To run this project (and CoCo in general) on AMD SEV-SNP there is some additional configuration to be done.
For most of the SEV-SNP management, we recommend installing snphost.
Once per node we need to install a full certificate chain. To do so, run:
sudo mkdir -p /opt/sev
sudo snphost export --full /opt/sev/cert_chain.certIf you use any kata-specific annotations (like io.katacontainers.config.pre-attestation.enabled)
you need to add them to an allow-list in /opt/confidential-containers/share/defaults/kata-containers/configuration-<runtime>.toml
and maybe in the /etc/containerd/config.toml.