github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-31 16:36:38 +00:00
Code Issues Projects Releases Wiki Activity

kernel: ensure initramfs exist when measured rootfs

Browse Source 
The KATA_BUILD_CC variable plus the existence (or not) of the initramfs
were used to determine whether to build the kernel for measured rootfs
or not. Currently the variable MEASURED_ROOTFS has been used
to trigger the feature build and when it is activated it should expect
the initramfs exist. In other words, this changed the kernel build
so that if `MEASURED_ROOTFS=yes` then the initramf file must exist and
be found.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
This commit is contained in:
Wainer dos Santos Moschetta
2023-07-04 14:27:21 -03:00
parent 4dbba5215f
commit 1465e58854
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tools/packaging/kernel/build-kernel.sh
View File

@@ -128,6 +128,12 @@ arch_to_kernel() {
esac
}
# When building for measured rootfs the initramfs image should be previously built.
check_initramfs_or_die() {
[ -f "${default_initramfs}" ] || \
die "Initramfs for measured rootfs not found at ${default_initramfs}"
}
get_tee_kernel() {
local version="${1}"
local kernel_path="${2}"
@@ -276,11 +282,10 @@ get_kernel_frag_path() {
local cryptsetup_configs="$(ls ${common_path}/confidential_containers/cryptsetup.conf)"
all_configs="${all_configs} ${cryptsetup_configs}"
if [ -f "${default_initramfs}" ]; then
info "Enabling config for confidential guest measured boot"
local initramfs_configs="$(ls ${common_path}/confidential_containers/initramfs.conf)"
all_configs="${all_configs} ${initramfs_configs}"
fi
check_initramfs_or_die
info "Enabling config for confidential guest measured boot"
local initramfs_configs="$(ls ${common_path}/confidential_containers/initramfs.conf)"
all_configs="${all_configs} ${initramfs_configs}"
fi
if [[ "${conf_guest}" != "" ]];then
@@ -432,7 +437,8 @@ setup_kernel() {
[ -n "${hypervisor_target}" ] || hypervisor_target="kvm"
[ -n "${kernel_config_path}" ] || kernel_config_path=$(get_default_kernel_config "${kernel_version}" "${hypervisor_target}" "${arch_target}" "${kernel_path}")
if [ "${measured_rootfs}" == "true" ] && [ -f "${default_initramfs}" ]; then
if [ "${measured_rootfs}" == "true" ]; then
check_initramfs_or_die
info "Copying initramfs from: ${default_initramfs}"
cp "${default_initramfs}" ./
fi