diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh index 0aa831f65..93e82d590 100755 --- a/tools/packaging/kernel/build-kernel.sh +++ b/tools/packaging/kernel/build-kernel.sh @@ -53,6 +53,8 @@ hypervisor_target="" arch_target="" # kernel_config_path="" +# +skip_config_checks="false" # destdir DESTDIR="${DESTDIR:-/}" #PREFIX= @@ -92,9 +94,10 @@ Options: -h : Display this help. -k : Path to kernel to build. -p : Path to a directory with patches to apply to kernel. + -s : Skip .config checks -t : Hypervisor_target. -v : Kernel version to use if kernel path not provided. - -x : Confidential guest protection type, such as sev + -x : Confidential guest protection type, such as sev and tdx EOT exit "$exit_code" } @@ -112,6 +115,22 @@ arch_to_kernel() { esac } +get_tdx_kernel() { + local version="${1}" + local kernel_path=${2} + + mkdir -p ${kernel_path} + + kernel_url=$(get_from_kata_deps "assets.kernel.tdx.url") + kernel_tarball="${version}.tar.gz" + + if [ ! -f "${kernel_tarball}" ]; then + curl --fail -OL "${kernel_url}/${kernel_tarball}" + fi + + tar --strip-components=1 -xf ${kernel_tarball} -C ${kernel_path} +} + get_kernel() { local version="${1:-}" @@ -119,7 +138,10 @@ get_kernel() { [ -n "${kernel_path}" ] || die "kernel_path not provided" [ ! -d "${kernel_path}" ] || die "kernel_path already exist" - + if [ "${conf_guest}" == "tdx" ]; then + get_tdx_kernel ${version} ${kernel_path} + return + fi #Remove extra 'v' version=${version#v} @@ -233,6 +255,8 @@ get_kernel_frag_path() { # Do not care about options that are in whitelist results=$(grep -v -f ${default_config_whitelist} <<< "$results") + [[ "${skip_config_checks}" == "true" ]] && echo "${config_path}" && return + # Did we request any entries that did not make it? local missing=$(echo $results | grep -v -q "${not_in_string}"; echo $?) if [ ${missing} -ne 0 ]; then @@ -438,7 +462,7 @@ install_kata() { } main() { - while getopts "a:b:c:defg:hk:p:t:v:x:" opt; do + while getopts "a:b:c:defg:hk:p:st:v:x:" opt; do case "$opt" in a) arch_target="${OPTARG}" @@ -467,11 +491,14 @@ main() { usage 0 ;; k) - kernel_path="${OPTARG}" + kernel_path="$(realpath ${OPTARG})" ;; p) patches_path="${OPTARG}" ;; + s) + skip_config_checks="true" + ;; t) hypervisor_target="${OPTARG}" ;; @@ -481,7 +508,7 @@ main() { x) conf_guest="${OPTARG}" case "$conf_guest" in - sev) ;; + sev|tdx) ;; *) die "Confidential guest type '$conf_guest' not supported" ;; esac ;; @@ -498,6 +525,8 @@ main() { if [ -z "$kernel_version" ]; then if [[ ${build_type} == "experimental" ]]; then kernel_version=$(get_from_kata_deps "assets.kernel-experimental.tag") + elif [[ "${conf_guest}" == "tdx" ]]; then + kernel_version=$(get_from_kata_deps "assets.kernel.tdx.tag") else kernel_version=$(get_from_kata_deps "assets.kernel.version") fi diff --git a/tools/packaging/kernel/patches/tdx-guest-v5.15-4.x/no_patches.txt b/tools/packaging/kernel/patches/tdx-guest-v5.15-4.x/no_patches.txt new file mode 100644 index 000000000..e69de29bb diff --git a/versions.yaml b/versions.yaml index 8e8ee9b36..828280a6f 100644 --- a/versions.yaml +++ b/versions.yaml @@ -150,6 +150,10 @@ assets: description: "Linux kernel optimised for virtual machines" url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/" version: "v5.10.25" + tdx: + description: "Linux kernel that supports TDX" + url: "https://github.com/intel/tdx/archive/refs/tags" + tag: "tdx-guest-v5.15-4" kernel-experimental: description: "Linux kernel with virtio-fs support"