github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-15 22:08:47 +00:00
Code Issues Projects Releases Wiki Activity

gpu: Add NVIDIA GPU Confidential kernel target

Browse Source 
This is a follow up to the work of minimizing targets, unifying TDX,SNP builds for NVIDIA GPUs

Fixes: #8828

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
This commit is contained in:
Zvonko Kaiser
2024-01-15 14:54:06 +00:00
parent bb1ada1a8b
commit 4fc34323ae
6 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/build-kata-static-tarball-amd64.yaml vendored
View File

@@ -41,6 +41,7 @@ jobs:
- kernel-dragonball-experimental - kernel-dragonball-experimental
- kernel-tdx-experimental - kernel-tdx-experimental
- kernel-nvidia-gpu - kernel-nvidia-gpu
- kernel-nvidia-gpu-confidential
- kernel-nvidia-gpu-snp - kernel-nvidia-gpu-snp
- kernel-nvidia-gpu-tdx-experimental - kernel-nvidia-gpu-tdx-experimental
- nydus - nydus

4
tools/packaging/kata-deploy/local-build/Makefile
View File

@@ -23,6 +23,7 @@ BASE_TARBALLS = serial-targets \
kernel-confidential-tarball \ kernel-confidential-tarball \
kernel-dragonball-experimental-tarball \ kernel-dragonball-experimental-tarball \
kernel-nvidia-gpu-tarball \ kernel-nvidia-gpu-tarball \
kernel-nvidia-gpu-confidential-tarball \
kernel-nvidia-gpu-snp-tarball \ kernel-nvidia-gpu-snp-tarball \
kernel-nvidia-gpu-tdx-experimental-tarball \ kernel-nvidia-gpu-tdx-experimental-tarball \
kernel-tarball \ kernel-tarball \
@@ -105,6 +106,9 @@ kernel-dragonball-experimental-tarball:
kernel-nvidia-gpu-tarball: kernel-nvidia-gpu-tarball:
${MAKE} $@-build ${MAKE} $@-build
kernel-nvidia-gpu-confidential-tarball:
${MAKE} $@-build
kernel-nvidia-gpu-snp-tarball: kernel-nvidia-gpu-snp-tarball:
${MAKE} $@-build ${MAKE} $@-build

15
tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
View File

@@ -99,6 +99,7 @@ options:
kernel-nvidia-gpu kernel-nvidia-gpu
kernel-nvidia-gpu-snp kernel-nvidia-gpu-snp
kernel-nvidia-gpu-tdx-experimental kernel-nvidia-gpu-tdx-experimental
kernel-nvidia-gpu-confidential
kernel-sev-tarball kernel-sev-tarball
kernel-tdx-experimental kernel-tdx-experimental
nydus nydus
@@ -317,7 +318,7 @@ install_kernel_helper() {
kernel_version="$(get_from_kata_deps assets.kernel.sev.version)" kernel_version="$(get_from_kata_deps assets.kernel.sev.version)"
default_patches_dir="${repo_root_dir}/tools/packaging/kernel/patches" default_patches_dir="${repo_root_dir}/tools/packaging/kernel/patches"
module_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build/kernel-sev/builddir/kata-linux-${kernel_version#v}-${kernel_kata_config_version}/lib/modules/${kernel_version#v}" module_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build/kernel-sev/builddir/kata-linux-${kernel_version#v}-${kernel_kata_config_version}/lib/modules/${kernel_version#v}"
elif [[ "${kernel_name}" == "kernel-confidential" ]]; then elif [[ "${kernel_name}" == "kernel"*"-confidential" ]]; then
kernel_version="$(get_from_kata_deps assets.kernel.confidential.version)" kernel_version="$(get_from_kata_deps assets.kernel.confidential.version)"
default_patches_dir="${repo_root_dir}/tools/packaging/kernel/patches" default_patches_dir="${repo_root_dir}/tools/packaging/kernel/patches"
module_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build/kernel-confidential/builddir/kata-linux-${kernel_version#v}-${kernel_kata_config_version}/lib/modules/${kernel_version#v}" module_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build/kernel-confidential/builddir/kata-linux-${kernel_version#v}-${kernel_kata_config_version}/lib/modules/${kernel_version#v}"
@@ -364,6 +365,16 @@ install_kernel_nvidia_gpu() {
"-g nvidia -u ${kernel_url} -H deb" "-g nvidia -u ${kernel_url} -H deb"
} }
#Install GPU and TEE enabled kernel asset
install_kernel_nvidia_gpu_confidential() {
local kernel_url="$(get_from_kata_deps assets.kernel.confidential.url)"
install_kernel_helper \
"assets.kernel.confidential.version" \
"kernel-nvidia-gpu-confidential" \
"-x confidential -g nvidia -u ${kernel_url} -H deb"
}
#Install GPU and SNP enabled kernel asset #Install GPU and SNP enabled kernel asset
install_kernel_nvidia_gpu_snp() { install_kernel_nvidia_gpu_snp() {
local kernel_url="$(get_from_kata_deps assets.kernel.sev.url)" local kernel_url="$(get_from_kata_deps assets.kernel.sev.url)"
@@ -811,6 +822,8 @@ handle_build() {
kernel-nvidia-gpu) install_kernel_nvidia_gpu ;; kernel-nvidia-gpu) install_kernel_nvidia_gpu ;;
kernel-nvidia-gpu-confidential) install_kernel_nvidia_gpu_confidential ;;
kernel-nvidia-gpu-snp) install_kernel_nvidia_gpu_snp;; kernel-nvidia-gpu-snp) install_kernel_nvidia_gpu_snp;;
kernel-nvidia-gpu-tdx-experimental) install_kernel_nvidia_gpu_tdx_experimental;; kernel-nvidia-gpu-tdx-experimental) install_kernel_nvidia_gpu_tdx_experimental;;

2
tools/packaging/kernel/build-kernel.sh
View File

@@ -475,7 +475,7 @@ build_kernel_headers() {
pushd "${kernel_path}" >>/dev/null pushd "${kernel_path}" >>/dev/null
if [ "$linux_headers" == "deb" ]; then if [ "$linux_headers" == "deb" ]; then
make -j $(nproc ${CI:+--ignore 1}) deb-pkg ARCH="${arch_target}" make -j $(nproc ${CI:+--ignore 1}) bindeb-pkg ARCH="${arch_target}"
fi fi
if [ "$linux_headers" == "rpm" ]; then if [ "$linux_headers" == "rpm" ]; then
make -j $(nproc ${CI:+--ignore 1}) rpm-pkg ARCH="${arch_target}" make -j $(nproc ${CI:+--ignore 1}) rpm-pkg ARCH="${arch_target}"

2
tools/packaging/kernel/kata_config_version
View File

@@ -1 +1 @@
121 122

1
tools/packaging/static-build/kernel/Dockerfile
View File

@@ -15,6 +15,7 @@ RUN apt-get update && \
build-essential \ build-essential \
ca-certificates \ ca-certificates \
curl \ curl \
debhelper \
flex \ flex \
git \ git \
iptables \ iptables \