containers/documentation/issues/40 Both require the kernel support dm-crypt/dm-integrity/dm-verity features and related crypto config. Also it requires the usespace cryptsetup...

Implement subtask of https://github.com/confidential-containers/documentation/issues/40 After we have a guest kernel with builtin initramfs which provide the rootfs measurement capability and Kata rootfs image with hash device, we need set related...

For https://github.com/confidential-containers/documentation/issues/40#top, after we have a guest kernel with builtin initramfs which provide the rootfs measurement capability and Kata rootfs image with hash device, we need set related root hash...

initramfs: Add build script to generate initramfs

1

For https://github.com/confidential-containers/documentation/issues/40#top, we need an initramfs to measure the rootfs with different verity scheme like `dm-verity`. The init.sh in initramfs will parse the verity scheme, roothash, root device and setup...

Implement subtask of https://github.com/confidential-containers/documentation/issues/40 Integrate initramfs into guest kernel as one binary, which will be measured by the firmware together. Fixes: #5148 Signed-off-by: Wang, Arron

For [Measured Boot Image proposal for CoCo](https://github.com/confidential-containers/documentation/issues/40#top), after we generate an initramfs with rootfs measurement capability, we need integrate this initramfs into the guest kernel as one binary, since guest...