feat: Add support for Virtualization Based Security #318
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tenthirtyam
added
enhancement
builder/vsphere-iso
tenthirtyam
force-pushed
the
feat/add-vbs
branch
17 times, most recently
from
3798c02 to
0c521df
Compare
nywilken
reviewed
Nov 8, 2023
There was a problem hiding this comment.
@tenthirtyam thanks for opening this up. I took a first look at this PR and left a few questions around what looks to be left over variables. I'll give this and the clone a further review
nywilken
reviewed
Nov 8, 2023
tenthirtyam
force-pushed
the
feat/add-vbs
branch
2 times, most recently
from
440ec1f to
62ce85a
Compare
- Add support for Virtualization Based Security by enabling a step to add configuration flags to the virtual machine. - Added `vbs_enabled` and `vvtd_enabled`. - Added checks to ensure: - `vvtd_enabled` must be set to `true` when `vbs_enabled` is set to `true` - `nestedhv` must be set to `true` when `vbs_enabled` is set to `true` - `vtpm` must be set to `true` when `vbs_enabled` is set to `true` - `firmware` must be set to `efi-secure` when `vbs_enabled` is set to `true` Signed-off-by: Ryan Johnson <[email protected]>
tenthirtyam
force-pushed
the
feat/add-vbs
branch
from
62ce85a to
203af78
Compare
nywilken
approved these changes
Nov 9, 2023
nywilken
reviewed
Nov 9, 2023
nywilken
changed the title
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
vbs_enabledandvvtd_enabled.vvtd_enabledmust be set totruewhenvbs_enabledis set totruenestedhvmust be set totruewhenvbs_enabledis set totruevtpmmust be set totruewhenvbs_enabledis set totruefirmwaremust be set toefi-securewhenvbs_enabledis set totrue✅ CI is PASSING.
Reference
Closes #171