Add TDX support on manager

cocos-manager.env

@@ -44,6 +44,9 @@ MANAGER_QEMU_SEV_ID=sev0
 MANAGER_QEMU_SEV_CBITPOS=51
 MANAGER_QEMU_SEV_REDUCED_PHYS_BITS=1
 MANAGER_QEMU_HOST_DATA=
+MANAGER_QEMU_TDX_ID=tdx0
+MANAGER_QEMU_QUOTE_GENERATION_PORT=4050
+MANAGER_QEMU_OVMF_FILE=/usr/share/ovmf/OVMF.fd
 MANAGER_QEMU_VSOCK_ID=vhost-vsock-pci0
 MANAGER_QEMU_VSOCK_GUEST_CID=3
 MANAGER_QEMU_VSOCK_VNC=0
@@ -51,6 +54,7 @@ MANAGER_QEMU_BIN_PATH=qemu-system-x86_64
 MANAGER_QEMU_USE_SUDO=true
 MANAGER_QEMU_ENABLE_SEV=false
 MANAGER_QEMU_ENABLE_SEV_SNP=false
+MANAGER_QEMU_ENABLE_TDX=false
 MANAGER_QEMU_IGVM_FILE=/etc/cocos/coconut-qemu.igvm
 MANAGER_QEMU_ENABLE_KVM=true
 MANAGER_QEMU_MACHINE=q35

go.mod

@@ -26,9 +26,13 @@ require (
 )
 
 require (
+	cloud.google.com/go/compute/metadata v0.6.0
 	cloud.google.com/go/storage v1.51.0
+	github.com/containerd/containerd v1.7.27
+	github.com/golang-jwt/jwt/v4 v4.5.1
 	github.com/golang-jwt/jwt/v5 v5.2.2
 	github.com/google/gce-tcb-verifier v0.3.1
+	github.com/google/go-tpm-tools/verifier v0.0.0-20250529173452-267b634acf4d
 )
 
 require (
@@ -36,7 +40,7 @@ require (
 	cloud.google.com/go v0.118.3 // indirect
 	cloud.google.com/go/auth v0.15.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
-	cloud.google.com/go/compute/metadata v0.6.0 // indirect
+	cloud.google.com/go/confidentialcomputing v1.8.0 // indirect
 	cloud.google.com/go/iam v1.4.1 // indirect
 	cloud.google.com/go/monitoring v1.24.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.26.0 // indirect
@@ -45,7 +49,9 @@ require (
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42 // indirect
+	github.com/containerd/errdefs v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
+	github.com/containerd/ttrpc v1.2.7 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
@@ -74,6 +80,7 @@ require (
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
 	github.com/zeebo/errs v1.4.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect

go.sum

@@ -8,6 +8,8 @@ cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74
 cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc=
 cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
 cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
+cloud.google.com/go/confidentialcomputing v1.8.0 h1:Ww6t7uhIqC21N+nFTRzb+UJbXRp6bBhhY3bGxc5mK/Y=
+cloud.google.com/go/confidentialcomputing v1.8.0/go.mod h1:XxFLLdm6WINyCXqpFDJArVYThgtgD3yHmbhteIJADgQ=
 cloud.google.com/go/iam v1.4.1 h1:cFC25Nv+u5BkTR/BT1tXdoF2daiVbZ1RLx2eqfQ9RMM=
 cloud.google.com/go/iam v1.4.1/go.mod h1:2vUEJpUG3Q9p2UdsyksaKpDzlwOrnMzS30isdReIcLM=
 cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc=
@@ -48,12 +50,19 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42 h1:Om6kYQYDUk5wWbT0t0q6pvyM49i9XZAv9dDrkDA7gjk=
 github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
+github.com/containerd/containerd v1.7.27 h1:yFyEyojddO3MIGVER2xJLWoCIn+Up4GaHFquP7hsFII=
+github.com/containerd/containerd v1.7.27/go.mod h1:xZmPnl75Vc+BLGt4MIfu6bp+fy03gdHAn9bz+FreFR0=
+github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4=
+github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/containerd/ttrpc v1.2.7 h1:qIrroQvuOL9HQ1X6KHe2ohc7p+HP/0VE6XPU7elJRqQ=
+github.com/containerd/ttrpc v1.2.7/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/danko-miladinovic/go-tpm-tools v0.0.0-20250228160324-1ebcfd79567c h1:gFo8kqRXFoM6ttqMrK+M3xffxco+Yj80kUo3NoMe8LU=
 github.com/danko-miladinovic/go-tpm-tools v0.0.0-20250228160324-1ebcfd79567c/go.mod h1:ktjTNq8yZFD6TzdBFefUfen96rF3NpYwpSb2d8bc+Y8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
@@ -103,6 +112,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
+github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
 github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
@@ -127,6 +138,8 @@ github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 h1:+MoPobRN9
 github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843/go.mod h1:g/n8sKITIT9xRivBUbizo34DTsUm2nN2uU3A662h09g=
 github.com/google/go-tpm v0.9.3 h1:+yx0/anQuGzi+ssRqeD6WpXjW2L/V0dItUayO0i9sRc=
 github.com/google/go-tpm v0.9.3/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
+github.com/google/go-tpm-tools/verifier v0.0.0-20250529173452-267b634acf4d h1:zol3YiAs1JL35CSWsFq1Adn3DHt6SKUMi4PfxDmEaec=
+github.com/google/go-tpm-tools/verifier v0.0.0-20250529173452-267b634acf4d/go.mod h1:hQ5bR5qES5FMITR7zt0ZqKrtpMhlLYBWwYjx2Uud3Lw=
 github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus=
 github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI=
 github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ=
@@ -294,6 +307,7 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

