diff --git a/tools/packaging/static-build/ovmf/Dockerfile b/tools/packaging/static-build/ovmf/Dockerfile new file mode 100644 index 0000000000..cffeb2ffb2 --- /dev/null +++ b/tools/packaging/static-build/ovmf/Dockerfile @@ -0,0 +1,21 @@ +# Copyright (c) 2022 IBM +# +# SPDX-License-Identifier: Apache-2.0 + +FROM ubuntu:20.04 +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + g++ \ + gcc \ + git \ + iasl \ + make \ + nasm \ + python \ + python3 \ + uuid-dev && \ + apt-get clean && rm -rf /var/lib/lists/ diff --git a/tools/packaging/static-build/ovmf/build-ovmf.sh b/tools/packaging/static-build/ovmf/build-ovmf.sh new file mode 100755 index 0000000000..83537686c9 --- /dev/null +++ b/tools/packaging/static-build/ovmf/build-ovmf.sh @@ -0,0 +1,68 @@ +#!/bin/bash +# +# Copyright (c) 2022 IBM +# +# SPDX-License-Identifier: Apache-2.0 + +set -o errexit +set -o nounset +set -o pipefail + +script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "${script_dir}/../../scripts/lib.sh" + +# disabling set -u because scripts attempt to expand undefined variables +set +u +ovmf_build="${ovmf_build:-x86_64}" +ovmf_repo="${ovmf_repo:-}" +ovmf_dir="edk2" +ovmf_version="${ovmf_version:-}" +ovmf_package="${ovmf_package:-}" +package_output_dir="${package_output_dir:-}" +DESTDIR=${DESTDIR:-${PWD}} +PREFIX="${PREFIX:-/opt/kata}" +architecture="${architecture:-X64}" +toolchain="${toolchain:-GCC5}" +build_target="${build_target:-RELEASE}" + +[ -n "$ovmf_repo" ] || die "failed to get ovmf repo" +[ -n "$ovmf_version" ] || die "failed to get ovmf version or commit" +[ -n "$ovmf_package" ] || die "failed to get ovmf package or commit" +[ -n "$package_output_dir" ] || die "failed to get ovmf package or commit" + +info "Build ${ovmf_repo} version: ${ovmf_version}" + +build_root=$(mktemp -d) +pushd $build_root +git clone "${ovmf_repo}" +cd "${ovmf_dir}" +git checkout "${ovmf_version}" +git submodule init +git submodule update + +info "Using BaseTools make target" +make -C BaseTools/ + +info "Calling edksetup script" +source edksetup.sh + +if [ "${ovmf_build}" == "sev" ]; then + info "Creating dummy grub file" + #required for building AmdSev package without grub + touch OvmfPkg/AmdSev/Grub/grub.efi +fi + +info "Building ovmf" +build -b "${build_target}" -t "${toolchain}" -a "${architecture}" -p "${ovmf_package}" + +info "Done Building" + +build_path="Build/${package_output_dir}/${build_target}_${toolchain}/FV/OVMF.fd" +stat "${build_path}" + +#need to leave tmp dir +popd + +info "Install fd to destdir" +mkdir -p "$DESTDIR/$PREFIX/share/ovmf" +cp $build_root/$ovmf_dir/"${build_path}" "$DESTDIR/$PREFIX/share/ovmf" \ No newline at end of file diff --git a/tools/packaging/static-build/ovmf/build.sh b/tools/packaging/static-build/ovmf/build.sh new file mode 100755 index 0000000000..0662d20b82 --- /dev/null +++ b/tools/packaging/static-build/ovmf/build.sh @@ -0,0 +1,58 @@ +#!/usr/bin/env bash +# +# Copyright (c) 2022 IBM +# +# SPDX-License-Identifier: Apache-2.0 + +set -o errexit +set -o nounset +set -o pipefail + +script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +readonly repo_root_dir="$(cd "${script_dir}/../../../.." && pwd)" +readonly ovmf_builder="${script_dir}/build-ovmf.sh" + +source "${script_dir}/../../scripts/lib.sh" + +DESTDIR=${DESTDIR:-${PWD}} +PREFIX=${PREFIX:-/opt/kata} +container_image="kata-ovmf-builder" +ovmf_build="${ovmf_build:-x86_64}" +kata_version="${kata_version:-}" +ovmf_repo="${ovmf_repo:-}" +ovmf_version="${ovmf_version:-}" +ovmf_package="${ovmf_package:-}" +package_output_dir="${package_output_dir:-}" + +if [ -z "$ovmf_repo" ]; then + ovmf_repo=$(get_from_kata_deps "externals.ovmf.url" "${kata_version}") +fi + +[ -n "$ovmf_repo" ] || die "failed to get ovmf repo" + +if [ "${ovmf_build}" == "x86_64" ]; then + [ -n "$ovmf_version" ] || ovmf_version=$(get_from_kata_deps "externals.ovmf.x86_64.version" "${kata_version}") + [ -n "$ovmf_package" ] || ovmf_package=$(get_from_kata_deps "externals.ovmf.x86_64.package" "${kata_version}") + [ -n "$package_output_dir" ] || package_output_dir=$(get_from_kata_deps "externals.ovmf.x86_64.package_output_dir" "${kata_version}") +elif [ "${ovmf_build}" == "sev" ]; then + [ -n "$ovmf_version" ] || ovmf_version=$(get_from_kata_deps "externals.ovmf.sev.version" "${kata_version}") + [ -n "$ovmf_package" ] || ovmf_package=$(get_from_kata_deps "externals.ovmf.sev.package" "${kata_version}") + [ -n "$package_output_dir" ] || package_output_dir=$(get_from_kata_deps "externals.ovmf.sev.package_output_dir" "${kata_version}") +fi + +[ -n "$ovmf_version" ] || die "failed to get ovmf version or commit" +[ -n "$ovmf_package" ] || die "failed to get ovmf package or commit" +[ -n "$package_output_dir" ] || die "failed to get ovmf package or commit" + +sudo docker build -t "${container_image}" "${script_dir}" + +sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ + -w "${PWD}" \ + --env DESTDIR="${DESTDIR}" --env PREFIX="${PREFIX}" \ + --env ovmf_build="${ovmf_build}" \ + --env ovmf_repo="${ovmf_repo}" \ + --env ovmf_version="${ovmf_version}" \ + --env ovmf_package="${ovmf_package}" \ + --env package_output_dir="${package_output_dir}" \ + "${container_image}" \ + bash -c "${ovmf_builder}" diff --git a/versions.yaml b/versions.yaml index 870d985267..e3e04e89c4 100644 --- a/versions.yaml +++ b/versions.yaml @@ -248,6 +248,20 @@ externals: url: "https://github.com/containerd/nydus-snapshotter" version: "v0.2.3" + ovmf: + description: "Firmware, implementation of UEFI for virtual machines." + url: "https://github.com/tianocore/edk2" + x86_64: + description: "Vanilla firmware build" + version: "edk2-stable202202" + package: "OvmfPkg/OvmfPkgX64.dsc" + package_output_dir: "OvmfX64" + sev: + description: "AmdSev build needed for SEV measured direct boot." + version: "edk2-stable202202" + package: "OvmfPkg/AmdSev/AmdSevX64.dsc" + package_output_dir: "AmdSev" + virtiofsd: description: "vhost-user virtio-fs device backend written in Rust" url: "https://gitlab.com/virtio-fs/virtiofsd"