Skip to content

Commit c4d0ae5

Browse files
a-cratejlebon
a-crate
authored and
jlebon
committed
gcloud: Enable SEV_LIVE_MIGRATABLE_V2
FCOS kernels contain commit ac3f9c9f, needed for SEV live migration. An earlier SEV live migration implementation (without ac3f9c9f) was indicated with SEV_LIVE_MIGRATABLE, the _V2 guest os feature indicates that it contains the patch which resolves some issues with the first implementation.
1 parent b46501c commit c4d0ae5

File tree

1 file changed

+25
-22
lines changed

1 file changed

+25
-22
lines changed

mantle/platform/api/gcloud/image.go

+25-22
Original file line numberDiff line numberDiff line change
@@ -86,12 +86,37 @@ func (a *API) CreateImage(spec *ImageSpec, overwrite bool) (*compute.Operation,
8686
}
8787
}
8888

89+
features := []*compute.GuestOsFeature{
90+
// https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images
91+
{
92+
Type: "VIRTIO_SCSI_MULTIQUEUE",
93+
},
94+
// RHEL supports this since 8.4; TODO share logic here with
95+
// https://github.com/osbuild/osbuild-composer/blob/c6570f6c94149b47f2f8e2f82d7467d6b96755bb/internal/cloud/gcp/compute.go#L16
96+
{
97+
Type: "SEV_CAPABLE",
98+
},
99+
{
100+
Type: "GVNIC",
101+
},
102+
{
103+
Type: "UEFI_COMPATIBLE",
104+
},
105+
// https://cloud.google.com/blog/products/identity-security/rsa-snp-vm-more-confidential
106+
{
107+
Type: "SEV_SNP_CAPABLE",
108+
},
109+
}
110+
89111
if spec.Architecture == "" {
90112
spec.Architecture = runtime.GOARCH
91113
}
92114
switch spec.Architecture {
93115
case "amd64", "x86_64":
94116
spec.Architecture = "X86_64"
117+
// Enables support for live migration of AMD SEV SNP capable images in GCP.
118+
// See: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=ac3f9c9f1b37edaa7d1a9b908bc79d843955a1a2
119+
features = append(features, &compute.GuestOsFeature{Type: "SEV_LIVE_MIGRATABLE_V2"})
95120
case "arm64", "aarch64":
96121
spec.Architecture = "ARM64"
97122
default:
@@ -116,28 +141,6 @@ func (a *API) CreateImage(spec *ImageSpec, overwrite bool) (*compute.Operation,
116141
}
117142
}
118143

119-
features := []*compute.GuestOsFeature{
120-
// https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images
121-
{
122-
Type: "VIRTIO_SCSI_MULTIQUEUE",
123-
},
124-
// RHEL supports this since 8.4; TODO share logic here with
125-
// https://github.com/osbuild/osbuild-composer/blob/c6570f6c94149b47f2f8e2f82d7467d6b96755bb/internal/cloud/gcp/compute.go#L16
126-
{
127-
Type: "SEV_CAPABLE",
128-
},
129-
{
130-
Type: "GVNIC",
131-
},
132-
{
133-
Type: "UEFI_COMPATIBLE",
134-
},
135-
// https://cloud.google.com/blog/products/identity-security/rsa-snp-vm-more-confidential
136-
{
137-
Type: "SEV_SNP_CAPABLE",
138-
},
139-
}
140-
141144
image := &compute.Image{
142145
Architecture: spec.Architecture,
143146
Family: spec.Family,

0 commit comments

Comments
 (0)