@@ -73,7 +73,7 @@ const (
73
73
// Values based on:
74
74
clhTimeout = 10
75
75
clhAPITimeout = 1
76
- clhAPITimeoutConfidentialGuest = 40
76
+ clhAPITimeoutConfidentialGuest = 60
77
77
// Timeout for hot-plug - hotplug devices can take more time, than usual API calls
78
78
// Use longer time timeout for it.
79
79
clhHotPlugAPITimeout = 5
@@ -406,9 +406,21 @@ func (clh *cloudHypervisor) nydusdAPISocketPath(id string) (string, error) {
406
406
}
407
407
408
408
func (clh * cloudHypervisor ) enableProtection () error {
409
- protection , err := availableGuestProtection ()
410
- if err != nil {
411
- return err
409
+
410
+ protection := noneProtection
411
+
412
+ // SNP protection explicitly requested by config
413
+ if clh .config .SevSnpGuest {
414
+ clh .Logger ().WithField ("function" , "enableProtection" ).Info ("SEVSNPGUEST" )
415
+ protection = snpProtection
416
+ } else {
417
+ clh .Logger ().WithField ("function" , "enableProtection" ).Info ("NOSEVSNPGUEST" )
418
+ // protection method not explicitly requested, using available method
419
+ availableProtection , err := availableGuestProtection ()
420
+ if err != nil {
421
+ return err
422
+ }
423
+ protection = availableProtection
412
424
}
413
425
414
426
switch protection {
@@ -431,6 +443,9 @@ func (clh *cloudHypervisor) enableProtection() error {
431
443
432
444
return nil
433
445
446
+ case sevProtection :
447
+ return errors .New ("SEV protection is not supported by Cloud Hypervisor" )
448
+
434
449
case snpProtection :
435
450
if clh .vmconfig .Platform == nil {
436
451
clh .vmconfig .Platform = chclient .NewPlatformConfig ()
@@ -441,9 +456,6 @@ func (clh *cloudHypervisor) enableProtection() error {
441
456
442
457
return nil
443
458
444
- case sevProtection :
445
- return errors .New ("SEV protection is not supported by Cloud Hypervisor" )
446
-
447
459
default :
448
460
return nil
449
461
//return errors.New("This system doesn't support Confidential Computing (Guest Protection)")
0 commit comments