Merge pull request #4811 from fidencio/topic/cc-build-and-ship-tdvf-and-td-shim

CC | packaging: Build and ship TDVF and TD-shim

tools/packaging/kata-deploy/local-build/Makefile

@@ -85,21 +85,12 @@ cc: cc-cloud-hypervisor-tarball \
 cc-cloud-hypervisor-tarball:
 	${MAKE} $@-build
 
-cc-tdx-cloud-hypervisor-tarball:
-	${MAKE} $@-build
-
 cc-kernel-tarball:
 	${MAKE} $@-build
 
-cc-tdx-kernel-tarball:
-	${MAKE} $@-build
-
 cc-qemu-tarball:
 	${MAKE} $@-build
 
-cc-tdx-qemu-tarball:
-	${MAKE} $@-build
-
 cc-rootfs-image-tarball:
 	${MAKE} $@-build
 
@@ -108,3 +99,18 @@ cc-shim-v2-tarball:
 
 cc-virtiofsd-tarball:
 	${MAKE} $@-build
+
+cc-tdx-cloud-hypervisor-tarball:
+	${MAKE} $@-build
+
+cc-tdx-kernel-tarball:
+	${MAKE} $@-build
+
+cc-tdx-qemu-tarball:
+	${MAKE} $@-build
+
+cc-tdx-td-shim-tarball:
+	${MAKE} $@-build
+
+cc-tdx-tdvf-tarball:
+	${MAKE} $@-build

tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh

@@ -24,8 +24,10 @@ readonly versions_yaml="${repo_root_dir}/versions.yaml"
 readonly clh_builder="${static_build_dir}/cloud-hypervisor/build-static-clh.sh"
 readonly firecracker_builder="${static_build_dir}/firecracker/build-static-firecracker.sh"
 readonly kernel_builder="${static_build_dir}/kernel/build.sh"
+readonly ovmf_builder="${static_build_dir}/ovmf/build.sh"
 readonly qemu_builder="${static_build_dir}/qemu/build-static-qemu.sh"
 readonly shimv2_builder="${static_build_dir}/shim-v2/build.sh"
+readonly td_shim_builder="${static_build_dir}/td-shim/build.sh"
 readonly virtiofsd_builder="${static_build_dir}/virtiofsd/build-static-virtiofsd.sh"
 
 readonly rootfs_builder="${repo_root_dir}/tools/packaging/guest-image/build_image.sh"
@@ -108,11 +110,6 @@ install_cc_clh() {
 	sudo install -D --owner root --group root --mode 0744 cloud-hypervisor/cloud-hypervisor "${destdir}/${cc_prefix}/bin/cloud-hypervisor"
 }
 
-# Install static CC cloud-hypervisor asset
-install_tdx_cc_clh() {
-	install_cc_clh
-}
-
 #Install cc capable guest image
 install_cc_image() {
 	info "Create CC image"
@@ -123,45 +120,12 @@ install_cc_image() {
 	"${rootfs_builder}" --imagetype=image --prefix="${cc_prefix}" --destdir="${destdir}"
 }
 
-#Install CC kernel assert, with TEE support
-install_cc_tee_kernel() {
-	tee="${1}"
-
-	[ "${tee}" != "tdx" ] && die "Non supported TEE"
-
-	export kernel_version="$(yq r $versions_yaml assets.kernel.${tee}.tag)"
-	export kernel_url="$(yq r $versions_yaml assets.kernel.${tee}.url)"
-	DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${kernel_builder}" -x "${tee}" -v "${kernel_version}" -u "${kernel_url}"
-}
-
-#Install CC kernel assert for Intel TDX
-install_cc_tdx_kernel() {
-	install_cc_tee_kernel "tdx"
-}
-
 #Install CC kernel asset
 install_cc_kernel() {
 	export kernel_version="$(yq r $versions_yaml assets.kernel.version)"
 	DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${kernel_builder}" -f -v "${kernel_version}"
 }
 
-install_cc_tee_qemu() {
-	tee="${1}"
-
-	[ "${tee}" != "tdx" ] && die "Non supported TEE"
-
-	export qemu_repo="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.url)"
-	export qemu_version="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.tag)"
-	export tee="${tee}"
-	"${qemu_cc_builder}"
-	tar xvf "${builddir}/kata-static-${tee}-qemu-cc.tar.gz" -C "${destdir}"
-}
-
-
-install_cc_tdx_qemu() {
-	install_cc_tee_qemu "tdx"
-}
-
 # Install static CC qemu asset
 install_cc_qemu() {
 	info "build static CC qemu"
@@ -188,6 +152,60 @@ install_cc_virtiofsd() {
 	sudo install -D --owner root --group root --mode 0744 virtiofsd/virtiofsd "${destdir}/${cc_prefix}/libexec/virtiofsd"
 }
 
