openshift
diff --git a/‎machine/v1beta1/types_awsprovider.go
Lines changed: 33 additions & 0 deletions b/‎machine/v1beta1/types_awsprovider.go
Lines changed: 33 additions & 0 deletions
diff --git a/‎machine/v1beta1/zz_generated.deepcopy.go
Lines changed: 17 additions & 0 deletions b/‎machine/v1beta1/zz_generated.deepcopy.go
Lines changed: 17 additions & 0 deletions
diff --git a/‎machine/v1beta1/zz_generated.swagger_doc_generated.go
Lines changed: 10 additions & 0 deletions b/‎machine/v1beta1/zz_generated.swagger_doc_generated.go
Lines changed: 10 additions & 0 deletions
diff --git a/‎openapi/generated_openapi/zz_generated.openapi.go
Lines changed: 29 additions & 1 deletion b/‎openapi/generated_openapi/zz_generated.openapi.go
Lines changed: 29 additions & 1 deletion
diff --git a/‎openapi/openapi.json
Lines changed: 15 additions & 0 deletions b/‎openapi/openapi.json
Lines changed: 15 additions & 0 deletions
@@ -17,6 +17,10 @@ type AWSMachineProviderConfig struct {
 	AMI AWSResourceReference `json:"ami"`
 	// instanceType is the type of instance to create. Example: m4.xlarge
 	InstanceType string `json:"instanceType"`
+	// cpuOptions defines CPU-related settings for the instance, including the confidential computing policy.
+	// If unset, no CPU options will be passed to the AWS platform and AWS default CPU options will be applied.
+	// +optional
+	CPUOptions CPUOptions `json:"cpuOptions,omitempty,omitzero"`
 	// tags is the set of tags to add to apply to an instance, in addition to the ones
 	// added by default by the actuator. These tags are additive. The actuator will ensure
 	// these tags are present, but will not remove any other tags that may exist on the
@@ -109,6 +113,35 @@ type AWSMachineProviderConfig struct {
 	MarketType MarketType `json:"marketType,omitempty"`
 }
 
+// AWSConfidentialComputePolicy represents the confidential compute configuration for the instance.
+// +kubebuilder:validation:Enum=Disabled;AmdSevSnp
+type AWSConfidentialComputePolicy string
+
+const (
+	// AWSConfidentialComputePolicyNone disables confidential computing for the instance.
+	AWSConfidentialComputePolicyNone AWSConfidentialComputePolicy = "None"
+	// AWSConfidentialComputePolicySEVSNP enables AMD SEV-SNP as the confidential computing technology for the instance.
+	AWSConfidentialComputePolicySEVSNP AWSConfidentialComputePolicy = "AmdSevSnp"
+)
+
+// CPUOptions defines CPU-related settings for the instance, including the confidential computing policy.
+// +kubebuilder:validation:MinProperties=1
+type CPUOptions struct {
+	// confidentialCompute specifies whether confidential computing should be enabled for the instance,
+	// and, if so, which confidential computing technology to use.
+	// Valid values are: None, AmdSev
+	// When set to None, confidential computing will be disabled for the instance.
+	// When set to AmdSevSnp, AMD SEV-SNP will be used as the confidential computing technology for the instance.
+	// In this case, ensure the following conditions are met:
+	// 1) The selected instance type supports AMD SEV-SNP.
+	// 2) The selected AWS region supports AMD SEV-SNP.
+	// 3) The selected AMI supports AMD SEV-SNP.
+	// More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html
+	// When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change without notice. The current default is Disabled.
+	// +optional
+	ConfidentialCompute AWSConfidentialComputePolicy `json:"confidentialCompute,omitempty"`
+}
+
 // BlockDeviceMappingSpec describes a block device mapping
 type BlockDeviceMappingSpec struct {
 	// The device name exposed to the machine (for example, /dev/sdh or xvdh).
 
@@ -21953,6 +21953,11 @@
           "type": "string",
           "default": ""
         },
+        "cpuOptions": {
+          "description": "cpuOptions defines CPU-related settings for the instance, including the confidential computing policy. If unset, no CPU options will be passed to the AWS platform and AWS default CPU options will be applied.",
+          "default": {},
+          "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.CPUOptions"
+        },
         "credentialsSecret": {
           "description": "credentialsSecret is a reference to the secret with AWS credentials. Otherwise, defaults to permissions provided by attached IAM role where the actuator is running.",
           "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference"
@@ -22428,6 +22433,16 @@
         }
       }
     },
+    "com.github.openshift.api.machine.v1beta1.CPUOptions": {
+      "description": "CPUOptions defines CPU-related settings for the instance, including the confidential computing policy.",
+      "type": "object",
+      "properties": {
+        "confidentialCompute": {
+          "description": "confidentialCompute specifies whether confidential computing should be enabled for the instance, and, if so, which confidential computing technology to use. Valid values are: None, AmdSev When set to None, confidential computing will be disabled for the instance. When set to AmdSevSnp, AMD SEV-SNP will be used as the confidential computing technology for the instance. In this case, ensure the following conditions are met: 1) The selected instance type supports AMD SEV-SNP. 2) The selected AWS region supports AMD SEV-SNP. 3) The selected AMI supports AMD SEV-SNP. More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change without notice. The current default is Disabled.",
+          "type": "string"
+        }
+      }
+    },
     "com.github.openshift.api.machine.v1beta1.Condition": {
       "description": "Condition defines an observation of a Machine API resource operational state.",
       "type": "object",