From e005dfa718ca3f92c05884f6998175495c5f11e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 18 May 2023 12:43:21 +0200 Subject: [PATCH 1/9] Revert "govmm: Directly pass the firmware using -bios with TDX" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 3e158001993cc2356d6ac084e6c82714210c9f24. As the Jenkins TDX CI is running on a system with a TDX stack called "2022ww44", we should keep the QEMU / kernel / OVMF versions matching what's provided in that stack. The reason we were able to update this on `main` is because the GHA TDX CI is running on a TDX stack called "2023ww01", but we have decided to NOT take the bullet, NOT updating the Jenkins CI in order to avoid unexepected breakages. This regression was introduced as part of the last CCv0 merge to main, and would've been caught by the CI, and should've been caught by the reviewer (myself :-)), but CI was having a hard time to even build the compoenents and I wrote in the PR and I'm quoting it here: "I rather deal with possible breakages on this later on, than block this PR to get in." ... and here we are. :-) Fixes: #6884 Signed-off-by: Fabiano Fidêncio --- src/runtime/pkg/govmm/qemu/qemu.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/runtime/pkg/govmm/qemu/qemu.go b/src/runtime/pkg/govmm/qemu/qemu.go index 92345397ba..b0745c27e4 100644 --- a/src/runtime/pkg/govmm/qemu/qemu.go +++ b/src/runtime/pkg/govmm/qemu/qemu.go @@ -368,7 +368,12 @@ func (object Object) QemuParams(config *Config) []string { if object.Debug { objectParams = append(objectParams, "debug=on") } - config.Bios = object.File + deviceParams = append(deviceParams, string(object.Driver)) + deviceParams = append(deviceParams, fmt.Sprintf("id=%s", object.DeviceID)) + deviceParams = append(deviceParams, fmt.Sprintf("file=%s", object.File)) + if object.FirmwareVolume != "" { + deviceParams = append(deviceParams, fmt.Sprintf("config-firmware-volume=%s", object.FirmwareVolume)) + } case SEVGuest: objectParams = append(objectParams, string(object.Type)) objectParams = append(objectParams, fmt.Sprintf("id=%s", object.ID)) From eee621f431af6fc147eb88d6cd98c313491ed352 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 18 May 2023 12:43:31 +0200 Subject: [PATCH 2/9] Revert "govmm: Set "sept-ve-disable=on"" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 3c5ffb0c8518c7cde7c89f4bc075dfb2440c0514. As the Jenkins TDX CI is running on a system with a TDX stack called "2022ww44", we should keep the QEMU / kernel / OVMF versions matching what's provided in that stack. The reason we were able to update this on `main` is because the GHA TDX CI is running on a TDX stack called "2023ww01", but we have decided to NOT take the bullet, NOT updating the Jenkins CI in order to avoid unexepected breakages. This regression was introduced as part of the last CCv0 merge to main, and would've been caught by the CI, and should've been caught by the reviewer (myself :-)), but CI was having a hard time to even build the compoenents and I wrote in the PR and I'm quoting it here: "I rather deal with possible breakages on this later on, than block this PR to get in." ... and here we are. :-) Fixes: #6884 Signed-off-by: Fabiano Fidêncio --- src/runtime/pkg/govmm/qemu/qemu.go | 1 - 1 file changed, 1 deletion(-) diff --git a/src/runtime/pkg/govmm/qemu/qemu.go b/src/runtime/pkg/govmm/qemu/qemu.go index b0745c27e4..5ff258aed9 100644 --- a/src/runtime/pkg/govmm/qemu/qemu.go +++ b/src/runtime/pkg/govmm/qemu/qemu.go @@ -363,7 +363,6 @@ func (object Object) QemuParams(config *Config) []string { case TDXGuest: objectParams = append(objectParams, string(object.Type)) - objectParams = append(objectParams, "sept-ve-disable=on") objectParams = append(objectParams, fmt.Sprintf("id=%s", object.ID)) if object.Debug { objectParams = append(objectParams, "debug=on") From 2962d8db4591bece48393747cf67b20c0b4ed6a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 18 May 2023 12:43:38 +0200 Subject: [PATCH 3/9] Revert "runtime/qemu: Drop "kvm-type=tdx"" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit ed145365ecadf35b6a5050b4bf58f71c3c4a5d66. As the Jenkins TDX CI is running