mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-14 06:06:12 +00:00
Merge pull request #5651 from Alex-Carter01/online-sev-kbc
osbuilder: Switch to online_sev_kbc
This commit is contained in:
Fabiano Fidêncio
GitHub
commit
3db9100a5c
@ -256,8 +256,8 @@ DEFSERVICEOFFLOAD ?= false
|
|||||||
DEFGUESTPREATTESTATION ?= false
|
DEFGUESTPREATTESTATION ?= false
|
||||||
DEFGUESTPREATTESTATIONPROXY ?= localhost:44444
|
DEFGUESTPREATTESTATIONPROXY ?= localhost:44444
|
||||||
DEFGUESTPREATTESTATIONKEYSET ?= KEYSET-1
|
DEFGUESTPREATTESTATIONKEYSET ?= KEYSET-1
|
||||||
DEFGUESTPREATTESTATIONSECRETGUID ?= e6f5a162-d67f-4750-a67c-5d065f2a9910
|
DEFGUESTPREATTESTATIONSECRETGUID ?= 1ee27366-0c87-43a6-af48-28543eaf7cb0
|
||||||
DEFGUESTPREATTESTATIONSECRETTYPE ?= bundle
|
DEFGUESTPREATTESTATIONSECRETTYPE ?= connection
|
||||||
DEFSEVCERTCHAIN ?= /opt/sev/cert_chain.cert
|
DEFSEVCERTCHAIN ?= /opt/sev/cert_chain.cert
|
||||||
DEFSEVGUESTPOLICY ?= 0
|
DEFSEVGUESTPOLICY ?= 0
|
||||||
|
|
||||||
|
|||||||
@ -685,6 +685,11 @@ EOF
|
|||||||
info "Adding agent config for ${AA_KBC}"
|
info "Adding agent config for ${AA_KBC}"
|
||||||
AA_KBC_PARAMS="offline_sev_kbc::null" envsubst < "${script_dir}/agent-config.toml.in" | tee "${ROOTFS_DIR}/etc/agent-config.toml"
|
AA_KBC_PARAMS="offline_sev_kbc::null" envsubst < "${script_dir}/agent-config.toml.in" | tee "${ROOTFS_DIR}/etc/agent-config.toml"
|
||||||
fi
|
fi
|
||||||
|
if [ "${AA_KBC}" == "online_sev_kbc" ]; then
|
||||||
|
info "Adding agent config for ${AA_KBC}"
|
||||||
|
#KBC URI will be specified in the config file via kernel params
|
||||||
|
AA_KBC_PARAMS="online_sev_kbc::123.123.123.123:44444" envsubst < "${script_dir}/agent-config.toml.in" | tee "${ROOTFS_DIR}/etc/agent-config.toml"
|
||||||
|
fi
|
||||||
attestation_agent_url="$(get_package_version_from_kata_yaml externals.attestation-agent.url)"
|
attestation_agent_url="$(get_package_version_from_kata_yaml externals.attestation-agent.url)"
|
||||||
attestation_agent_version="$(get_package_version_from_kata_yaml externals.attestation-agent.version)"
|
attestation_agent_version="$(get_package_version_from_kata_yaml externals.attestation-agent.version)"
|
||||||
info "Install attestation-agent with KBC ${AA_KBC}"
|
info "Install attestation-agent with KBC ${AA_KBC}"
|
||||||
|
|||||||
@ -40,8 +40,8 @@ build_initrd() {
|
|||||||
export USE_DOCKER=1
|
export USE_DOCKER=1
|
||||||
export AGENT_INIT="yes"
|
export AGENT_INIT="yes"
|
||||||
# ROOTFS_BUILD_DEST is a Make variable
|
# ROOTFS_BUILD_DEST is a Make variable
|
||||||
|
# SNP will also use the SEV guest module
|
||||||
if [ "${AA_KBC:-}" == "offline_sev_kbc" ]; then
|
if [ "${AA_KBC:-}" == "offline_sev_kbc" | "${AA_KBC:-}" == "online_sev_kbc"]; then
|
||||||
config_version=$(get_config_version)
|
config_version=$(get_config_version)
|
||||||
kernel_version="$(get_from_kata_deps "assets.kernel.sev.version")"
|
kernel_version="$(get_from_kata_deps "assets.kernel.sev.version")"
|
||||||
kernel_version=${kernel_version#v}
|
kernel_version=${kernel_version#v}
|
||||||
|
|||||||
@ -278,7 +278,7 @@ install_cc_image() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
install_cc_sev_image() {
|
install_cc_sev_image() {
|
||||||
AA_KBC="offline_sev_kbc"
|
AA_KBC="online_sev_kbc"
|
||||||
image_type="initrd"
|
image_type="initrd"
|
||||||
install_cc_image "${AA_KBC}" "${image_type}" "sev"
|
install_cc_image "${AA_KBC}" "${image_type}" "sev"
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user