go/runtime/host/tdx: Add support for RW drives and formats

oasisprotocol · Dec 20, 2024 · cd587b4 · cd587b4
1 parent fb92f74
commit cd587b4
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/go/runtime/bundle/component.go b/go/runtime/bundle/component.go
@@ -199,6 +199,8 @@ type TDXMetadata struct {
 
 	// Stage2Image is the name of the stage 2 VM image file.
 	Stage2Image string `json:"stage2_image,omitempty"`
+	// Stage2Format is the format of the stage 2 VM image file. Empty means raw.
+	Stage2Format string `json:"stage2_format,omitempty"`
 
 	// Resources are the requested VM resources.
 	Resources TDXResources `json:"resources"`

diff --git a/go/runtime/host/tdx/qemu.go b/go/runtime/host/tdx/qemu.go
@@ -155,10 +155,20 @@ func (q *qemuProvisioner) getSandboxConfig(rtCfg host.Config, _ sandbox.Connecto
 		// Configure stage 2 image.
 		if tdxCfg.HasStage2() {
 			stage2Image := comp.ExplodedPath(tdxCfg.Stage2Image)
+			stage2Format := tdxCfg.Stage2Format
+			switch stage2Format {
+			case "":
+				// Default to raw format.
+				stage2Format = "raw"
+			case "raw", "qcow2":
+				// These formats are supported as-is.
+			default:
+				return process.Config{}, fmt.Errorf("format '%s' is not supported", stage2Format)
+			}
 
 			cfg.Args = append(cfg.Args,
 				// Stage 2 drive.
-				"-drive", fmt.Sprintf("format=raw,file=%s,if=none,id=drive0,read-only=on", stage2Image),
+				"-drive", fmt.Sprintf("format=%s,file=%s,if=none,id=drive0,snapshot=on", stage2Format, stage2Image),
 				"-device", "virtio-blk-pci,drive=drive0",
 			)
 		}