harche
commented
4 years ago I was able to build kata from source and run a container in kata VM.
root@ibm-sev:~/go/src/github.com/kata-containers/packaging/kernel# docker run -ti --runtime kata-runtime busybox sh
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
bdbbaa22dec6: Pull complete
Digest: sha256:6915be4043561d64e0ab0f8f098dc2ac48e077fe23f488ac24b665166898115a
Status: Downloaded newer image for busybox:latest
/ # uname -a
Linux a712e62982a2 5.4.15 #1 SMP Sun Mar 8 22:25:07 PDT 2020 x86_64 GNU/Linux
/ # exit
root@ibm-sev:~/go/src/github.com/kata-containers/packaging/kernel# uname -a
Linux ibm-sev 5.3.0-40-generic #32~18.04.1-Ubuntu SMP Mon Feb 3 14:05:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@ibm-sev:~/go/src/github.com/kata-containers/packaging/kernel# This is not a secure VM verified by external attestation service, rather a simple standard kata VM.
This issue will track the effort required to add support for AMD SEV.
[ ] Boot secure VM using kata containers
[ ] Design and implement solution for securely delivering the required keys (configmap decryption key and image decryption key) inside SEV VM.
This is just a high level view of required tasks, and is no way represent the final list of work items. These items will be further divided into more issues as we go about implementing them.
We will use this issue to add updates on the progress of the required work.