There are some active deployment activity in this area to implement secured vTPM which allows measured boot without direct kernel boot, but this work is still under very active development. hum we should discuss this future but im not sure if we should proceed with SEV-SNP enablement before that is completed.
with that said if the request for SEV-SNP is done via a trait on the image combined with the exisitng image property for memory encycpition it may be workable given the direct kernel boot functionality is also expressed on the image.
that woudl be a pretty big limitation however for that feature.
Agreed, and I certainly would be hesitant to add more stuff dependent on something I'm hoping to remove. The UX for a feature where the kernel and ramdisk updated in the guest by the distro isn't actually what gets used it not a very good workflow at all. That said, I guess honoring the kernel/ramdisk linkage from whatever image is selected is perhaps something we could do with less complication than we currently have. Right now, we have places where booting from an AMI changes various behaviors and that's definitely the primary thing I want to remove. Just honoring the kernel/ramdisk linkage without other special image behaviors is maybe (*maybe*) less concerning although I still think it would be better to eliminate that if we can.
im proxying some of the converstaion i have had with dan on this topic but for exmaple the root disk image cirros-0.6.2-x86_64-blank.img shoudl really be disk-format=GPT i.e. declaring to glance that this iamge contains a gpt partition table
I definitely don't want to add cpio (and etc) to glance as disk_format options just because the kernel or ramdisk image may be encoded that way. However, if we can get to the point where nova will boot a disk_format=gpt but *not* a disk_format=raw, then raw can become "a non-bootable binary blob used for other purposes" ... which could be a kernel, ramdisk, or anything else. --Dan