github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-17 15:38:00 +00:00
Code Issues Projects Releases Wiki Activity

kernel: SEV guest kernel upgrade to 5.19.2

Browse Source 
kernel: Update SEV guest kernel to 5.19.2

Kernel 5.19.2 has all the needed patches for running SEV, thus let's update it and stop using the version coming from confidential-containers.

Signed-Off-By: Ryan Savino <ryan.savino@amd.com>
This commit is contained in:
Ryan Savino 2022-08-10 13:32:54 -05:00
parent 0d9d8d63ea
commit 00aadfe20a
4 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
tools/packaging/kernel/build-kernel.sh
View File

@ -127,7 +127,10 @@ get_tee_kernel() {
mkdir -p ${kernel_path} mkdir -p ${kernel_path}
[ -z "${kernel_url}" ] && kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url") [ -z "${kernel_url}" ] && kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url")
kernel_tarball="${version}.tar.gz"
kernel_tarball="linux-${version}.tar.gz"
tarball_name=$(get_from_kata_deps "assets.kernel.${tee}.tarball")
[ -z "$tarball_name" ] || kernel_tarball="$tarball_name"
if [ ! -f "${kernel_tarball}" ]; then if [ ! -f "${kernel_tarball}" ]; then
curl --fail -OL "${kernel_url}/${kernel_tarball}" curl --fail -OL "${kernel_url}/${kernel_tarball}"
@ -553,7 +556,8 @@ main() {
esac esac
elif [[ "${conf_guest}" != "" ]]; then elif [[ "${conf_guest}" != "" ]]; then
#If specifying a tag for kernel_version, must be formatted version-like to avoid unintended parsing issues #If specifying a tag for kernel_version, must be formatted version-like to avoid unintended parsing issues
kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.tag") kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.version" 2>/dev/null || true)
[ -n "${kernel_version}" ] || kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.tag")
else else
kernel_version=$(get_from_kata_deps "assets.kernel.version") kernel_version=$(get_from_kata_deps "assets.kernel.version")
fi fi

9
tools/packaging/kernel/configs/fragments/x86_64/sev/sev.conf
View File

@ -1,12 +1,9 @@
# AMD Secure Encrypted Virtualization (SEV) # AMD Secure Encrypted Virtualization (SEV)
CONFIG_AMD_MEM_ENCRYPT=y CONFIG_AMD_MEM_ENCRYPT=y
CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y
CONFIG_CRYPTO_DEV_SP_PSP=y
CONFIG_CRYPTO_DEV_CCP=y
CONFIG_SECURITYFS=y
CONFIG_VIRT_DRIVERS=y
CONFIG_EFI=y CONFIG_EFI=y
CONFIG_EFI_SECRET=m CONFIG_EFI_SECRET=m
CONFIG_EFI_STUB=y
CONFIG_MODULE_SIG=y CONFIG_MODULE_SIG=y
CONFIG_MODULES=y CONFIG_MODULES=y
CONFIG_VIRT_DRIVERS=y

2
tools/packaging/kernel/kata_config_version
View File

@ -1 +1 @@
94 95

8
versions.yaml
View File

@ -158,11 +158,11 @@ assets:
description: "Linux kernel that supports TDX" description: "Linux kernel that supports TDX"
url: "https://github.com/intel/linux-kernel-dcp/archive/refs/tags" url: "https://github.com/intel/linux-kernel-dcp/archive/refs/tags"
tag: "SPR-BKC-PC-v9.6" tag: "SPR-BKC-PC-v9.6"
tarball: "SPR-BKC-PC-v9.6.tar.gz"
sev: sev:
description: "Linux kernel with efi_secret support" description: "Linux kernel that supports SEV"
url: "https://github.com/confidential-containers-demo/\ url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
linux/archive/refs/tags/" version: "v5.19.2"
tag: "efi-secret-v5.17-rc6"
kernel-experimental: kernel-experimental:
description: "Linux kernel with virtio-fs support" description: "Linux kernel with virtio-fs support"