manager/README.md

@@ -48,6 +48,9 @@ The service is configured using the environment variables from the following tab
 | MANAGER_QEMU_SEV_REDUCED_PHYS_BITS         | The number of reduced physical address bits for SEV.                                                             | 1                              |
 | MANAGER_QEMU_ENABLE_HOST_DATA              | Enable additional data for the SEV host.                                                                         | false                          |
 | MANAGER_QEMU_HOST_DATA                     | Additional data for the SEV host.                                                                                |                                |
+| MANAGER_QEMU_TDX_ID                        | The ID for the Trust Domain Extensions (TDX) device.                                                             | tdx0                           |
+| MANAGER_QEMU_QUOTE_GENERATION_PORT         | The port number for virtual socket used to communicate with the Quote Generation Service (QGS).                  | 4050                           |
+| MANAGER_QEMU_OVMF_FILE                     | The file path for the OVMF file (combined OVMF_CODE and OVMF_VARS file).                                         | /usr/share/ovmf/OVMF.fd        |
 | MANAGER_QEMU_IGVM_ID                       | The ID of the IGVM file.                                                                                         | igvm0                          |
 | MANAGER_QEMU_IGVM_FILE                     | The file path to the IGVM file.                                                                                  | /root/coconut-qemu.igvm        |
 | MANAGER_QEMU_VSOCK_ID                      | The ID for the virtual socket device.                                                                            | vhost-vsock-pci0               |
@@ -57,6 +60,7 @@ The service is configured using the environment variables from the following tab
 | MANAGER_QEMU_USE_SUDO                      | Whether to use sudo to run QEMU.                                                                                 | false                          |
 | MANAGER_QEMU_ENABLE_SEV                    | Whether to enable Secure Encrypted Virtualization (SEV).                                                         | false                          |
 | MANAGER_QEMU_ENABLE_SEV_SNP                | Whether to enable Secure Nested Paging (SEV-SNP).                                                                | true                           |
+| MANAGER_QEMU_ENABLE_TDX                    | Whether to enable Trust Domain Extensions (TDX).                                                                 | false                          |
 | MANAGER_QEMU_ENABLE_KVM                    | Whether to enable the Kernel-based Virtual Machine (KVM) acceleration.                                           | true                           |
 | MANAGER_QEMU_MACHINE                       | The machine type for QEMU.                                                                                       | q35                            |
 | MANAGER_QEMU_CPU                           | The CPU model for QEMU.                                                                                          | EPYC                           |
