Support running protected VMs.
Test: atest VirtualizationTestCases
Change-Id: Ia6e605a73f6dd14e87fc7ad5e12bf973b1d2b499
diff --git a/virtualizationservice/src/crosvm.rs b/virtualizationservice/src/crosvm.rs
index 797011c..669c631 100644
--- a/virtualizationservice/src/crosvm.rs
+++ b/virtualizationservice/src/crosvm.rs
@@ -39,6 +39,7 @@
pub initrd: Option<&'a File>,
pub disks: Vec<DiskFile>,
pub params: Option<String>,
+ pub protected: bool,
}
/// A disk image to pass to crosvm for a VM.
@@ -55,6 +56,8 @@
child: SharedChild,
/// The CID assigned to the VM for vsock communication.
pub cid: Cid,
+ /// Whether the VM is a protected VM.
+ pub protected: bool,
/// Directory of temporary files used by the VM while it is running.
pub temporary_directory: PathBuf,
/// The UID of the process which requested the VM.
@@ -75,6 +78,7 @@
fn new(
child: SharedChild,
cid: Cid,
+ protected: bool,
temporary_directory: PathBuf,
requester_uid: u32,
requester_sid: String,
@@ -83,6 +87,7 @@
VmInstance {
child,
cid,
+ protected,
temporary_directory,
requester_uid,
requester_sid,
@@ -107,6 +112,7 @@
let instance = Arc::new(VmInstance::new(
child,
config.cid,
+ config.protected,
temporary_directory,
requester_uid,
requester_sid,
@@ -163,6 +169,10 @@
// TODO(qwandor): Remove --disable-sandbox.
command.arg("run").arg("--disable-sandbox").arg("--cid").arg(config.cid.to_string());
+ if config.protected {
+ command.arg("--protected-vm");
+ }
+
if let Some(log_fd) = log_fd {
command.stdout(log_fd);
} else {