kata-containers icon indicating copy to clipboard operation
kata-containers copied to clipboard
verified publisher icon kata-containers

sev: required shim changes for sev pre-attestation

Open ryansavino opened this issue 2 years ago • 9 comments

qemu, qmp, config, kbs and hypervisor changes required for runtime support of SEV pre-attestation

Fixes: #6571

ryansavino avatar Aug 01 '23 22:08 ryansavino

/test

ryansavino avatar Aug 01 '23 22:08 ryansavino

@ryansavino, quick question, would this work well even with no attestation agent inside the guest?

Also, for GHA, we can just rely on the ok-to-test label that I just added.

fidencio avatar Aug 02 '23 07:08 fidencio

I'm looking forward to this becoming ready to review, as it'll help to close the gap in the merge from main to CCv0.

fidencio avatar Aug 02 '23 07:08 fidencio

@ryansavino can you remove the WIP from the title? Let's try to get some reviews here.

fitzthum avatar Dec 05 '23 15:12 fitzthum

I reviewed this by (mostly) sanity-checking that the changes were correctly ported from the relevant PRs mentioned in the issue.

The only oddity that stood out is kernelParameters() in qemu.go has a new code block from PR 5665 here. This code block doesn't seem to have been picked up in this merge-to-main change, and it seems relevant. (The code block is also still part of the CCv0 branch here so it didn't get wiped out by some later change, either.)

Other than this, LGTM.

Ah, nice catch. I missed this. I've added it now. Thanks.

ryansavino avatar Jan 08 '24 23:01 ryansavino

static-checks are failing here with the following error:

qemu.go:545:1: cyclomatic complexity 33 of func `(*qemu).CreateVM` is high (> 30) (gocyclo)
func (q *qemu) CreateVM(ctx context.Context, id string, network Network, hypervisorConfig *HypervisorConfig) error {
^
make: *** [Makefile:45: static-checks] Error 1
Error: Process completed with exit code 2.

This PR didn't create this function, so I'm wondering if there's a need to investigate this further. Is this happening in other places too? @fidencio @stevenhorsman

ryansavino avatar Jan 09 '24 17:01 ryansavino

cyclomatic complexity 33 of func (*qemu).CreateVM is high (> 30)

I wonder if the code block you added to qemu.go (lines 709 - 741) bumped that "cyclomatic complexity" over 30. (Never seen that metric; I think it's just saying "your function is long and windy".)

If it's easy to rerun static checks locally, maybe move that new code block to a function and see if passes?

portersrc avatar Jan 09 '24 17:01 portersrc

static-checks are failing here with the following error:

qemu.go:545:1: cyclomatic complexity 33 of func `(*qemu).CreateVM` is high (> 30) (gocyclo)
func (q *qemu) CreateVM(ctx context.Context, id string, network Network, hypervisorConfig *HypervisorConfig) error {
^
make: *** [Makefile:45: static-checks] Error 1
Error: Process completed with exit code 2.

This PR didn't create this function, so I'm wondering if there's a need to investigate this further. Is this happening in other places too? @fidencio @stevenhorsman

The reason for the error is that you've increased the cyclomatic complexity of CreateVM by adding new code in there. I count 4 new branches, so I guess it was 29 before and you've tipped it over the threshold.

stevenhorsman avatar Jan 09 '24 17:01 stevenhorsman

Cc @pmores who is leading the effort on the QEMU driver for runtime-rs.

gkurz avatar Jun 11 '24 10:06 gkurz

This PR has been opened without with no activity for 180 days. Comment on the issue otherwise it will be closed in 7 days

github-actions[bot] avatar Feb 09 '25 00:02 github-actions[bot]