on a system with a TDX stack called "2022ww44", we should keep the QEMU / kernel / OVMF versions matching what's provided in that stack. The reason we were able to update this on `main` is because the GHA TDX CI is running on a TDX stack called "2023ww01", but we have decided to NOT take the bullet, NOT updating the Jenkins CI in order to avoid unexepected breakages. This regression was introduced as part of the last CCv0 merge to main, and would've been caught by the CI, and should've been caught by the reviewer (myself :-)), but CI was having a hard time to even build the compoenents and I wrote in the PR and I'm quoting it here: "I rather deal with possible breakages on this later on, than block this PR to get in." ... and here we are. :-) Fixes: #6884 Signed-off-by: Fabiano Fidêncio --- src/runtime/virtcontainers/qemu_amd64.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go index e9cda5b9e9..d24953e61e 100644 --- a/src/runtime/virtcontainers/qemu_amd64.go +++ b/src/runtime/virtcontainers/qemu_amd64.go @@ -260,7 +260,7 @@ func (q *qemuAmd64) enableProtection() error { if q.qemuMachine.Options != "" { q.qemuMachine.Options += "," } - q.qemuMachine.Options += "confidential-guest-support=tdx" + q.qemuMachine.Options += "kvm-type=tdx,confidential-guest-support=tdx" logger.Info("Enabling TDX guest protection") return nil case sevProtection: From fe6e918ddc9eacff4358cff7ba6bc065cbb1f1ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 18 May 2023 12:43:51 +0200 Subject: [PATCH 4/9] Revert "virtcontainers: Drop check for the `tdx` CPU flag" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 25b3cdd38c12f03aab115fe6b5681e6d26ea49d8. As the Jenkins TDX CI is running on a system with a TDX stack called "2022ww44", we should keep the QEMU / kernel / OVMF versions matching what's provided in that stack. The reason we were able to update this on `main` is because the GHA TDX CI is running on a TDX stack called "2023ww01", but we have decided to NOT take the bullet, NOT updating the Jenkins CI in order to avoid unexepected breakages. This regression was introduced as part of the last CCv0 merge to main, and would've been caught by the CI, and should've been caught by the reviewer (myself :-)), but CI was having a hard time to even build the compoenents and I wrote in the PR and I'm quoting it here: "I rather deal with possible breakages on this later on, than block this PR to get in." ... and here we are. :-) Fixes: #6884 Signed-off-by: Fabiano Fidêncio --- src/runtime/virtcontainers/hypervisor_linux_amd64.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/runtime/virtcontainers/hypervisor_linux_amd64.go b/src/runtime/virtcontainers/hypervisor_linux_amd64.go index 043b36c9f5..304d0446a4 100644 --- a/src/runtime/virtcontainers/hypervisor_linux_amd64.go +++ b/src/runtime/virtcontainers/hypervisor_linux_amd64.go @@ -12,6 +12,8 @@ const ( tdxSysFirmwareDir = "/sys/firmware/tdx/" + tdxCPUFlag = "tdx" + sevKvmParameterPath = "/sys/module/kvm_amd/parameters/sev" snpKvmParameterPath = "/sys/module/kvm_amd/parameters/sev_snp" @@ -19,6 +21,10 @@ const ( // TDX is supported and properly loaded when the firmware directory (either tdx or tdx_seam) exists or `tdx` is part of the CPU flag func checkTdxGuestProtection(flags map[string]bool) bool { + if flags[tdxCPUFlag] { + return true + } + if d, err := os.Stat(tdxSysFirmwareDir); err == nil && d.IsDir() { return true } From 82e6b65f63bde66d7817652090cb224e9544740c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 18 May 2023 12:46:59 +0200 Subject: [PATCH 5/9] Partially revert "versions: Bump OVMF for TDX" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This partially reverts commit 054174d3e6330f7f3821983957b4bacfc6847dae As the Jenkins TDX CI is running on a system with a TDX stack called "2022ww44", we should keep the QEMU / kernel / OVMF versions matching what's provided in that stack. The reason we were able to update this on `main` is because the GHA TDX CI is running on a TDX stack called "2023ww01", but we have decided to NOT take the bullet, NOT updating the Jenkins CI in order to avoid unexepected breakages. This