From 28fd92c478d00be21c1b7b20084afe486935f799 Mon Sep 17 00:00:00 2001 From: Alex Carter Date: Fri, 6 Jan 2023 15:43:00 +0000 Subject: [PATCH] kata-deploy: SNP version of Qemu An SNP runtimeclass needs a build of Qemu from https://github.com/AMDESE/qemu/tree/snp-v3. So a new target needs to be added to add it to a kata-deploy bundle. Building requires a qemu no_patches file Fixes: #6061 Signed-Off-By: Alex Carter --- src/runtime/Makefile | 5 +++++ src/runtime/arch/amd64-options.mk | 1 + tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh | 2 ++ tools/packaging/kata-deploy/local-build/Makefile | 4 ++++ .../kata-deploy/local-build/kata-deploy-binaries.sh | 9 ++++++++- .../no_patches.txt | 0 tools/packaging/static-build/cache_components.sh | 1 + versions.yaml | 3 +-- 8 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 tools/packaging/qemu/patches/tag_patches/3b6a2b6b7466f6dea53243900b7516c3f29027b7/no_patches.txt diff --git a/src/runtime/Makefile b/src/runtime/Makefile index ce100e88fc..a50f6d719f 100644 --- a/src/runtime/Makefile +++ b/src/runtime/Makefile @@ -166,6 +166,9 @@ HYPERVISORS := $(HYPERVISOR_ACRN) $(HYPERVISOR_FC) $(HYPERVISOR_QEMU) $(HYPERVIS QEMUPATH := $(QEMUBINDIR)/$(QEMUCMD) QEMUVALIDHYPERVISORPATHS := [\"$(QEMUPATH)\"] +QEMUSNPPATH := $(QEMUBINDIR)/$(QEMUSNPCMD) +QEMUSNPVALIDHYPERVISORPATHS := [\"$(QEMUSNPPATH)\"] + QEMUTDXPATH := $(QEMUBINDIR)/$(QEMUTDXCMD) QEMUTDXVALIDHYPERVISORPATHS := [\"$(QEMUTDXPATH)\"] @@ -590,6 +593,8 @@ USER_VARS += QEMUPATH USER_VARS += QEMUVALIDHYPERVISORPATHS USER_VARS += QEMUVIRTIOFSCMD USER_VARS += QEMUVIRTIOFSPATH +USER_VARS += QEMUSNPPATH +USER_VARS += QEMUSNPVALIDHYPERVISORPATHS USER_VARS += QEMUTDXPATH USER_VARS += QEMUTDXVALIDHYPERVISORPATHS USER_VARS += RUNTIME_NAME diff --git a/src/runtime/arch/amd64-options.mk b/src/runtime/arch/amd64-options.mk index 70adbc0ed8..ca6ea0bf84 100644 --- a/src/runtime/arch/amd64-options.mk +++ b/src/runtime/arch/amd64-options.mk @@ -13,6 +13,7 @@ TDXCPUFEATURES := -vmx-rdseed-exit,pmu=off QEMUCMD := qemu-system-x86_64 QEMUTDXCMD := qemu-system-x86_64-tdx +QEMUSNPCMD := qemu-system-x86_64-snp # Firecracker binary name FCCMD := firecracker diff --git a/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh b/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh index 5bdf079b3a..507980c2d2 100755 --- a/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh +++ b/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh @@ -19,6 +19,7 @@ shims=( "qemu-tdx" "qemu-sev" "qemu-se" + "qemu-snp" "clh" "clh-tdx" ) @@ -258,6 +259,7 @@ function remove_artifacts() { /opt/confidential-containers/bin/kata-runtime \ /opt/confidential-containers/bin/kata-collect-data.sh \ /opt/confidential-containers/bin/qemu-system-x86_64 \ + /opt/confidential-containers/bin/qemu-system-x86_64-snp \ /opt/confidential-containers/bin/qemu-system-x86_64-tdx \ /opt/confidential-containers/bin/qemu-system-s390x \ /opt/confidential-containers/bin/cloud-hypervisor \ diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile index 2959fbfc07..1a1d51575d 100644 --- a/tools/packaging/kata-deploy/local-build/Makefile +++ b/tools/packaging/kata-deploy/local-build/Makefile @@ -19,6 +19,7 @@ EXTRA_TARBALL=cc-cloud-hypervisor-tarball \ cc-sev-ovmf-tarball \ cc-x86_64-ovmf-tarball \ cc-sev-rootfs-initrd-tarball \ + cc-snp-qemu-tarball \ cc-tdx-rootfs-image-tarball endif @@ -115,6 +116,9 @@ cc-kernel-tarball: cc-qemu-tarball: ${MAKE} $@-build +cc-snp-qemu-tarball: + ${MAKE} $@-build + cc-rootfs-image-tarball: ${MAKE} $@-build diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 9e9c6637b9..36bbca9c8c 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -100,6 +100,7 @@ options: cc-tdx-kernel cc-sev-kernel cc-qemu + cc-snp-qemu cc-tdx-qemu cc-rootfs-image cc-rootfs-initrd @@ -479,7 +480,7 @@ install_cc_sev_kernel() { install_cc_tee_qemu() { tee="${1}" - [ "${tee}" != "tdx" ] && die "Non supported TEE" + [[ "${tee}" != "tdx" && "${tee}" != "snp" ]] && die "Non supported TEE" export qemu_repo="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.url)" export qemu_version="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.tag)" @@ -502,6 +503,10 @@ install_cc_tdx_qemu() { install_cc_tee_qemu "tdx" } +install_cc_snp_qemu() { + install_cc_tee_qemu "snp" +} + install_cc_tdx_td_shim() { install_cached_component \ "td-shim" \ @@ -825,6 +830,8 @@ handle_build() { cc-qemu) install_cc_qemu ;; + cc-snp-qemu) install_cc_snp_qemu ;; + cc-rootfs-image) install_cc_image ;; cc-rootfs-initrd) install_cc_initrd ;; diff --git a/tools/packaging/qemu/patches/tag_patches/3b6a2b6b7466f6dea53243900b7516c3f29027b7/no_patches.txt b/tools/packaging/qemu/patches/tag_patches/3b6a2b6b7466f6dea53243900b7516c3f29027b7/no_patches.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/tools/packaging/static-build/cache_components.sh b/tools/packaging/static-build/cache_components.sh index ef223b1c2a..3b849958e6 100755 --- a/tools/packaging/static-build/cache_components.sh +++ b/tools/packaging/static-build/cache_components.sh @@ -22,6 +22,7 @@ cache_qemu_artifacts() { if [ -n "${TEE}" ]; then qemu_tarball_name="kata-static-cc-${TEE}-qemu.tar.xz" [ "${TEE}" == "tdx" ] && current_qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu.tdx.tag") + [ "${TEE}" == "snp" ] && current_qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu.snp.tag") fi local qemu_sha=$(calc_qemu_files_sha256sum) local current_qemu_image="$(get_qemu_image_name)" diff --git a/versions.yaml b/versions.yaml index ab0112d271..e7f496b56a 100644 --- a/versions.yaml +++ b/versions.yaml @@ -105,8 +105,7 @@ assets: snp: description: "VMM that uses KVM and supports AMD SEV-SNP" url: "https://github.com/AMDESE/qemu" - branch: "snp-v3" - commit: "ffa95097ee" + tag: "3b6a2b6b7466f6dea53243900b7516c3f29027b7" qemu-experimental: description: "QEMU with virtiofs support"