Skip to content

ARM fedora-coreos-cloud images have incompatible guest OS features #2106

@davidskidmore

Description

@davidskidmore

Describe the bug

I've noticed there are some images in the fedora-coreos-cloud project that are for ARM but using guest OS features meant for x86. The following guest OS features should be removed from all of the ARM images:

  • SEV_CAPABLE
  • SEV_SNP_CAPABLE
  • TDX_CAPABLE

Reproduction steps

GCP users can list images using gcloud from the Google Cloud CLI, for example:

davidskidmore-mac:~ davidskidmore$ gcloud compute images list \
  --project=fedora-coreos-cloud \
  --no-standard-images \
  --filter="guestOsFeatures[].type:SEV_CAPABLE AND architecture = ARM64"
NAME                                       PROJECT              FAMILY                       DEPRECATED  STATUS
fedora-coreos-43-20260119-3-1-gcp-aarch64  fedora-coreos-cloud  fedora-coreos-stable-arm64               READY
fedora-coreos-43-20260202-1-1-gcp-aarch64  fedora-coreos-cloud  fedora-coreos-next-arm64                 READY
fedora-coreos-43-20260202-2-1-gcp-aarch64  fedora-coreos-cloud  fedora-coreos-testing-arm64              READY

To get the full list of guest OS features, use gcloud to describe an image:

davidskidmore@davidskidmore:~$ gcloud compute images describe \
  --project fedora-coreos-cloud \
  --format="table(guestOsFeatures.type:label=FEATURE)" \
  fedora-coreos-43-20260119-3-1-gcp-aarch64
FEATURE
['VIRTIO_SCSI_MULTIQUEUE', 'SEV_CAPABLE', 'GVNIC', 'UEFI_COMPATIBLE', 'SEV_SNP_CAPABLE', 'IDPF', 'TDX_CAPABLE']

Expected behavior

An image should only have guest OS features applicable to the platform it's used on. An ARM image should be closer to the following:

davidskidmore@davidskidmore:~$ gcloud compute images describe \
  --project fedora-coreos-cloud \
  --format="table(guestOsFeatures.type:label=FEATURE)" \
  fedora-coreos-43-20260119-3-1-gcp-aarch64
FEATURE
['VIRTIO_SCSI_MULTIQUEUE', 'GVNIC', 'UEFI_COMPATIBLE', 'IDPF']

Actual behavior

There are extra guest OS features that do not make sense for ARM images. The following features are x86-specific confidential computing features: SEV_CAPABLE, SEV_SNP_CAPABLE, and TDX_CAPABLE.

System details

These changes are currently observable on GCP images in the fedora-coreos-cloud project.

Butane or Ignition config

Additional information

AFAIK these images are built and published by the Fedora CoreOS team and not Google. Let me know if there is a better place to file bugs.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions