microsoft
diff --git a/‎go.mod‎
Lines changed: 1 addition & 1 deletion b/‎go.mod‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎go.sum‎
Lines changed: 2 additions & 2 deletions b/‎go.sum‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎internal/uvm/create_wcow.go‎
Lines changed: 17 additions & 0 deletions b/‎internal/uvm/create_wcow.go‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎test/go.mod‎
Lines changed: 1 addition & 1 deletion b/‎test/go.mod‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎test/go.sum‎
Lines changed: 2 additions & 2 deletions b/‎test/go.sum‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎vendor/github.com/Microsoft/go-winio/.golangci.yml‎
Lines changed: 4 additions & 0 deletions b/‎vendor/github.com/Microsoft/go-winio/.golangci.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎vendor/github.com/Microsoft/go-winio/backup.go‎
Lines changed: 0 additions & 1 deletion b/‎vendor/github.com/Microsoft/go-winio/backup.go‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎vendor/github.com/Microsoft/go-winio/backuptar/tar.go‎
Lines changed: 0 additions & 1 deletion b/‎vendor/github.com/Microsoft/go-winio/backuptar/tar.go‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎vendor/github.com/Microsoft/go-winio/file.go‎
Lines changed: 0 additions & 1 deletion b/‎vendor/github.com/Microsoft/go-winio/file.go‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎vendor/github.com/Microsoft/go-winio/fileinfo.go‎
Lines changed: 0 additions & 1 deletion b/‎vendor/github.com/Microsoft/go-winio/fileinfo.go‎
Lines changed: 0 additions & 1 deletion
@@ -5,7 +5,7 @@ go 1.23.0
 require (
 	github.com/Microsoft/cosesign1go v1.4.0
 	github.com/Microsoft/didx509go v0.0.3
-	github.com/Microsoft/go-winio v0.6.2
+	github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29
 	github.com/blang/semver/v4 v4.0.0
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/containerd/cgroups/v3 v3.0.5
 
@@ -5,8 +5,8 @@ github.com/Microsoft/cosesign1go v1.4.0 h1:VdiqzsilEE6t1GQi98I/h0WpVFM7AyMEeyP8u
 github.com/Microsoft/cosesign1go v1.4.0/go.mod h1:1La/HcGw19rRLhPW0S6u55K6LKfti+GQSgGCtrfhVe8=
 github.com/Microsoft/didx509go v0.0.3 h1:n/owuFOXVzCEzSyzivMEolKEouBm9G0NrEDgoTekM8A=
 github.com/Microsoft/didx509go v0.0.3/go.mod h1:wWt+iQsLzn3011+VfESzznLIp/Owhuj7rLF7yLglYbk=
-github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
-github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29 h1:0kQAzHq8vLs7Pptv+7TxjdETLf/nIqJpIB4oC6Ba4vY=
+github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29/go.mod h1:ZWa7ssZJT30CCDGJ7fk/2SBTq9BIQrrVjrcss0UW2s0=
 github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
 github.com/agnivade/levenshtein v1.2.0 h1:U9L4IOT0Y3i0TIlUIDJ7rVUziKi/zPbrJGaFrtYH3SY=
 
@@ -12,6 +12,7 @@ import (
 
 	"github.com/Microsoft/go-winio"
 	"github.com/Microsoft/go-winio/pkg/guid"
+	"github.com/Microsoft/go-winio/vhd"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"go.opencensus.io/trace"
@@ -31,6 +32,18 @@ import (
 	"github.com/Microsoft/hcsshim/pkg/securitypolicy"
 )
 
+var (
+	// A predefined GUID for UtilityVMs to identify a scratch VHD that is completely empty/unformatted.
+	// This GUID is set in the metadata of the VHD and thus can be reliably used to identify the disk.
+	// a7b3c5d1-4e2f-4a8b-9c6d-1e3f5a7b9c2d
+	unformattedScratchIdentifier = &guid.GUID{
+		Data1: 0xa7b3c5d1,
+		Data2: 0x4e2f,
+		Data3: 0x4a8b,
+		Data4: [8]byte{0x9c, 0x6d, 0x1e, 0x3f, 0x5a, 0x7b, 0x9c, 0x2d},
+	}
+)
+
 type ConfidentialWCOWOptions struct {
 	GuestStateFilePath     string // The vmgs file path
 	SecurityPolicyEnabled  bool   // Set when there is a security policy to apply on actual SNP hardware, use this rathen than checking the string length
@@ -406,6 +419,10 @@ func prepareSecurityConfigDoc(ctx context.Context, uvm *UtilityVM, opts *Options
 		return nil, errors.Wrap(err, "failed to grant vm access to scratch VHD")
 	}
 
+	if err = vhd.SetVirtualDiskIdentifier(opts.BootFiles.BlockCIMFiles.ScratchVHDPath, *unformattedScratchIdentifier); err != nil {
+		return nil, fmt.Errorf("process option virtual disk identifier: %w", err)
+	}
+
 	// boot depends on scratch being attached at LUN 0, it MUST ALWAYS remain at LUN 0
 	doc.VirtualMachine.Devices.Scsi[guestrequest.ScsiControllerGuids[0]].Attachments["0"] = hcsschema.Attachment{
 		Path:  opts.BootFiles.BlockCIMFiles.ScratchVHDPath,
 
@@ -3,7 +3,7 @@ module github.com/Microsoft/hcsshim/test
 go 1.23.0
 
 require (
-	github.com/Microsoft/go-winio v0.6.2
+	github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29
 	github.com/Microsoft/hcsshim v0.13.0
 	github.com/containerd/cgroups/v3 v3.0.5
 	github.com/containerd/containerd/api v1.9.0
 
@@ -6,8 +6,8 @@ github.com/Microsoft/cosesign1go v1.4.0 h1:VdiqzsilEE6t1GQi98I/h0WpVFM7AyMEeyP8u
 github.com/Microsoft/cosesign1go v1.4.0/go.mod h1:1La/HcGw19rRLhPW0S6u55K6LKfti+GQSgGCtrfhVe8=
 github.com/Microsoft/didx509go v0.0.3 h1:n/owuFOXVzCEzSyzivMEolKEouBm9G0NrEDgoTekM8A=
 github.com/Microsoft/didx509go v0.0.3/go.mod h1:wWt+iQsLzn3011+VfESzznLIp/Owhuj7rLF7yLglYbk=
-github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
-github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29 h1:0kQAzHq8vLs7Pptv+7TxjdETLf/nIqJpIB4oC6Ba4vY=
+github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29/go.mod h1:ZWa7ssZJT30CCDGJ7fk/2SBTq9BIQrrVjrcss0UW2s0=
 github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
 github.com/agnivade/levenshtein v1.2.0 h1:U9L4IOT0Y3i0TIlUIDJ7rVUziKi/zPbrJGaFrtYH3SY=