kata-deploy: SNP version of Qemu

An SNP runtimeclass needs a build of Qemu from https://github.com/AMDESE/qemu/tree/snp-v3. So a new target needs to be added to add it to a kata-deploy bundle. Building requires a qemu no_patches file Fixes: #6061 Signed-Off-By: Alex Carter <alex.carter@ibm.com>
2025-08-24 18:52:08 +00:00 · 2023-01-06 15:43:00 +00:00 · 2023-01-06 15:43:00 +00:00 · 28fd92c478
commit 28fd92c478
parent 2b8e241179
8 changed files with 22 additions and 3 deletions
--- a/src/runtime/Makefile
+++ b/src/runtime/Makefile
@ -166,6 +166,9 @@ HYPERVISORS := $(HYPERVISOR_ACRN) $(HYPERVISOR_FC) $(HYPERVISOR_QEMU) $(HYPERVIS
 QEMUPATH := $(QEMUBINDIR)/$(QEMUCMD)
 QEMUVALIDHYPERVISORPATHS := [\"$(QEMUPATH)\"]

+QEMUSNPPATH := $(QEMUBINDIR)/$(QEMUSNPCMD)
+QEMUSNPVALIDHYPERVISORPATHS := [\"$(QEMUSNPPATH)\"]
+
 QEMUTDXPATH := $(QEMUBINDIR)/$(QEMUTDXCMD)
 QEMUTDXVALIDHYPERVISORPATHS := [\"$(QEMUTDXPATH)\"]

@ -590,6 +593,8 @@ USER_VARS += QEMUPATH
 USER_VARS += QEMUVALIDHYPERVISORPATHS
 USER_VARS += QEMUVIRTIOFSCMD
 USER_VARS += QEMUVIRTIOFSPATH
+USER_VARS += QEMUSNPPATH
+USER_VARS += QEMUSNPVALIDHYPERVISORPATHS
 USER_VARS += QEMUTDXPATH
 USER_VARS += QEMUTDXVALIDHYPERVISORPATHS
 USER_VARS += RUNTIME_NAME
--- a/src/runtime/arch/amd64-options.mk
+++ b/src/runtime/arch/amd64-options.mk
@ -13,6 +13,7 @@ TDXCPUFEATURES := -vmx-rdseed-exit,pmu=off

 QEMUCMD := qemu-system-x86_64
 QEMUTDXCMD := qemu-system-x86_64-tdx
+QEMUSNPCMD := qemu-system-x86_64-snp

 # Firecracker binary name
 FCCMD := firecracker
--- a/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh
+++ b/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh
@ -19,6 +19,7 @@ shims=(
        "qemu-tdx"
        "qemu-sev"
        "qemu-se"
+        "qemu-snp"
        "clh"
        "clh-tdx"
 )
@ -258,6 +259,7 @@ function remove_artifacts() {
 		/opt/confidential-containers/bin/kata-runtime \
 		/opt/confidential-containers/bin/kata-collect-data.sh \
 		/opt/confidential-containers/bin/qemu-system-x86_64 \
+		/opt/confidential-containers/bin/qemu-system-x86_64-snp \
 		/opt/confidential-containers/bin/qemu-system-x86_64-tdx \
 		/opt/confidential-containers/bin/qemu-system-s390x \
 		/opt/confidential-containers/bin/cloud-hypervisor \
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@ -19,6 +19,7 @@ EXTRA_TARBALL=cc-cloud-hypervisor-tarball \
 	cc-sev-ovmf-tarball \
 	cc-x86_64-ovmf-tarball \
 	cc-sev-rootfs-initrd-tarball \
+	cc-snp-qemu-tarball \
 	cc-tdx-rootfs-image-tarball
 endif

@ -115,6 +116,9 @@ cc-kernel-tarball:
 cc-qemu-tarball:
 	${MAKE} $@-build

+cc-snp-qemu-tarball:
+	${MAKE} $@-build
+
 cc-rootfs-image-tarball:
 	${MAKE} $@-build

--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@ -100,6 +100,7 @@ options:
 	cc-tdx-kernel
 	cc-sev-kernel
 	cc-qemu
+	cc-snp-qemu
 	cc-tdx-qemu
 	cc-rootfs-image
 	cc-rootfs-initrd
@ -479,7 +480,7 @@ install_cc_sev_kernel() {
 install_cc_tee_qemu() {
 	tee="${1}"

-	[ "${tee}" != "tdx" ] && die "Non supported TEE"
+	[[ "${tee}" != "tdx" && "${tee}" != "snp" ]] && die "Non supported TEE"

 	export qemu_repo="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.url)"
 	export qemu_version="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.tag)"
@ -502,6 +503,10 @@ install_cc_tdx_qemu() {
 	install_cc_tee_qemu "tdx"
 }

+install_cc_snp_qemu() {
+	install_cc_tee_qemu "snp"
+}
+
 install_cc_tdx_td_shim() {
 	install_cached_component \
 		"td-shim" \
@ -825,6 +830,8 @@ handle_build() {

 	cc-qemu) install_cc_qemu ;;

+	cc-snp-qemu) install_cc_snp_qemu ;;
+
 	cc-rootfs-image) install_cc_image ;;

 	cc-rootfs-initrd) install_cc_initrd ;;
--- a/tools/packaging/qemu/patches/tag_patches/3b6a2b6b7466f6dea53243900b7516c3f29027b7/no_patches.txt
+++ b/tools/packaging/qemu/patches/tag_patches/3b6a2b6b7466f6dea53243900b7516c3f29027b7/no_patches.txt
--- a/tools/packaging/static-build/cache_components.sh
+++ b/tools/packaging/static-build/cache_components.sh
@ -22,6 +22,7 @@ cache_qemu_artifacts() {
 	if [ -n "${TEE}" ]; then
 		qemu_tarball_name="kata-static-cc-${TEE}-qemu.tar.xz"
 		[ "${TEE}" == "tdx" ] && current_qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu.tdx.tag")
+        [ "${TEE}" == "snp" ] && current_qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu.snp.tag")
 	fi
 	local qemu_sha=$(calc_qemu_files_sha256sum)
 	local current_qemu_image="$(get_qemu_image_name)"
--- a/versions.yaml
+++ b/versions.yaml
@ -105,8 +105,7 @@ assets:
      snp:
        description: "VMM that uses KVM and supports AMD SEV-SNP"
        url: "https://github.com/AMDESE/qemu"
-        branch: "snp-v3"
-        commit: "ffa95097ee"
+        tag: "3b6a2b6b7466f6dea53243900b7516c3f29027b7"

    qemu-experimental:
      description: "QEMU with virtiofs support"