Source file src/github.com/Microsoft/hcsshim/internal/guest/runtime/hcsv2/hostdata.go

Documentation: github.com/Microsoft/hcsshim/internal/guest/runtime/hcsv2

     1  //go:build linux
     2  // +build linux
     3  
     4  package hcsv2
     5  
     6  import (
     7  	"bytes"
     8  	"fmt"
     9  	"os"
    10  
    11  	"github.com/Microsoft/hcsshim/pkg/amdsevsnp"
    12  )
    13  
    14  // validateHostData fetches SNP report (if applicable) and validates `hostData` against
    15  // HostData set at UVM launch.
    16  func validateHostData(hostData []byte) error {
    17  	report, err := amdsevsnp.FetchParsedSNPReport(nil)
    18  	if err != nil {
    19  		// For non-SNP hardware /dev/sev will not exist
    20  		if os.IsNotExist(err) {
    21  			return nil
    22  		}
    23  		return err
    24  	}
    25  
    26  	if !bytes.Equal(hostData, report.HostData) {
    27  		return fmt.Errorf(
    28  			"security policy digest %q doesn't match HostData provided at launch %q",
    29  			hostData,
    30  			report.HostData,
    31  		)
    32  	}
    33  	return nil
    34  }
    35  

View as plain text