coreos/fedora-coreos-tracker

Tracker: Confidential Virtualization Host with AMD SEV-SNP

marmijo opened this issue · 2 comments

Upstream Fedora Change: https://fedoraproject.org/wiki/Changes/ConfidentialVirtHostAMDSEVSNP

Fedora is introducing support for AMD SEV-SNP, which enables Fedora virtualization hosts to launch confidential virtual machines.

This is to track adding support for this change in FCOS and ensuring that the OS can function as a guest operating system in environments utilizing AMD SEV-SNP.

This was discussed during the community meeting on 2024-07-24 ([meeting log).

Guest owners will be able to prove that their OS is running in a Fedora host confidential virtual machine protected by AMD SEV-SNP, by performing a guest attestation

  • We'll investigate what changes are needed to perform this "guest attestation" in order to support AMD SEV-SNP.
  • If this doesn't work "out-of-the-box" and changes are needed, we'll add a test for it.
  • Will these changes extend to RHCOS as well?

Confirm that we already support AMD SEV-SNP type confidential instances on GCP (See coreos/coreos-assembler#3547), so what we should do is to add tests.

For Azure, need to confirm.