Zach (cc'd) just informed me that their team is responsible for these images and not y'all. Sorry for the noise!
On Thu, May 9, 2024 at 2:48 PM Dionna Amalie Glaze <[email protected]> wrote: > > Package: cloud.debian.org > Severity: important > > Dear Maintainer, > > I'm a Google Cloud engineer in the confidential computing organization. > We found that --image_project=debian-cloud --image_family=debian-12 fails > basic SEV-SNP attestation tests. > > Please remove the guest_os_feature SEV_SNP_CAPABLE from your images until > you resolve this issue. > > This means that /dev/sev-guest is not available, and neither is > /sys/kernel/config/tsm/report, and modprobe sev-guest fails to install the > required module for either of those attestation entry points to become > visible. > > We believe that the SEV-SNP technology's main advantage beyond its nested > page table integrity protections is its ability to provide signed attestations > that contain a digest of the VM state at launch time. The SEV_SNP_CAPABLE > feature ought to imply attestation support. I will clarify the public > documentation > on this. > > The sev-guest driver ought to be easily accessible to Cloud users of > the Debian-12 > image. If I missed which package contains this kernel module, please let me > know which it is so I may update our testing facilities. > > Thanks! > -- > -Dionna Glaze, PhD, CISSP (she/her) -- -Dionna Glaze, PhD, CISSP (she/her)
