Skip to content

Commit

Permalink
mantle: Support AMD SEV-SNP confidential instances
Browse files Browse the repository at this point in the history
Fix #3556
  • Loading branch information
HuijingHei committed Sep 5, 2024
1 parent 4881646 commit f66d626
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 8 deletions.
14 changes: 9 additions & 5 deletions mantle/cmd/kola/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ func init() {
sv(&kola.GCPOptions.ServiceAcct, "gcp-service-account", "", "GCP service account to attach to instance (default project default)")
bv(&kola.GCPOptions.ServiceAuth, "gcp-service-auth", false, "for non-interactive auth when running within GCP")
sv(&kola.GCPOptions.JSONKeyFile, "gcp-json-key", "", "use a service account's JSON key for authentication (default \"~/"+auth.GCPConfigPath+"\")")
bv(&kola.GCPOptions.Confidential, "gcp-confidential-vm", false, "create confidential instances")
sv(&kola.GCPOptions.ConfidentialType, "gcp-confidential-type", "", "create confidential instances")

// openstack-specific options
sv(&kola.OpenStackOptions.ConfigPath, "openstack-config-file", "", "Path to a clouds.yaml formatted OpenStack config file. The underlying library defaults to ./clouds.yaml")
Expand Down Expand Up @@ -245,10 +245,14 @@ func syncOptionsImpl(useCosa bool) error {
if kolaPlatform == "gcp" && kola.GCPOptions.MachineType == "" {
switch kola.Options.CosaBuildArch {
case "x86_64":
if kola.GCPOptions.Confidential {
// https://cloud.google.com/compute/confidential-vm/docs/locations
fmt.Print("Setting instance type for confidential computing")
kola.GCPOptions.MachineType = "n2d-standard-2"
if kola.GCPOptions.ConfidentialType != "" {
if kola.GCPOptions.ConfidentialType == "SEV" || kola.GCPOptions.ConfidentialType == "SEV_SNP" {
// https://cloud.google.com/compute/confidential-vm/docs/locations
fmt.Print("Setting instance type for confidential computing")
kola.GCPOptions.MachineType = "n2d-standard-2"
} else {
return fmt.Errorf("Confidential type only supports [SEV, SEV_SNP]")
}
} else {
kola.GCPOptions.MachineType = "n1-standard-1"
}
Expand Down
2 changes: 1 addition & 1 deletion mantle/platform/api/gcloud/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ type Options struct {
ServiceAcct string
JSONKeyFile string
ServiceAuth bool
Confidential bool
ConfidentialType string
*platform.Options
}

Expand Down
4 changes: 2 additions & 2 deletions mantle/platform/api/gcloud/compute.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,9 +147,9 @@ func (a *API) mkinstance(userdata, name string, keys []*agent.Key, opts platform
})
}
// create confidential instance
if a.options.Confidential {
if a.options.ConfidentialType == "SEV" || a.options.ConfidentialType == "SEV_SNP" {
instance.ConfidentialInstanceConfig = &compute.ConfidentialInstanceConfig{
EnableConfidentialCompute: true,
ConfidentialInstanceType: a.options.ConfidentialType,
}
instance.Scheduling = &compute.Scheduling{
OnHostMaintenance: "TERMINATE",
Expand Down

0 comments on commit f66d626

Please sign in to comment.