packaging/kernel: build TDX guest kernel

Add support for building TDX kernel from github.com/intel/tdx To build a guest kernel that supports Intel TDx run: ``` ./build-kernel.sh -s -x tdx -d setup ./build-kernel.sh -s -x tdx -d install ``` fixes #3650 Signed-off-by: Julio Montes <julio.montes@intel.com>
2025-04-29 12:14:48 +00:00 · 2022-02-11 15:35:00 -06:00 · 2022-02-11 15:35:00 -06:00 · 1797b3eb04
commit 1797b3eb04
parent 9875252917
1 changed files with 25 additions and 4 deletions
--- a/tools/packaging/kernel/build-kernel.sh
+++ b/tools/packaging/kernel/build-kernel.sh
@ -97,7 +97,7 @@ Options:
 	-s          	: Skip .config checks
 	-t <hypervisor>	: Hypervisor_target.
 	-v <version>	: Kernel version to use if kernel path not provided.
-	-x <type>	: Confidential guest protection type, such as sev
+	-x <type>	: Confidential guest protection type, such as sev and tdx
 EOT
 	exit "$exit_code"
 }
@ -115,6 +115,22 @@ arch_to_kernel() {
 	esac
 }

+get_tdx_kernel() {
+	local version="${1}"
+	local kernel_path=${2}
+
+	mkdir -p ${kernel_path}
+
+	kernel_url=$(get_from_kata_deps "assets.kernel.tdx.url")
+	kernel_tarball="${version}.tar.gz"
+
+	if [ ! -f "${kernel_tarball}" ]; then
+	   curl --fail -OL "${kernel_url}/${kernel_tarball}"
+	fi
+
+	tar --strip-components=1 -xf ${kernel_tarball} -C ${kernel_path}
+}
+
 get_kernel() {
 	local version="${1:-}"

@ -122,7 +138,10 @@ get_kernel() {
 	[ -n "${kernel_path}" ] || die "kernel_path not provided"
 	[ ! -d "${kernel_path}" ] || die "kernel_path already exist"

-
+	if [ "${conf_guest}" == "tdx" ]; then
+		get_tdx_kernel ${version} ${kernel_path}
+		return
+	fi

 		#Remove extra 'v'
 		version=${version#v}
@ -472,7 +491,7 @@ main() {
 				usage 0
 				;;
 			k)
-				kernel_path="${OPTARG}"
+				kernel_path="$(realpath ${OPTARG})"
 				;;
 			p)
 				patches_path="${OPTARG}"
@ -489,7 +508,7 @@ main() {
 			x)
 				conf_guest="${OPTARG}"
 				case "$conf_guest" in
-					sev) ;;
+					sev|tdx) ;;
 					*) die "Confidential guest type '$conf_guest' not supported" ;;
 				esac
 				;;
@ -506,6 +525,8 @@ main() {
 	if [ -z "$kernel_version" ]; then
 		if [[ ${build_type} == "experimental" ]]; then
 			kernel_version=$(get_from_kata_deps "assets.kernel-experimental.tag")
+		elif [[ "${conf_guest}" == "tdx" ]]; then
+			 kernel_version=$(get_from_kata_deps "assets.kernel.tdx.tag")
 		else
 			kernel_version=$(get_from_kata_deps "assets.kernel.version")
 		fi