gcloud: Enable SEV_SNP_CAPABLE
#3547
Conversation
|
It looks to me like this isn't present for the traditional RHEL images: https://github.com/osbuild/osbuild-composer/blob/2e7afcffe15adc5ca0f99c1a9ee39a5eca9456a4/internal/cloud/gcp/compute.go#L22 Should we fix that there too? |
|
/approve |
Yes, we'll have to do it there too. |
Seems unrelated. Wondering where this comes from. Edit: Found in openshift/os#1328 as well. |
|
/retest |
|
osbuild-composer PR in osbuild/osbuild-composer#3579 |
|
Hmm. We added support for confidential compute stuff to kola in #3474 and added tests for confidential compute VMs in coreos/fedora-coreos-tracker#1202 (comment). Was any of that wrong or unnecessary? |
|
All the previous work is still valid. This change adds another Guest OS Feature for GCP images to let them run on a newer type of hardware (AMD SEV-SNP) that is "more confidential" than the previous one (AMD SEV only). The blog post has the details of the differences between the SEV and SEV-SNP VM types: https://cloud.google.com/blog/products/identity-security/rsa-snp-vm-more-confidential |
|
Can you add a test that runs against the new instance type in the pipeline so we can confirm that it's working? |
|
This is a private preview right now so we likely won't be able to do that in our pipeline yet but I'll file an issue to track this. |
Sounds good. We can add the test and test it with an account that does have access and then snooze the test for 6 months or so (and re-snooze later if it's still not public in 6 months). |
See: #3243
See: https://cloud.google.com/blog/products/identity-security/rsa-snp-vm-more-confidential
Fixes: https://issues.redhat.com/browse/COS-2343