+# Install static CC cloud-hypervisor asset
+install_tdx_cc_clh() {
+	install_cc_clh
+}
+
+#Install CC kernel assert, with TEE support
+install_cc_tee_kernel() {
+	tee="${1}"
+
+	[ "${tee}" != "tdx" ] && die "Non supported TEE"
+
+	export kernel_version="$(yq r $versions_yaml assets.kernel.${tee}.tag)"
+	export kernel_url="$(yq r $versions_yaml assets.kernel.${tee}.url)"
+	DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${kernel_builder}" -x "${tee}" -v "${kernel_version}" -u "${kernel_url}"
+}
+
+#Install CC kernel assert for Intel TDX
+install_cc_tdx_kernel() {
+	install_cc_tee_kernel "tdx"
+}
+
+install_cc_tee_qemu() {
+	tee="${1}"
+
+	[ "${tee}" != "tdx" ] && die "Non supported TEE"
+
+	export qemu_repo="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.url)"
+	export qemu_version="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.tag)"
+	export tee="${tee}"
+	"${qemu_cc_builder}"
+	tar xvf "${builddir}/kata-static-${tee}-qemu-cc.tar.gz" -C "${destdir}"
+}
+
+install_cc_tdx_qemu() {
+	install_cc_tee_qemu "tdx"
+}
+
+install_cc_tdx_td_shim() {
+	DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${td_shim_builder}"
+	tar xvf "${builddir}/td-shim.tar.gz" -C "${destdir}"
+}
+
+install_cc_tee_ovmf() {
+	tee="${1}"
+	tarball_name="${2}"
+
+	DESTDIR="${destdir}" PREFIX="${cc_prefix}" ovmf_build="${tee}" "${ovmf_builder}"
+	tar xvf "${builddir}/${tarball_name}" -C "${destdir}"
+}
+
+install_cc_tdx_tdvf() {
+	install_cc_tee_ovmf "tdx" "edk2-staging-tdx.tar.gz"
+}
+
 #Install guest image
 install_image() {
 	info "Create image"
@@ -296,22 +314,26 @@ handle_build() {
 
 	cc-cloud-hypervisor) install_cc_clh ;;
 
-	cc-tdx-cloud-hypervisor) install_tdx_cc_clh ;;
-
 	cc-kernel) install_cc_kernel ;;
 
-	cc-tdx-kernel) install_cc_tdx_kernel ;;
-
 	cc-qemu) install_cc_qemu ;;
 
-	cc-tdx-qemu) install_cc_tdx_qemu ;;
-
 	cc-rootfs-image) install_cc_image ;;
 
 	cc-shim-v2) install_cc_shimv2 ;;
 
 	cc-virtiofsd) install_cc_virtiofsd ;;
 
+	cc-tdx-cloud-hypervisor) install_tdx_cc_clh ;;
+
+	cc-tdx-kernel) install_cc_tdx_kernel ;;
+
+	cc-tdx-qemu) install_cc_tdx_qemu ;;
+
+	cc-tdx-td-shim) install_cc_tdx_td_shim ;;
+
+	cc-tdx-tdvf) install_cc_tdx_tdvf ;;
+
 	cloud-hypervisor) install_clh ;;
 
 	firecracker) install_firecracker ;;

tools/packaging/static-build/ovmf/build-ovmf.sh

@@ -90,7 +90,8 @@ if [ "${ovmf_build}" == "tdx" ]; then
 	install $build_root/$ovmf_dir/"${build_path_arch}"/DumpTdxEventLog.efi ${install_dir}
 fi
 
+local_dir=${PWD}
 pushd $DESTDIR
-tar -czvf "${ovmf_dir}-${ovmf_build}.tar.gz" "./$PREFIX"
+tar -czvf "${local_dir}/${ovmf_dir}-${ovmf_build}.tar.gz" "./$PREFIX"
 rm -rf $(dirname ./$PREFIX) 
 popd

tools/packaging/static-build/td-shim/build-td-shim.sh

@@ -35,7 +35,8 @@ install target/x86_64-unknown-uefi/release/final-boot-kernel.bin ${install_dir}/
 popd #td-shim
 popd #${build_root}
 
+local_dir=${PWD}
 pushd ${DESTDIR}
-tar -czvf "td-shim.tar.gz" "./$PREFIX"
+tar -czvf "${local_dir}/td-shim.tar.gz" "./$PREFIX"
 rm -rf $(dirname ./$PREFIX)
 popd #${DESTDIR}