fix(fortanix-vme-runner): don't drop MaybeVendoredImage too early

tvsfx · tvsfx · commit 087721de141c · 2026-01-30T03:08:39.000+01:00
diff --git a/fortanix-vme/fortanix-vme-runner/src/main.rs b/fortanix-vme/fortanix-vme-runner/src/main.rs
@@ -111,20 +111,13 @@ impl AwsNitroCli {
 }
 
 impl AmdSevSnpCli {
-    fn to_vm_run_args(&self) -> Result<VmRunArgs> {
+    fn to_vm_run_args(&self, firmware_image_path: PathBuf) -> Result<VmRunArgs> {
         let cpu_count = self.common_args.cpu_count;
         let memory_mib = self.common_args.memory;
 
         Ok(VmRunArgs {
             uki_path: self.common_args.enclave_file.clone(),
-            firmware_image: match &self.amd_sev_snp_args.firmware_image_path {
-                Some(path) => MaybeVendoredImage::from(path.clone()),
-                None => MaybeVendoredImage::from_vendored(if self.common_args.simulate {
-                    VANILLA_OVMF
-                } else {
-                    AMD_SEV_OVMF
-                })?,
-            },
+            firmware_image_path,
             memory_mib,
             cpu_count,
         })
@@ -151,7 +144,18 @@ fn main() -> Result<()> {
 }
 
 fn run_amd_sev_enclave(amd_sev_cli: AmdSevSnpCli) -> Result<()> {
-    let run_args = amd_sev_cli.to_vm_run_args()?;
+    // NOTE: it's important to not drop this while the VM runs, as it will remove the
+    // temporary file that stores the firmware image
+    let firmware_image = match amd_sev_cli.amd_sev_snp_args.firmware_image_path.clone() {
+        Some(path) => MaybeVendoredImage::from(path),
+        None => MaybeVendoredImage::from_vendored(if amd_sev_cli.common_args.simulate {
+            VANILLA_OVMF
+        } else {
+            AMD_SEV_OVMF
+        })?,
+    };
+    let run_args = amd_sev_cli.to_vm_run_args(firmware_image.path().to_owned())?;
+
     let AmdSevSnpCli {
         common_args,
         amd_sev_snp_args,
diff --git a/fortanix-vme/fortanix-vme-runner/src/platforms/amdsevsnp.rs b/fortanix-vme/fortanix-vme-runner/src/platforms/amdsevsnp.rs
@@ -3,8 +3,6 @@ use std::{
     process::{Child, Command},
 };
 
-use confidential_vm_blobs::maybe_vendored::MaybeVendoredImage;
-
 use super::Platform;
 
 /// The arguments used by the `run-enclave` command.
@@ -13,7 +11,7 @@ pub struct VmRunArgs {
     /// The path to the VM image file.
     pub uki_path: PathBuf,
     /// The path to the enclave image file.
-    pub firmware_image: MaybeVendoredImage,
+    pub firmware_image_path: PathBuf,
     /// The amount of memory that will be given to the enclave.
     pub memory_mib: u64,
     /// The number of CPUs that the enclave will receive.
@@ -35,7 +33,7 @@ enum RunMode {
 fn build_qemu_command(run_mode: RunMode, vm_run_args: VmRunArgs) -> Command {
     let VmRunArgs {
         uki_path,
-        firmware_image,
+        firmware_image_path,
         memory_mib,
         cpu_count,
     } = vm_run_args;
@@ -73,7 +71,7 @@ fn build_qemu_command(run_mode: RunMode, vm_run_args: VmRunArgs) -> Command {
 
     // Images
     command.arg("-kernel").arg(uki_path);
-    command.arg("-bios").arg(firmware_image.path());
+    command.arg("-bios").arg(firmware_image_path);
 
     if let RunMode::AmdSevVm = run_mode {
         command
