File tree Expand file tree Collapse file tree 6 files changed +70
-2
lines changed Expand file tree Collapse file tree 6 files changed +70
-2
lines changed Original file line number Diff line number Diff line change @@ -384,6 +384,26 @@ The following parameters can be specified to set up the controller:
384384 }
385385```
386386
387+ ### <a name =" configLinuxVTPMs " />vTPMs
388+
389+ ** ` vtpms ` ** (array of objects, OPTIONAL) lists a number of emulated TPMs that will be made available to the container.
390+
391+ Each entry has the following structure:
392+
393+ * ** ` vtpmVersion ` ** * (string, OPTIONAL)* - The version of TPM to emulate, either 1.2 or 2; default is 1.2.
394+ * ** ` createCerts ` ** * (boolean, OPTIONAL)* - If true then create certificates for the vTPM, defaults to false.
395+
396+ #### Example
397+
398+ ``` json
399+ "vtpms" : [
400+ {
401+ "vtpmVersion" : " 1.2"
402+ "createCerts" : false
403+ }
404+ ]
405+ ```
406+
387407### <a name =" configLinuxHugePageLimits " />Huge page limits
388408
389409** ` hugepageLimits ` ** (array of objects, OPTIONAL) represents the ` hugetlb ` controller which allows to limit the
Original file line number Diff line number Diff line change @@ -772,7 +772,13 @@ Here is a full example `config.json` for reference.
772772 "rate" : 300
773773 }
774774 ]
775- }
775+ },
776+ "vtpms" : [
777+ {
778+ "vtpmVersion" : " 1.2"
779+ "createCerts" : false
780+ }
781+ ]
776782 },
777783 "rootfsPropagation" : " slave"
778784 "seccomp" : {
Original file line number Diff line number Diff line change 4747 "$ref" : " defs-linux.json#/definitions/DeviceCgroup"
4848 }
4949 },
50+ "vtpms" : {
51+ "id" : " https://opencontainers.org/schema/bundle/linux/resources/vtpms"
52+ "type" : " array"
53+ "items" : {
54+ "$ref" : " defs-linux.json#/definitions/VTPM"
55+ }
56+ },
5057 "pids" : {
5158 "id" : " https://opencontainers.org/schema/bundle/linux/resources/pids"
5259 "type" : " object"
Original file line number Diff line number Diff line change 109109 "description" : " minor device number"
110110 "$ref" : " defs.json#/definitions/int64"
111111 },
112+ "TPMVersion" : {
113+ "description" : " The TPM version"
114+ "type" : " string"
115+ "enum" : [
116+ " 1.2"
117+ " 2"
118+ ]
119+ },
112120 "FileMode" : {
113121 "description" : " File permissions mode (typically an octal value)"
114122 "type" : " integer"
202210 }
203211 ]
204212 },
213+ "VTPM" : {
214+ "type" : " object"
215+ "properties" : {
216+ "vtpmVersion" : {
217+ "$ref" : " #/definitions/TPMVersion"
218+ },
219+ "createCerts" : {
220+ "type" : " boolean"
221+ }
222+ }
223+ },
205224 "DeviceCgroup" : {
206225 "type" : " object"
207226 "properties" : {
Original file line number Diff line number Diff line change 303303 "rate" : 300
304304 }
305305 ]
306- }
306+ },
307+ "vtpms" : [
308+ {
309+ "vtpmVersion" : " 1.2"
310+ "createCerts" : false
311+ }
312+ ]
307313 },
308314 "rootfsPropagation" : " slave"
309315 "seccomp" : {
Original file line number Diff line number Diff line change @@ -161,6 +161,8 @@ type Linux struct {
161161 // IntelRdt contains Intel Resource Director Technology (RDT) information
162162 // for handling resource constraints (e.g., L3 cache) for the container
163163 IntelRdt * LinuxIntelRdt `json:"intelRdt,omitempty"`
164+ // VTPM configuration
165+ VTPMS []LinuxVTPM `json:"vtpms,omitempty"`
164166}
165167
166168// LinuxNamespace is the configuration for a Linux namespace
@@ -568,3 +570,11 @@ type LinuxIntelRdt struct {
568570 // Format: "L3:<cache_id0>=<cbm0>;<cache_id1>=<cbm1>;..."
569571 L3CacheSchema string `json:"l3CacheSchema,omitempty"`
570572}
573+
574+ // VTPM is used to hold the configuration state of a VTPM
575+ type LinuxVTPM struct {
576+ // Whether to create a certificate for the VTPM
577+ CreateCerts bool `json:"createCerts,omitempty"`
578+ // Version of the TPM
579+ VTPMversion string `json:"vtpmVersion,omitempty"`
580+ }
You can’t perform that action at this time.
0 commit comments