From 1797b3eb049cf39f5081b46adf0f157e87ee3f42 Mon Sep 17 00:00:00 2001
From: Julio Montes <julio.montes@intel.com>
Date: Fri, 11 Feb 2022 15:35:00 -0600
Subject: [PATCH] packaging/kernel: build TDX guest kernel

Add support for building TDX kernel from github.com/intel/tdx

To build a guest kernel that supports Intel TDx run:

```
./build-kernel.sh -s -x tdx -d setup
./build-kernel.sh -s -x tdx -d install
```

fixes #3650

Signed-off-by: Julio Montes <julio.montes@intel.com>
---
 tools/packaging/kernel/build-kernel.sh | 29 ++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh
index a67b922cc5..93e82d590f 100755
--- a/tools/packaging/kernel/build-kernel.sh
+++ b/tools/packaging/kernel/build-kernel.sh
@@ -97,7 +97,7 @@ Options:
 	-s          	: Skip .config checks
 	-t <hypervisor>	: Hypervisor_target.
 	-v <version>	: Kernel version to use if kernel path not provided.
-	-x <type>	: Confidential guest protection type, such as sev
+	-x <type>	: Confidential guest protection type, such as sev and tdx
 EOT
 	exit "$exit_code"
 }
@@ -115,6 +115,22 @@ arch_to_kernel() {
 	esac
 }
 
+get_tdx_kernel() {
+	local version="${1}"
+	local kernel_path=${2}
+
+	mkdir -p ${kernel_path}
+
+	kernel_url=$(get_from_kata_deps "assets.kernel.tdx.url")
+	kernel_tarball="${version}.tar.gz"
+
+	if [ ! -f "${kernel_tarball}" ]; then
+	   curl --fail -OL "${kernel_url}/${kernel_tarball}"
+	fi
+
+	tar --strip-components=1 -xf ${kernel_tarball} -C ${kernel_path}
+}
+
 get_kernel() {
 	local version="${1:-}"
 
@@ -122,7 +138,10 @@ get_kernel() {
 	[ -n "${kernel_path}" ] || die "kernel_path not provided"
 	[ ! -d "${kernel_path}" ] || die "kernel_path already exist"
 
-
+	if [ "${conf_guest}" == "tdx" ]; then
+		get_tdx_kernel ${version} ${kernel_path}
+		return
+	fi
 
 		#Remove extra 'v'
 		version=${version#v}
@@ -472,7 +491,7 @@ main() {
 				usage 0
 				;;
 			k)
-				kernel_path="${OPTARG}"
+				kernel_path="$(realpath ${OPTARG})"
 				;;
 			p)
 				patches_path="${OPTARG}"
@@ -489,7 +508,7 @@ main() {
 			x)
 				conf_guest="${OPTARG}"
 				case "$conf_guest" in
-					sev) ;;
+					sev|tdx) ;;
 					*) die "Confidential guest type '$conf_guest' not supported" ;;
 				esac
 				;;
@@ -506,6 +525,8 @@ main() {
 	if [ -z "$kernel_version" ]; then
 		if [[ ${build_type} == "experimental" ]]; then
 			kernel_version=$(get_from_kata_deps "assets.kernel-experimental.tag")
+		elif [[ "${conf_guest}" == "tdx" ]]; then
+			 kernel_version=$(get_from_kata_deps "assets.kernel.tdx.tag")
 		else
 			kernel_version=$(get_from_kata_deps "assets.kernel.version")
 		fi