Tracker: Confidential Virtualization Host with AMD SEV-SNP
marmijo opened this issue · 2 comments
Upstream Fedora Change: https://fedoraproject.org/wiki/Changes/ConfidentialVirtHostAMDSEVSNP
Fedora is introducing support for AMD SEV-SNP, which enables Fedora virtualization hosts to launch confidential virtual machines.
This is to track adding support for this change in FCOS and ensuring that the OS can function as a guest operating system in environments utilizing AMD SEV-SNP.
This was discussed during the community meeting on 2024-07-24 ([meeting log).
Guest owners will be able to prove that their OS is running in a Fedora host confidential virtual machine protected by AMD SEV-SNP, by performing a guest attestation
- We'll investigate what changes are needed to perform this "guest attestation" in order to support AMD SEV-SNP.
- If this doesn't work "out-of-the-box" and changes are needed, we'll add a test for it.
- Will these changes extend to RHCOS as well?
cosa issue coreos/coreos-assembler#3556
Confirm that we already support AMD SEV-SNP
type confidential instances on GCP
(See coreos/coreos-assembler#3547), so what we should do is to add tests.
For Azure, need to confirm.