github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-18 16:08:25 +00:00
Code Issues Projects Releases Wiki Activity

packaging: Build SEV capable kernel + efi_secret module

Browse Source 
Adds a new make target for an sev kernel which can be built and put into payload bundles for the operator.

Currently not including this sev kernel target in the cc payload bundle.

Unfortunately having to breakflow from using the generic cc_tee_kernel functions in either the kata-deploy-binaries or build-kernel.
Largely based on using an upstreamed kernel release, meaning the url is the defaul cdn, and e.g. we use version rather than tag.
The upside of this is that we can use the sha sum checking functionality from the generic get_kernel function.

CC label in title removed for commit message check.

Fixes: #5037

Signed-off-by: Alex Carter <Alex.Carter@ibm.com>
This commit is contained in:
Alex Carter 2022-08-29 16:18:08 +00:00 committed by Alex
parent e528b63f4f
commit 502a78730b
3 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tools/packaging/kata-deploy/local-build/Makefile
View File

@ -82,6 +82,7 @@ cc: cc-cloud-hypervisor-tarball \
cc-shim-v2-tarball \ cc-shim-v2-tarball \
cc-virtiofsd-tarball \ cc-virtiofsd-tarball \
cc-tdx-kernel-tarball \ cc-tdx-kernel-tarball \
cc-sev-kernel-tarball \
cc-tdx-qemu-tarball \ cc-tdx-qemu-tarball \
cc-tdx-tdvf-tarball cc-tdx-tdvf-tarball
@ -109,6 +110,9 @@ cc-tdx-cloud-hypervisor-tarball:
cc-tdx-kernel-tarball: cc-tdx-kernel-tarball:
${MAKE} $@-build ${MAKE} $@-build
cc-sev-kernel-tarball:
${MAKE} $@-build
cc-tdx-qemu-tarball: cc-tdx-qemu-tarball:
${MAKE} $@-build ${MAKE} $@-build

17
tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
View File

@ -87,6 +87,7 @@ options:
cc-cloud-hypervisor cc-cloud-hypervisor
cc-kernel cc-kernel
cc-tdx-kernel cc-tdx-kernel
cc-sev-kernel
cc-qemu cc-qemu
cc-tdx-qemu cc-tdx-qemu
cc-rootfs-image cc-rootfs-image
@ -161,17 +162,23 @@ install_tdx_cc_clh() {
#Install CC kernel assert, with TEE support #Install CC kernel assert, with TEE support
install_cc_tee_kernel() { install_cc_tee_kernel() {
tee="${1}" tee="${1}"
kernel_version="${2}"
[ "${tee}" != "tdx" ] && die "Non supported TEE" [[ "${tee}" != "tdx" && "${tee}" != "sev" ]] && die "Non supported TEE"
export kernel_version="$(yq r $versions_yaml assets.kernel.${tee}.tag)" kernel_url="$(yq r $versions_yaml assets.kernel.${tee}.url)"
export kernel_url="$(yq r $versions_yaml assets.kernel.${tee}.url)"
DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${kernel_builder}" -x "${tee}" -v "${kernel_version}" -u "${kernel_url}" DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${kernel_builder}" -x "${tee}" -v "${kernel_version}" -u "${kernel_url}"
} }
#Install CC kernel assert for Intel TDX #Install CC kernel assert for Intel TDX
install_cc_tdx_kernel() { install_cc_tdx_kernel() {
install_cc_tee_kernel "tdx" kernel_version="$(yq r $versions_yaml assets.kernel.tdx.tag)"
install_cc_tee_kernel "tdx" "${kernel_version}"
}
install_cc_sev_kernel() {
kernel_version="$(yq r $versions_yaml assets.kernel.sev.version)"
install_cc_tee_kernel "sev" "${kernel_version}"
} }
install_cc_tee_qemu() { install_cc_tee_qemu() {
@ -329,6 +336,8 @@ handle_build() {
cc-tdx-kernel) install_cc_tdx_kernel ;; cc-tdx-kernel) install_cc_tdx_kernel ;;
cc-sev-kernel) install_cc_sev_kernel ;;
cc-tdx-qemu) install_cc_tdx_qemu ;; cc-tdx-qemu) install_cc_tdx_qemu ;;
cc-tdx-td-shim) install_cc_tdx_td_shim ;; cc-tdx-td-shim) install_cc_tdx_td_shim ;;

1
tools/packaging/static-build/kernel/Dockerfile
View File

@ -17,6 +17,7 @@ RUN apt-get update && \
git \ git \
iptables \ iptables \
libelf-dev \ libelf-dev \
libssl-dev \
patch && \ patch && \
if [ "$(uname -m)" = "s390x" ]; then apt-get install -y --no-install-recommends libssl-dev; fi && \ if [ "$(uname -m)" = "s390x" ]; then apt-get install -y --no-install-recommends libssl-dev; fi && \
apt-get clean && rm -rf /var/lib/lists/ apt-get clean && rm -rf /var/lib/lists/