@@ -268,6 +272,20 @@ MANAGER_QEMU_IGVM_FILE=<path to IGVM file> \
 ./build/cocos-manager
 ```
 
+To enable [TDX](https://www.intel.com/content/www/us/en/developer/tools/trust-domain-extensions/overview.html) support, start manager like this
+
+```sh
+MANAGER_GRPC_URL=localhost:7001 \
+MANAGER_LOG_LEVEL=debug \
+MANAGER_QEMU_ENABLE_SEV=false \
+MANAGER_QEMU_ENABLE_SEV_SNP=false \
+MANAGER_QEMU_ENABLE_TDX=true \
+MANAGER_QEMU_CPU=host \
+MANAGER_QEMU_BIN_PATH=<path to QEMU binary> \
+MANAGER_QEMU_OVMF_FILE=<path to OVMF file> \
+./build/cocos-manager
+```
+
 ### Troubleshooting
 
 If the `ps aux | grep qemu-system-x86_64` give you something like this

manager/attestation_policy.go

@@ -110,8 +110,8 @@ func (ms *managerService) FetchAttestationPolicy(_ context.Context, computationI
 		attestationPolicy.Config.Policy.Measurement = measurement
 	}
 
-	if vmi.Config.SevConfig.EnableHostData {
-		hostData, err := base64.StdEncoding.DecodeString(vmi.Config.SevConfig.HostData)
+	if vmi.Config.SEVConfig.EnableHostData {
+		hostData, err := base64.StdEncoding.DecodeString(vmi.Config.SEVConfig.HostData)
 		if err != nil {
 			return nil, err
 		}

manager/qemu/config.go

@@ -10,6 +10,7 @@ import (
 const (
 	BaseGuestCID      = 3
 	KernelCommandLine = "quiet console=null"
+	TdxObject         = "'{\"qom-type\":\"tdx-guest\",\"id\":\"%s\",\"quote-generation-socket\":{\"type\": \"vsock\", \"cid\":\"2\",\"port\":\"%d\"}}'"
 )
 
 type MemoryConfig struct {
@@ -52,7 +53,7 @@ type DiskImgConfig struct {
 	RootFsFile string `env:"DISK_IMG_ROOTFS_FILE" envDefault:"img/rootfs.cpio.gz"`
 }
 
-type SevConfig struct {
+type SEVConfig struct {
 	ID              string `env:"SEV_ID"                envDefault:"sev0"`
 	CBitPos         int    `env:"SEV_CBITPOS"           envDefault:"51"`
 	ReducedPhysBits int    `env:"SEV_REDUCED_PHYS_BITS" envDefault:"1"`
@@ -60,6 +61,12 @@ type SevConfig struct {
 	HostData        string `env:"HOST_DATA"             envDefault:""`
 }
 
+type TDXConfig struct {
+	ID                  string `env:"TDX_ID"                  envDefault:"tdx0"`
+	QuoteGenerationPort int    `env:"QUOTE_GENERATION_PORT"   envDefault:"4050"`
+	OVMF                string `env:"OVMF_FILE"               envDefault:"/usr/share/ovmf/OVMF.fd"`
+}
+
 type IGVMConfig struct {
 	ID   string `env:"IGVM_ID"        envDefault:"igvm0"`
 	File string `env:"IGVM_FILE"      envDefault:"/root/coconut-qemu.igvm"`
@@ -75,6 +82,7 @@ type Config struct {
 	UseSudo      bool   `env:"USE_SUDO"       envDefault:"false"`
 	EnableSEV    bool   `env:"ENABLE_SEV"     envDefault:"false"`
 	EnableSEVSNP bool   `env:"ENABLE_SEV_SNP" envDefault:"true"`
+	EnableTDX    bool   `env:"ENABLE_TDX"     envDefault:"false"`
 
 	EnableKVM bool `env:"ENABLE_KVM" envDefault:"true"`
 
@@ -101,7 +109,10 @@ type Config struct {
 	DiskImgConfig
 
 	// SEV
-	SevConfig
+	SEVConfig
+
+	// TDX
+	TDXConfig
 
 	// vTPM
 	IGVMConfig
@@ -142,7 +153,7 @@ func (config Config) ConstructQemuArgs() []string {
 		config.MemoryConfig.Slots,
 		config.MemoryConfig.Max))
 
-	if !config.EnableSEVSNP {
+	if !config.EnableSEVSNP && !config.EnableTDX {
 		// OVMF
 		args = append(args, "-drive",
 			fmt.Sprintf("if=%s,format=%s,unit=%d,file=%s,readonly=%s",
@@ -183,15 +194,15 @@ func (config Config) ConstructQemuArgs() []string {
 
 		args = append(args, "-machine",
 			fmt.Sprintf("confidential-guest-support=%s,memory-backend=%s,igvm-cfg=%s",
-				config.SevConfig.ID,
+				config.SEVConfig.ID,
 				config.MemID,
 				config.IGVMConfig.ID))
 
 		if config.EnableSEVSNP {
 			sevType = "sev-snp-guest"
 
-			if config.SevConfig.EnableHostData {
-				hostData = fmt.Sprintf(",host-data=%s", config.SevConfig.HostData)
+			if config.SEVConfig.EnableHostData {
+				hostData = fmt.Sprintf(",host-data=%s", config.SEVConfig.HostData)
 			}
 		}
 
@@ -203,9 +214,9 @@ func (config Config) ConstructQemuArgs() []string {
 		args = append(args, "-object",
 			fmt.Sprintf("%s,id=%s,cbitpos=%d,reduced-phys-bits=%d%s",
 				sevType,
-				config.SevConfig.ID,
-				config.SevConfig.CBitPos,
-				config.SevConfig.ReducedPhysBits,
+				config.SEVConfig.ID,
+				config.SEVConfig.CBitPos,
+				config.SEVConfig.ReducedPhysBits,
 				hostData))
 
 		args = append(args, "-object",
@@ -214,6 +225,26 @@ func (config Config) ConstructQemuArgs() []string {
 				config.IGVMConfig.File))
 	}
 
+	if config.EnableTDX {
+		args = append(args, "-object",
+			fmt.Sprintf(TdxObject,
+				config.TDXConfig.ID,
+				config.TDXConfig.QuoteGenerationPort))
+
+		args = append(args, "-machine",
+			fmt.Sprintf("confidential-guest-support=%s,memory-backend=%s,hpet=off",
+				config.TDXConfig.ID,
+				config.MemID))
+
+		args = append(args, "-object",
+			fmt.Sprintf("memory-backend-memfd,id=%s,size=%s,share=true,prealloc=false",
+				config.MemID,
+				config.MemoryConfig.Size))
+
+		args = append(args, "-bios", config.TDXConfig.OVMF)
+		args = append(args, "-nodefaults")
+	}
+
 	args = append(args, "-kernel", config.DiskImgConfig.KernelFile)
 	args = append(args, "-append", strconv.Quote(KernelCommandLine))
 	args = append(args, "-initrd", config.DiskImgConfig.RootFsFile)

manager/qemu/config_test.go

@@ -127,7 +127,7 @@ func TestConstructQemuArgs(t *testing.T) {
 					KernelFile: "img/bzImage",
 					RootFsFile: "img/rootfs.cpio.gz",
 				},
-				SevConfig: SevConfig{
+				SEVConfig: SEVConfig{
 					ID:              "sev0",
 					CBitPos:         51,
 					ReducedPhysBits: 1,
@@ -174,7 +174,7 @@ func TestConstructQemuArgs(t *testing.T) {
 func TestConstructQemuArgs_HostData(t *testing.T) {
 	config := Config{
 		EnableSEVSNP: true,
-		SevConfig: SevConfig{
+		SEVConfig: SEVConfig{
 			ID:              "sev0",
 			CBitPos:         51,
 			ReducedPhysBits: 1,

manager/qemu/vm.go

@@ -60,7 +60,8 @@ func (v *qemuVM) Start() (err error) {
 	}
 
 	v.vmi.Config.NetDevConfig.ID = fmt.Sprintf("%s-%s", v.vmi.Config.NetDevConfig.ID, id)
-	v.vmi.Config.SevConfig.ID = fmt.Sprintf("%s-%s", v.vmi.Config.SevConfig.ID, id)
+	v.vmi.Config.SEVConfig.ID = fmt.Sprintf("%s-%s", v.vmi.Config.SEVConfig.ID, id)
+	v.vmi.Config.TDXConfig.ID = fmt.Sprintf("%s-%s", v.vmi.Config.TDXConfig.ID, id)
 
 	if !v.vmi.Config.EnableSEVSNP {
 		// Copy firmware vars file.

manager/service.go

@@ -218,7 +218,7 @@ func (ms *managerService) CreateVM(ctx context.Context, req *CreateReq) (string,
 	if cfg.Config.EnableSEVSNP {
 		todo := sha3.Sum256([]byte("TODO"))
 		// Define host-data value of QEMU for SEV-SNP, with a base64 encoding of the computation hash.
-		cfg.Config.SevConfig.HostData = base64.StdEncoding.EncodeToString(todo[:])
+		cfg.Config.SEVConfig.HostData = base64.StdEncoding.EncodeToString(todo[:])
 	}
 
 	cvm := ms.vmFactory(cfg, id, ms.logger)