On 25/02/2025 08:21, Felix Kronlage-Dammers wrote:
On Tue, Feb 25, 2025 at 04:17:02PM +0900, Takashi Kajinami wrote:
this:
Honestly speaking I've been struggling to gather attention about the work basically counts for:
There was a discussion in the past nova PTG about adding support for Intel SGX, but unfortunately I've seen no progress about it. as well. The colleagues at OSISM were doing the work to see that the SGX-patchsets were brought in shape in order to upstream them. During PTG it became clear that it would need quite a bit of re-work. Before diving into that we wanted to make sure that people (users, operators) are really interested in it: however we've failed to identify basically _any_ interest among users and operators. As such we halted this effort.
nova is also a bit hesitant to accept invasive change for this because we did have integration with openattssation/trusted compute pool in the past that was developed by intel and then because abandon ware almost imeadetly once it was upstream the inital series was done 13 years ago https://review.opendev.org/q/owner:fred-yang https://blueprints.launchpad.net/nova/+spec/trusted-computing-pools the trusted compute filter was finally deprecated in pike and removed in queens https://github.com/openstack/nova/commit/3806ead0e09f76b8b984054875682fbc68e... the orgianl trusted compute work was never properly tested and broke shortly after it was merged because the open attention spec it was based on was made obsolete. if we add confidential computing feature going forward we need to make sure they are documented, tested and maintainable by the core team, we don't accept experimental feature in tree any more like we did when that was first done and our over all testing requirement are much higher. having an operator/user need for this also goes a long way to priorities these types of features.
cheers
felix