packaging: add support to build OVMF for SEV

SEV requires special OVMF to work with kernel hashes. Thus, adding changes that builds this custom OVMF for SEV. Fixes: #6572 Signed-Off-By: Unmesh Deodhar <udeodhar@amd.com>
2025-06-25 15:02:45 +00:00 · 2023-04-21 02:34:23 +00:00 · 2023-04-21 02:34:23 +00:00 · 12c5ef9020
commit 12c5ef9020
parent b87820ee8c
5 changed files with 21 additions and 2 deletions
--- a/src/runtime/Makefile
+++ b/src/runtime/Makefile
@ -126,6 +126,8 @@ FIRMWAREVOLUMEPATH :=
 FIRMWARETDVFPATH := $(PREFIXDEPS)/share/tdvf/OVMF.fd
 FIRMWARETDVFVOLUMEPATH :=

+FIRMWARESEVPATH := $(PREFIXDEPS)/share/ovmf/AMDSEV.fd
+
 # Name of default configuration file the runtime will use.
 CONFIG_FILE = configuration.toml

--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@ -30,6 +30,7 @@ all: serial-targets \
 	kernel-gpu-snp-tarball \
 	kernel-gpu-tdx-experimental-tarball \
 	nydus-tarball \
+	ovmf-sev-tarball \
 	qemu-tarball \
 	qemu-tdx-experimental-tarball \
 	shim-v2-tarball \
@ -79,6 +80,9 @@ kernel-sev-tarball:
 nydus-tarball:
 	${MAKE} $@-build

+ovmf-sev-tarball:
+	${MAKE} $@-build
+
 qemu-tarball:
 	${MAKE} $@-build

--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@ -87,6 +87,7 @@ options:
 	kernel-gpu-snp
 	kernel-gpu-tdx-experimental
 	nydus
+	ovmf-sev
 	qemu
 	qemu-tdx-experimental
 	rootfs-image
@ -453,6 +454,11 @@ install_tdvf() {
 	install_ovmf "tdx" "edk2-tdx.tar.gz"
 }

+# Install OVMF SEV
+install_ovmf_sev() {
+	install_ovmf "sev" "edk2-sev.tar.gz"
+}
+
 get_kata_version() {
 	local v
 	v=$(cat "${version_file}")
@ -479,6 +485,7 @@ handle_build() {
 		install_kernel_dragonball_experimental
 		install_kernel_tdx_experimental
 		install_nydus
+		install_ovmf_sev
 		install_qemu
 		install_qemu_tdx_experimental
 		install_shimv2
@ -502,6 +509,8 @@ handle_build() {

 	kernel-sev) install_kernel_sev ;;

+	ovmf-sev) install_ovmf_sev ;;
+
 	kernel-gpu) install_kernel_gpu ;;

 	kernel-gpu-snp) install_kernel_gpu_snp;;
--- a/tools/packaging/static-build/ovmf/build-ovmf.sh
+++ b/tools/packaging/static-build/ovmf/build-ovmf.sh
@ -82,7 +82,11 @@ if [ "${ovmf_build}" == "tdx" ]; then
 fi

 mkdir -p "${install_dir}"
-install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF.fd "${install_dir}"
+if [ "${ovmf_build}" == "sev" ]; then
+	install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF.fd "${install_dir}/AMDSEV.fd"
+else
+	install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF.fd "${install_dir}"
+fi
 if [ "${ovmf_build}" == "tdx" ]; then
 	install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF_CODE.fd ${install_dir}
 	install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF_VARS.fd ${install_dir}
--- a/versions.yaml
+++ b/versions.yaml
@ -278,7 +278,7 @@ externals:
      package_output_dir: "OvmfX64"
    sev:
      description: "AmdSev build needed for SEV measured direct boot."
-      version: "edk2-stable202202"
+      version: "edk2-stable202302"
      package: "OvmfPkg/AmdSev/AmdSevX64.dsc"
      package_output_dir: "AmdSev"
    tdx: