Tracker: Confidential Virtualization Host with AMD SEV-SNP

marmijo commented 2 months ago

Upstream Fedora Change: https://fedoraproject.org/wiki/Changes/ConfidentialVirtHostAMDSEVSNP

Fedora is introducing support for AMD SEV-SNP, which enables Fedora virtualization hosts to launch confidential virtual machines.

This is to track adding support for this change in FCOS and ensuring that the OS can function as a guest operating system in environments utilizing AMD SEV-SNP.

This was discussed during the community meeting on 2024-07-24 ([meeting log).

Guest owners will be able to prove that their OS is running in a Fedora host confidential virtual machine protected by AMD SEV-SNP, by performing a guest attestation

We'll investigate what changes are needed to perform this "guest attestation" in order to support AMD SEV-SNP.
If this doesn't work "out-of-the-box" and changes are needed, we'll add a test for it.
Will these changes extend to RHCOS as well?

HuijingHei commented 2 months ago

cosa issue https://github.com/coreos/coreos-assembler/issues/3556

HuijingHei commented 2 months ago

Confirm that we already support AMD SEV-SNP type confidential instances on GCP (See https://github.com/coreos/coreos-assembler/pull/3547), so what we should do is to add tests.

For Azure, need to confirm.

coreos / fedora-coreos-tracker

Tracker: Confidential Virtualization Host with AMD SEV-SNP #1777