Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
Apache License 2.0
5.46k
stars
1.06k
forks
source link
kata-ctl: Add additional checks for TDX and SGX #8468
The rust runtime provides a protection crate to identify if the underlying system has, for example, Intel TDX enabled. This is used by the Cloud Hypervisor runtime-rs driver to allow the user to create a TD rather than a VM if requested.
The checks that the protection crate runs have to be fast as they are in the container creation fastpath. However, there are additional checks that could be run so we should add those to kata-ctl check all to give the user more detail on how their system is configured.
jodh-intel
commented
9 months ago
The rust runtime provides a
protectioncrate to identify if the underlying system has, for example, Intel TDX enabled. This is used by the Cloud Hypervisor runtime-rs driver to allow the user to create a TD rather than a VM if requested.The checks that the
protectioncrate runs have to be fast as they are in the container creation fastpath. However, there are additional checks that could be run so we should add those tokata-ctl check allto give the user more detail on how their system is configured.