github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-28 04:21:03 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #6177 from UnmeshDeodhar/CC-cache-sev-artifacts

Browse Source 
Adding caching capability for SEV kernel and initrd
This commit is contained in:
Fabiano Fidêncio 2023-02-23 17:49:41 +01:00 committed by GitHub
commit 2d525bbf1b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 61 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
View File

@ -237,13 +237,19 @@ install_cc_image() {
local component="rootfs-image" local component="rootfs-image"
local root_hash_vanilla="root_hash_vanilla.txt" local root_hash_vanilla="root_hash_vanilla.txt"
local root_hash_tdx="" local root_hash_tdx=""
local initramfs_last_commit=""
if [ -n "${tee}" ]; then if [ -n "${tee}" ]; then
if [ "${tee}" == "tdx" ]; then
jenkins="${jenkins_url}/job/kata-containers-2.0-rootfs-image-${tee}-cc-$(uname -m)/${cached_artifacts_path}" jenkins="${jenkins_url}/job/kata-containers-2.0-rootfs-image-${tee}-cc-$(uname -m)/${cached_artifacts_path}"
if [ "${tee}" == "tdx" ]; then
component="${tee}-rootfs-image" component="${tee}-rootfs-image"
root_hash_vanilla="" root_hash_vanilla=""
root_hash_tdx="root_hash_${tee}.txt" root_hash_tdx="root_hash_${tee}.txt"
fi fi
if [ "${tee}" == "sev" ]; then
component="${tee}-rootfs-initrd"
root_hash_vanilla=""
initramfs_last_commit="$(get_initramfs_image_name)"
fi
fi fi
local osbuilder_last_commit="$(echo $(get_last_modification "${repo_root_dir}/tools/osbuilder") | sed s/-dirty//)" local osbuilder_last_commit="$(echo $(get_last_modification "${repo_root_dir}/tools/osbuilder") | sed s/-dirty//)"
@ -259,7 +265,7 @@ install_cc_image() {
install_cached_component \ install_cached_component \
"${component}" \ "${component}" \
"${jenkins}" \ "${jenkins}" \
"${osbuilder_last_commit}-${guest_image_last_commit}-${agent_last_commit}-${libs_last_commit}-${attestation_agent_version}-${gperf_version}-${libseccomp_version}-${pause_version}-${rust_version}-${image_type}-${AA_KBC}" \ "${osbuilder_last_commit}-${guest_image_last_commit}$-${initramfs_last_commit}-${agent_last_commit}-${libs_last_commit}-${attestation_agent_version}-${gperf_version}-${libseccomp_version}-${pause_version}-${rust_version}-${image_type}-${AA_KBC}" \
"" \ "" \
"${final_tarball_name}" \ "${final_tarball_name}" \
"${final_tarball_path}" \ "${final_tarball_path}" \
@ -388,24 +394,50 @@ install_cc_virtiofsd() {
sudo install -D --owner root --group root --mode 0744 virtiofsd/virtiofsd "${destdir}/${cc_prefix}/libexec/virtiofsd" sudo install -D --owner root --group root --mode 0744 virtiofsd/virtiofsd "${destdir}/${cc_prefix}/libexec/virtiofsd"
} }
#Install CC kernel assert, with TEE support # Install cached kernel compoenent
install_cc_tee_kernel() { install_cached_kernel_component() {
export KATA_BUILD_CC=yes
tee="${1}" tee="${1}"
kernel_version="${2}" kernel_version="${2}"
module_dir="${3:-}"
[[ "${tee}" != "tdx" && "${tee}" != "sev" ]] && die "Non supported TEE" install_cached_compnent \
export kernel_version=${kernel_version}
install_cached_component \
"kernel" \ "kernel" \
"${jenkins_url}/job/kata-containers-2.0-kernel-${tee}-cc-$(uname -m)/${cached_artifacts_path}" \ "${jenkins_url}/job/kata-containers-2.0-kernel-${tee}-cc-$(uname -m)/${cached_artifacts_path}" \
"${kernel_version}" \ "${kernel_version}" \
"$(get_kernel_image_name)" \ "$(get_kernel_image_name)" \
"${final_tarball_name}" \ "${final_tarball_name}" \
"${final_tarball_path}" \ "${final_tarball_path}" \
&& return 0 || return 1
[ "${tee}" == "tdx" ] && return 0
# SEV specific code path
install_cached_component \
"kernel-modules" \
"${jenkins_url}/job/kata-containers-2.0-kernel-sev-cc-$(uname -m)/${cached_artifacts_path}" \
"${kernel_version}" \
"$(get_kernel_image_name)" \
"kata-static-cc-sev-kernel-modules.tar.xz" \
"${workdir}/kata-static-cc-sev-kernel-modules.tar.xz" \
|| return 1
tar xvf "${workdir}/kata-static-cc-sev-kernel-modules.tar.xz" -C "${module_dir}" && return 0
return 1
}
#Install CC kernel assert, with TEE support
install_cc_tee_kernel() {
export KATA_BUILD_CC=yes
tee="${1}"
kernel_version="${2}"
module_dir="${3:-}"
[[ "${tee}" != "tdx" && "${tee}" != "sev" ]] && die "Non supported TEE"
export kernel_version=${kernel_version}
install_cached_kernel_component "${tee}" "${kernel_version}" "${module_dir}" && return 0
info "build initramfs for TEE kernel" info "build initramfs for TEE kernel"
"${initramfs_builder}" "${initramfs_builder}"

