From 1465e588545a4283673ccc4691716c672fca1d24 Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Tue, 4 Jul 2023 14:27:21 -0300 Subject: [PATCH] kernel: ensure initramfs exist when measured rootfs The KATA_BUILD_CC variable plus the existence (or not) of the initramfs were used to determine whether to build the kernel for measured rootfs or not. Currently the variable MEASURED_ROOTFS has been used to trigger the feature build and when it is activated it should expect the initramfs exist. In other words, this changed the kernel build so that if `MEASURED_ROOTFS=yes` then the initramf file must exist and be found. Signed-off-by: Wainer dos Santos Moschetta --- tools/packaging/kernel/build-kernel.sh | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh index 55a28a2347..f1d1bb62c2 100755 --- a/tools/packaging/kernel/build-kernel.sh +++ b/tools/packaging/kernel/build-kernel.sh @@ -128,6 +128,12 @@ arch_to_kernel() { esac } +# When building for measured rootfs the initramfs image should be previously built. +check_initramfs_or_die() { + [ -f "${default_initramfs}" ] || \ + die "Initramfs for measured rootfs not found at ${default_initramfs}" +} + get_tee_kernel() { local version="${1}" local kernel_path="${2}" @@ -276,11 +282,10 @@ get_kernel_frag_path() { local cryptsetup_configs="$(ls ${common_path}/confidential_containers/cryptsetup.conf)" all_configs="${all_configs} ${cryptsetup_configs}" - if [ -f "${default_initramfs}" ]; then - info "Enabling config for confidential guest measured boot" - local initramfs_configs="$(ls ${common_path}/confidential_containers/initramfs.conf)" - all_configs="${all_configs} ${initramfs_configs}" - fi + check_initramfs_or_die + info "Enabling config for confidential guest measured boot" + local initramfs_configs="$(ls ${common_path}/confidential_containers/initramfs.conf)" + all_configs="${all_configs} ${initramfs_configs}" fi if [[ "${conf_guest}" != "" ]];then @@ -432,7 +437,8 @@ setup_kernel() { [ -n "${hypervisor_target}" ] || hypervisor_target="kvm" [ -n "${kernel_config_path}" ] || kernel_config_path=$(get_default_kernel_config "${kernel_version}" "${hypervisor_target}" "${arch_target}" "${kernel_path}") - if [ "${measured_rootfs}" == "true" ] && [ -f "${default_initramfs}" ]; then + if [ "${measured_rootfs}" == "true" ]; then + check_initramfs_or_die info "Copying initramfs from: ${default_initramfs}" cp "${default_initramfs}" ./ fi