diff --git a/tools/packaging/static-build/ovmf/Dockerfile b/tools/packaging/static-build/ovmf/Dockerfile index a9a148a756..78acaccfe7 100644 --- a/tools/packaging/static-build/ovmf/Dockerfile +++ b/tools/packaging/static-build/ovmf/Dockerfile @@ -14,9 +14,15 @@ RUN apt-get update && \ git \ iasl \ make \ - nasm \ python \ python3 \ python3-distutils \ uuid-dev && \ - apt-get clean && rm -rf /var/lib/lists/ + apt-get clean && rm -rf /var/lib/lists/ && \ + cd /tmp && curl -fsLO https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/nasm-2.15.05.tar.gz && \ + tar xf nasm-2.15.05.tar.gz && \ + cd nasm-2.15.05 && \ + ./configure && \ + make -j"$(nproc)" && \ + make install && \ + cd /tmp && rm -r nasm-2.15.05* diff --git a/tools/packaging/static-build/ovmf/build-ovmf.sh b/tools/packaging/static-build/ovmf/build-ovmf.sh index 936b53be31..ebdf0669f3 100755 --- a/tools/packaging/static-build/ovmf/build-ovmf.sh +++ b/tools/packaging/static-build/ovmf/build-ovmf.sh @@ -56,7 +56,7 @@ fi info "Building ovmf" build_cmd="build -b ${build_target} -t ${toolchain} -a ${architecture} -p ${ovmf_package}" if [ "${ovmf_build}" == "tdx" ]; then - build_cmd+=" -D DEBUG_ON_SERIAL_PORT=TRUE -D TDX_MEM_PARTIAL_ACCEPT=512 -D TDX_EMULATION_ENABLE=FALSE -D TDX_ACCEPT_PAGE_SIZE=2M" + build_cmd+=" -D DEBUG_ON_SERIAL_PORT=FALSE -D TDX_MEM_PARTIAL_ACCEPT=512 -D TDX_EMULATION_ENABLE=FALSE -D SECURE_BOOT_ENABLE=TRUE -D TDX_ACCEPT_PAGE_SIZE=2M" fi eval "${build_cmd}" @@ -70,7 +70,6 @@ if [ "${ovmf_build}" == "tdx" ]; then build_path_arch="${build_path_target_toolchain}/X64" stat "${build_path_fv}/OVMF_CODE.fd" stat "${build_path_fv}/OVMF_VARS.fd" - stat "${build_path_arch}/DumpTdxEventLog.efi" fi #need to leave tmp dir @@ -87,7 +86,6 @@ install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF.fd "${install_dir}" if [ "${ovmf_build}" == "tdx" ]; then install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF_CODE.fd ${install_dir} install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF_VARS.fd ${install_dir} - install $build_root/$ovmf_dir/"${build_path_arch}"/DumpTdxEventLog.efi ${install_dir} fi local_dir=${PWD} diff --git a/tools/packaging/static-build/ovmf/build.sh b/tools/packaging/static-build/ovmf/build.sh index 53444254b1..4640e2ac78 100755 --- a/tools/packaging/static-build/ovmf/build.sh +++ b/tools/packaging/static-build/ovmf/build.sh @@ -24,11 +24,7 @@ ovmf_package="${ovmf_package:-}" package_output_dir="${package_output_dir:-}" if [ -z "$ovmf_repo" ]; then - if [ "${ovmf_build}" == "tdx" ]; then - ovmf_repo=$(get_from_kata_deps "externals.ovmf.tdx.url" "${kata_version}") - else - ovmf_repo=$(get_from_kata_deps "externals.ovmf.url" "${kata_version}") - fi + ovmf_repo=$(get_from_kata_deps "externals.ovmf.url" "${kata_version}") fi [ -n "$ovmf_repo" ] || die "failed to get ovmf repo" diff --git a/versions.yaml b/versions.yaml index ef0288a4d3..1c92412cbe 100644 --- a/versions.yaml +++ b/versions.yaml @@ -279,11 +279,11 @@ externals: package: "OvmfPkg/AmdSev/AmdSevX64.dsc" package_output_dir: "AmdSev" tdx: - url: "https://github.com/tianocore/edk2-staging" - description: "TDVF build needed for TDX measured direct boot." - version: "2022-tdvf-ww28.5" - package: "OvmfPkg/OvmfPkgX64.dsc" - package_output_dir: "OvmfX64" + # yamllint disable-line rule:line-length + description: "QEMU with TDX support - based on https://github.com/intel/tdx-tools/releases/tag/2023ww01" + version: "edk2-stable202211" + package: "OvmfPkg/IntelTdx/IntelTdxX64.dsc" + package_output_dir: "IntelTdx" td-shim: description: "Confidential Containers Shim Firmware"