18
tools/packaging/static-build/cache_components.sh
View File

@ -45,6 +45,15 @@ cache_kernel_artifacts() {
[ "${TEE}" == "sev" ] && current_kernel_version="$(get_from_kata_deps "assets.kernel.${TEE}.version")" [ "${TEE}" == "sev" ] && current_kernel_version="$(get_from_kata_deps "assets.kernel.${TEE}.version")"
fi fi
create_cache_asset "${kernel_tarball_name}" "${current_kernel_version}" "${current_kernel_image}" create_cache_asset "${kernel_tarball_name}" "${current_kernel_version}" "${current_kernel_image}"
if [ "${TEE}" == "sev" ]; then
module_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build/cc-sev-kernel/builddir/kata-linux-${kernel_version#v}-${get_config_version}/lib/modules/${kernel_version#v}"
pushd "${repo_root_dir}/tools/packaging/kata-deploy/local-build/build/"
tar cvfJ "kata-static-cc-sev-kernel-modules.tar.xz" "${module_dir}/kernel/drivers/virt/coco/efi_secret/"
popd
create_cache_asset "kata-static-cc-kernel-modules.tar.xz" "${current_kernel_version}" "${current_kernel_image}"
fi
} }
cache_firmware_artifacts() { cache_firmware_artifacts() {
@ -92,6 +101,7 @@ cache_rootfs_artifacts() {
local rust_version="$(get_from_kata_deps "languages.rust.meta.newest-version")" local rust_version="$(get_from_kata_deps "languages.rust.meta.newest-version")"
local rootfs_tarball_name="kata-static-cc-rootfs-image.tar.xz" local rootfs_tarball_name="kata-static-cc-rootfs-image.tar.xz"
local aa_kbc="offline_fs_kbc" local aa_kbc="offline_fs_kbc"
local initramfs_last_commit=""
local image_type="image" local image_type="image"
local root_hash_vanilla="${repo_root_dir}/tools/osbuilder/root_hash_vanilla.txt" local root_hash_vanilla="${repo_root_dir}/tools/osbuilder/root_hash_vanilla.txt"
local root_hash_tdx="" local root_hash_tdx=""
@ -103,8 +113,14 @@ cache_rootfs_artifacts() {
root_hash_vanilla="" root_hash_vanilla=""
root_hash_tdx="${repo_root_dir}/tools/osbuilder/root_hash_tdx.txt" root_hash_tdx="${repo_root_dir}/tools/osbuilder/root_hash_tdx.txt"
fi fi
if [ "${TEE}" == "sev" ]; then
rootfs_tarball_name="kata-static-cc-sev-rootfs-initrd.tar.xz"
aa_kbc="online_sev_kbc"
image_type="initrd"
initramfs_last_commit="$(get_initramfs_image_name)"
fi fi
local current_rootfs_version="${osbuilder_last_commit}-${guest_image_last_commit}-${agent_last_commit}-${libs_last_commit}-${attestation_agent_version}-${gperf_version}-${libseccomp_version}-${pause_version}-${rust_version}-${image_type}-${aa_kbc}" fi
local current_rootfs_version="${osbuilder_last_commit}-${guest_image_last_commit}-${initramfs_last_commit}-${agent_last_commit}-${libs_last_commit}-${attestation_agent_version}-${gperf_version}-${libseccomp_version}-${pause_version}-${rust_version}-${image_type}-${aa_kbc}"
create_cache_asset "${rootfs_tarball_name}" "${current_rootfs_version}" "" "${root_hash_vanilla}" "${root_hash_tdx}" create_cache_asset "${rootfs_tarball_name}" "${current_rootfs_version}" "" "${root_hash_vanilla}" "${root_hash_tdx}"
} }