Skip to content

gcs-sidecar: stage amdsnppspapi.dll into CWCOW container security-context dir#2802

Open
anmaxvl wants to merge 1 commit into
microsoft:mainfrom
anmaxvl:amdsnppspapi-in-security-context
Open

gcs-sidecar: stage amdsnppspapi.dll into CWCOW container security-context dir#2802
anmaxvl wants to merge 1 commit into
microsoft:mainfrom
anmaxvl:amdsnppspapi-in-security-context

Conversation

@anmaxvl

@anmaxvl anmaxvl commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Confidential WCOW workloads need the AMD SNP PSP API DLL (amdsnppspapi.dll) to fetch SNP attestation reports, but it only exists in the UVM's System32 and cannot be bind-mounted as a single file.

Copy the DLL from the UVM's System32 into each confidential container's existing security-context directory and append that directory (as seen from inside the container) to the container PATH so it is discoverable via LoadLibrary. Staging happens after security policy enforcement, consistent with the existing UVM_SECURITY_CONTEXT_DIR injection, and is a no-op when the DLL is absent (e.g. non-SNP UVMs).

WriteSecurityContextDir now returns the created directory path so the sidecar can stage additional files into it; the Linux GCS call site is updated accordingly. Adds unit tests for stageDLL and appendToPathEnv.

Assisted-by: Claude Opus 4.8

@anmaxvl anmaxvl requested a review from a team as a code owner June 30, 2026 23:19
@anmaxvl anmaxvl requested a review from Copilot June 30, 2026 23:19

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends the WCOW gcs-sidecar to stage the AMD SNP PSP API DLL (amdsnppspapi.dll) into each confidential container’s security-context directory and updates the container PATH so workloads can LoadLibrary it by name. It also adjusts the security-context directory writer to return the created directory path, enabling additional staging steps.

Changes:

  • Update SecurityOptions.WriteSecurityContextDir to return the created security-context directory path (or empty string if none created).
  • In the WCOW gcs-sidecar container-create flow, stage amdsnppspapi.dll from the UVM’s System32 into the security-context directory and append that directory to PATH.
  • Add Windows unit tests covering DLL staging and PATH manipulation behavior.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
pkg/securitypolicy/securitypolicy_options.go Changes WriteSecurityContextDir to return the created directory path (enables downstream staging).
internal/guest/runtime/hcsv2/uvm.go Updates LCOW call site to handle the new (string, error) return signature.
internal/gcs-sidecar/handlers.go Adds DLL staging into the security-context directory and PATH updates for WCOW workloads.
internal/gcs-sidecar/stage_dll_test.go Adds Windows unit tests for stageDLL and appendToPathEnv.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pkg/securitypolicy/securitypolicy_options.go
Comment thread internal/gcs-sidecar/handlers.go Outdated
@anmaxvl anmaxvl force-pushed the amdsnppspapi-in-security-context branch from 074769b to e6b89bb Compare June 30, 2026 23:34
Comment thread internal/gcs-sidecar/handlers.go Outdated
Comment on lines +171 to +176
// UVM_SECURITY_CONTEXT_DIR env injection done by WriteSecurityContextDir.
if securityContextDir != "" {
if err := stageSnpPspDLL(ctx, &spec, securityContextDir); err != nil {
return fmt.Errorf("failed to stage %s: %w", amdSnpPspDLLName, err)
}
}

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Untested, but I'm not sure if this will work, we might need to add the environment variables in executeProcess's processParams.Environment (but maybe @takuro-sato is making that processParams.Environment come from a stored OCI spec instead?)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding this env should happen in executeProcess at least for now as env vars are not passed to inbox inbox in createContainer.

After I finish my change it can be in between createContainer enforcement and b.hostState.AddContainer(req.ctx, containerID, c); (, where the enforcement result is stored) too.

Env var enforcement will be like:

  • createContaiener enforces and drops env vars and save the result in memory (resulting env vars are not passed to inbox gcs)
  • executeProcess gets a request including env vars and check they match the env vars in memory (currently this part is missing)

@anmaxvl anmaxvl force-pushed the amdsnppspapi-in-security-context branch from e6b89bb to a6cbaf8 Compare July 1, 2026 01:43

@micromaomao micromaomao left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approach looks good to me (I assume by adding the security context to PATH dlls can be loaded from there when using LoadDLL / NewLazyDLL

…text dir

Confidential WCOW workloads need the AMD SNP PSP API DLL (amdsnppspapi.dll)
to fetch SNP attestation reports, but it only exists in the UVM's System32
and cannot be bind-mounted as a single file.

Copy the DLL from the UVM's System32 into each confidential container's
existing security-context directory and append that directory (as seen from
inside the container) to the container PATH so it is discoverable via
LoadLibrary. Staging happens after security policy enforcement, consistent
with the existing UVM_SECURITY_CONTEXT_DIR injection, and is a no-op when the
DLL is absent (e.g. non-SNP UVMs).

WriteSecurityContextDir now returns the created directory path so the sidecar
can stage additional files into it; the Linux GCS call site is updated
accordingly. Adds unit tests for stageDLL and appendToPathEnv.

Signed-off-by: Maksim An <maksiman@microsoft.com>
Assisted-by: Claude Opus 4.8
@anmaxvl anmaxvl force-pushed the amdsnppspapi-in-security-context branch from a6cbaf8 to 693c98a Compare July 1, 2026 04:25

@KenGordon KenGordon left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will discuss the pros and cons of path business today.

return false, fmt.Errorf("failed to copy %s to %s: %w", srcPath, dstPath, err)
}

spec.Process.Env = appendToPathEnv(spec.Process.Env, containerDir)

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since any client of the driver will need to be picking up the certs, uvm reference info etc it will need to be explicitly using the security context directory so I think it can also construct the path to the dll. We can add that into the go code in the SKR and the cpp PspUtils tool as examples. Thus I am not certain we should do this path manipulation here. Open to debate I guess.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants