microsoft · ambarve · Sep 17, 2025 · Sep 15, 2025 · Sep 15, 2025 · Sep 15, 2025
@@ -15,6 +15,7 @@ import (
 	"github.com/Microsoft/hcsshim/internal/gcs/prot"
 	shimlog "github.com/Microsoft/hcsshim/internal/log"
 	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/Microsoft/hcsshim/internal/pspdriver"
 	"github.com/Microsoft/hcsshim/pkg/securitypolicy"
 	"github.com/sirupsen/logrus"
 	"go.opencensus.io/trace"
@@ -214,24 +215,17 @@ func main() {
 		return
 	}
 
-	// gcs-sidecar can be used for non-confidentail hyperv wcow
-	// as well. So we do not always want to check for initialPolicyStance
-	var initialEnforcer securitypolicy.SecurityPolicyEnforcer
-	// TODO (kiashok/Mahati): The initialPolicyStance is set to allow
-	// only for dev. This will eventually be set to allow/deny depending on
-	// on whether SNP is supported or not.
-	initialPolicyStance := "allow"
-	switch initialPolicyStance {
-	case "allow":
-		initialEnforcer = &securitypolicy.OpenDoorSecurityPolicyEnforcer{}
-		logrus.Tracef("initial-policy-stance: allow")
-	case "deny":
-		initialEnforcer = &securitypolicy.ClosedDoorSecurityPolicyEnforcer{}
-		logrus.Tracef("initial-policy-stance: deny")
-	default:
-		logrus.Error("unknown initial-policy-stance")
+	if err := pspdriver.StartPSPDriver(ctx); err != nil {
+		// When error happens, pspdriver.GetPspDriverError() returns true.
+		// In that case, gcs-sidecar should keep the initial "deny" policy
+		// and reject all requests from the host.
+		logrus.WithError(err).Errorf("failed to start PSP driver")
 	}
 
+	// Use "deny" policy as initial enforcer.
+	// This is updated later with user provided policy.
+	initialEnforcer := &securitypolicy.ClosedDoorSecurityPolicyEnforcer{}
+
 	// 3. Create bridge and initializa
 	brdg := sidecar.NewBridge(shimCon, gcsCon, initialEnforcer)
 	brdg.AssignHandlers()

@@ -323,7 +323,7 @@ func (b *Bridge) modifySettings(req *request) (err error) {
 		case guestresource.ResourceTypeSecurityPolicy:
 			securityPolicyRequest := modifyGuestSettingsRequest.Settings.(*guestresource.WCOWConfidentialOptions)
 			log.G(ctx).Tracef("WCOWConfidentialOptions: { %v}", securityPolicyRequest)
-			_ = b.hostState.SetWCOWConfidentialUVMOptions(securityPolicyRequest)
+			_ = b.hostState.SetWCOWConfidentialUVMOptions(ctx, securityPolicyRequest)
 
 			// Send response back to shim
 			resp := &prot.ResponseBase{

@@ -4,12 +4,14 @@
 package bridge
 
 import (
-	"errors"
+	"context"
 	"fmt"
 	"sync"
 
 	"github.com/Microsoft/hcsshim/internal/protocol/guestresource"
+	"github.com/Microsoft/hcsshim/internal/pspdriver"
 	"github.com/Microsoft/hcsshim/pkg/securitypolicy"
+	"github.com/pkg/errors"
 )
 
 type Host struct {
@@ -32,14 +34,30 @@ func NewHost(initialEnforcer securitypolicy.SecurityPolicyEnforcer) *Host {
 	}
 }
 
-func (h *Host) SetWCOWConfidentialUVMOptions(securityPolicyRequest *guestresource.WCOWConfidentialOptions) error {
+func (h *Host) SetWCOWConfidentialUVMOptions(ctx context.Context, securityPolicyRequest *guestresource.WCOWConfidentialOptions) error {
 	h.policyMutex.Lock()
 	defer h.policyMutex.Unlock()
 
 	if h.securityPolicyEnforcerSet {
 		return errors.New("security policy has already been set")
 	}
 
+	if err := pspdriver.GetPspDriverError(); err != nil {
+		// For this case gcs-sidecar will keep initial deny policy.
+		return errors.Wrapf(err, "an error occurred while using PSP driver")
+	}
+
+	// Fetch report and validate host_data
+	hostData, err := securitypolicy.NewSecurityPolicyDigest(securityPolicyRequest.EncodedSecurityPolicy)
+	if err != nil {
+		return err
+	}
+
+	if err := pspdriver.ValidateHostData(ctx, hostData[:]); err != nil {
+		// For this case gcs-sidecar will keep initial deny policy.
+		return err
+	}
+
 	// This limit ensures messages are below the character truncation limit that
 	// can be imposed by an orchestrator
 	maxErrorMessageLength := 3 * 1024