cli: add SNP ID block annotations to Pods based on CPU requirements by daniel-weisse · Pull Request #2214 · edgelesssys/contrast

daniel-weisse · 2026-02-26T11:42:56Z

Update reference value generation to create SNP reference values for up to 8 vCPUs
- This can be adjusted at will, but since each CPU variation results in one more entry in the generated manifest, larger numbers will immensely blow up the size of the manifest
Update ID block generation to calculate ID blocks for up to 8 vCPUs
Embed ID block mappings the the CLI and annotate Pods during contrast generate with the ID blocks required for the requested CPU amount

msanft

I think this will work, but I'm a little unsure about the current interface we expose to the user.

msanft · 2026-03-24T13:56:43Z

@burgerdev, @charludo; Addressed my own feedback, PTAL.

charludo

fixup changes LGTM; have not looked into the still-open conversation.

github-actions · 2026-03-30T10:54:46Z

Do the documentation changes need to be backported?

Changes to /docs/docs won't be visible until the next release.
If you are fixing something in the docs that should be immediately visible, the changes needs to be made to both /docs/docs and /docs/versioned_docs/version-X.Y, where X.Y is the version of the latest minor release.
This can be done in this same PR.

Yes, this should be backported to the current version of the docs.
No, the PR only contains docs changes relevant for future versions.

github-actions · 2026-03-30T10:56:51Z

PR Preview Action v1.8.1
Preview removed because the pull request was closed.
2026-04-01 06:38 UTC

burgerdev

Thanks everyone, lgtm!

daniel-weisse · 2026-03-31T07:28:32Z

I'll merge this now and then clean up and rebase #2227 for a final review, or do we want to merge everything as one?

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

Not specifying `nr_cpus` on the command line costs us marginal amounts of memory while saving complexity in the TDX RTMR pre-calculation. By dropping this from the command line, we make the kernel fall back to the `CONFIG_NR_CPUS=240` kconfig variable.

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

charludo · 2026-04-01T06:13:46Z

@daniel-weisse feel free to merge into main!

daniel-weisse requested a review from burgerdev February 26, 2026 11:42

daniel-weisse added the changelog PRs that should be part of the release notes label Feb 26, 2026

daniel-weisse force-pushed the dw/cli-id-block-generation branch 7 times, most recently from 2287b59 to 6de728d Compare March 3, 2026 14:23

daniel-weisse marked this pull request as ready for review March 4, 2026 08:48

daniel-weisse force-pushed the dw/cli-id-block-generation branch 3 times, most recently from 3acb557 to 6fd606e Compare March 5, 2026 14:21

daniel-weisse mentioned this pull request Mar 5, 2026

kata-runtime: select correct SNP ID block for platform at runtime #2227

Merged

daniel-weisse requested a review from charludo March 9, 2026 14:35

daniel-weisse force-pushed the dw/cli-id-block-generation branch 2 times, most recently from 0304e90 to f63b942 Compare March 9, 2026 14:48

burgerdev self-assigned this Mar 10, 2026

burgerdev reviewed Mar 10, 2026

View reviewed changes

Comment thread cli/cmd/common.go Outdated

Comment thread cli/cmd/generate.go

Comment thread cli/cmd/generate.go Outdated

Comment thread packages/by-name/contrast/reference-values/package.nix Outdated

Comment thread packages/by-name/contrast/snp-id-blocks/package.nix Outdated

charludo reviewed Mar 10, 2026

View reviewed changes

Comment thread cli/cmd/generate.go Outdated

Comment thread packages/by-name/contrast/reference-values/package.nix Outdated

daniel-weisse force-pushed the dw/cli-id-block-generation branch 2 times, most recently from 59f9a72 to cf6cec9 Compare March 16, 2026 14:17

msanft reviewed Mar 18, 2026

View reviewed changes

Comment thread cli/cmd/common.go Outdated

Comment thread cli/cmd/generate.go Outdated

Comment thread cli/cmd/generate.go

Comment thread packages/by-name/contrast/reference-values/package.nix

Comment thread packages/by-name/kata/runtime/package.nix

msanft requested review from burgerdev and charludo March 24, 2026 13:57

charludo approved these changes Mar 24, 2026

View reviewed changes

charludo force-pushed the dw/cli-id-block-generation branch 3 times, most recently from 61a5bd1 to 863a238 Compare March 27, 2026 12:34

charludo force-pushed the dw/cli-id-block-generation branch from 863a238 to 9c5afa4 Compare March 27, 2026 12:49

daniel-weisse force-pushed the dw/cli-id-block-generation branch from c332a4c to 187a732 Compare March 30, 2026 10:55

daniel-weisse force-pushed the dw/cli-id-block-generation branch from 187a732 to 0fcf87e Compare March 30, 2026 11:42

daniel-weisse requested a review from msanft March 30, 2026 12:35

charludo approved these changes Mar 31, 2026

View reviewed changes

burgerdev approved these changes Mar 31, 2026

View reviewed changes

daniel-weisse mentioned this pull request Mar 31, 2026

cli: generate TDX reference values for multiple CPUs #2242

Closed

daniel-weisse and others added 6 commits March 31, 2026 16:27

snp: calculate ID blocks for up to 8 vCPUs

5d14988

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

cli: generate and add ID Block annotations to Pods

26eadcf

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

cli: embedd SNP reference values for up to 8 vCPUs

3ba7ce9

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

nodeinstaller: allow ID block related annotations in Kata

be128cf

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

docs: add note about setting CPU requests

6151a52

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

daniel-weisse force-pushed the dw/cli-id-block-generation branch from 0fcf87e to 6151a52 Compare March 31, 2026 14:27

daniel-weisse merged commit cf9237f into main Apr 1, 2026
21 checks passed

daniel-weisse deleted the dw/cli-id-block-generation branch April 1, 2026 06:37

Conversation

daniel-weisse commented Feb 26, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

msanft left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

msanft commented Mar 24, 2026

Uh oh!

charludo left a comment

Choose a reason for hiding this comment

Uh oh!

github-actions Bot commented Mar 30, 2026 • edited by daniel-weisse Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Do the documentation changes need to be backported?

Uh oh!

github-actions Bot commented Mar 30, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

burgerdev left a comment

Choose a reason for hiding this comment

Uh oh!

daniel-weisse commented Mar 31, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

charludo commented Apr 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

github-actions Bot commented Mar 30, 2026 •

edited by daniel-weisse

Loading

github-actions Bot commented Mar 30, 2026 •

edited

Loading

daniel-weisse commented Mar 31, 2026 •

edited

Loading