regression was introduced as part of the last CCv0 merge to main, and would've been caught by the CI, and should've been caught by the reviewer (myself :-)), but CI was having a hard time to even build the compoenents and I wrote in the PR and I'm quoting it here: "I rather deal with possible breakages on this later on, than block this PR to get in." ... and here we are. :-) Fixes: #6884 Signed-off-by: Fabiano Fidêncio --- tools/packaging/static-build/ovmf/build-ovmf.sh | 4 +++- tools/packaging/static-build/ovmf/build.sh | 3 +++ versions.yaml | 10 +++++----- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/tools/packaging/static-build/ovmf/build-ovmf.sh b/tools/packaging/static-build/ovmf/build-ovmf.sh index 19c3230d16..ed8a6e1d12 100755 --- a/tools/packaging/static-build/ovmf/build-ovmf.sh +++ b/tools/packaging/static-build/ovmf/build-ovmf.sh @@ -57,7 +57,7 @@ fi info "Building ovmf" build_cmd="build -b ${build_target} -t ${toolchain} -a ${architecture} -p ${ovmf_package}" if [ "${ovmf_build}" == "tdx" ]; then - build_cmd+=" -D DEBUG_ON_SERIAL_PORT=FALSE -D TDX_MEM_PARTIAL_ACCEPT=512 -D TDX_EMULATION_ENABLE=FALSE -D SECURE_BOOT_ENABLE=TRUE -D TDX_ACCEPT_PAGE_SIZE=2M" + build_cmd+=" -D DEBUG_ON_SERIAL_PORT=TRUE -D TDX_MEM_PARTIAL_ACCEPT=512 -D TDX_EMULATION_ENABLE=FALSE -D TDX_ACCEPT_PAGE_SIZE=2M" fi eval "${build_cmd}" @@ -71,6 +71,7 @@ if [ "${ovmf_build}" == "tdx" ]; then build_path_arch="${build_path_target_toolchain}/X64" stat "${build_path_fv}/OVMF_CODE.fd" stat "${build_path_fv}/OVMF_VARS.fd" + stat "${build_path_arch}/DumpTdxEventLog.efi" fi #need to leave tmp dir @@ -93,6 +94,7 @@ fi if [ "${ovmf_build}" == "tdx" ]; then install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF_CODE.fd ${install_dir} install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF_VARS.fd ${install_dir} + install $build_root/$ovmf_dir/"${build_path_arch}"/DumpTdxEventLog.efi ${install_dir} fi local_dir=${PWD} diff --git a/tools/packaging/static-build/ovmf/build.sh b/tools/packaging/static-build/ovmf/build.sh index ff48a2aba2..626f433efd 100755 --- a/tools/packaging/static-build/ovmf/build.sh +++ b/tools/packaging/static-build/ovmf/build.sh @@ -28,6 +28,9 @@ if [ -z "$ovmf_repo" ]; then "sev") ovmf_repo=$(get_from_kata_deps "externals.ovmf.sev.url" "${kata_version}") ;; + "tdx") + ovmf_repo=$(get_from_kata_deps "externals.ovmf.tdx.url" "${kata_version}") + ;; *) ovmf_repo=$(get_from_kata_deps "externals.ovmf.url" "${kata_version}") ;; diff --git a/versions.yaml b/versions.yaml index b894d3f822..cc2cdde34b 100644 --- a/versions.yaml +++ b/versions.yaml @@ -305,11 +305,11 @@ externals: package: "OvmfPkg/AmdSev/AmdSevX64.dsc" package_output_dir: "AmdSev" tdx: - # yamllint disable-line rule:line-length - description: "QEMU with TDX support - based on https://github.com/intel/tdx-tools/releases/tag/2023ww01" - version: "edk2-stable202211" - package: "OvmfPkg/IntelTdx/IntelTdxX64.dsc" - package_output_dir: "IntelTdx" + url: "https://github.com/tianocore/edk2-staging" + description: "TDVF build needed for TDX measured direct boot." + version: "2022-tdvf-ww28.5" + package: "OvmfPkg/OvmfPkgX64.dsc" + package_output_dir: "OvmfX64" td-shim: description: "Confidential Containers Shim Firmware" From 4bdf56a3f84bd5bb8f2b2dbaf87e2791e75f1a00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 18 May 2023 12:49:03 +0200 Subject: [PATCH 6/9] Revert "versions: Update Kernel TDX version" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit f33345c3110074609ee741c1caeea402ba6ba3fb. As the Jenkins TDX CI is running on a system with a TDX stack called "2022ww44", we should keep the QEMU / kernel / OVMF versions matching what's provided in that stack. The reason we were able to update this on `main` is because the GHA TDX CI is running on a TDX stack called "2023ww01", but we have decided to NOT take the bullet, NOT updating the Jenkins CI in order to avoid unexepected breakages. This regression was introduced as part of the last CCv0 merge to main, and would've been caught by the CI, and should've been caught by the reviewer (myself :-)), but CI was having a hard time to even build the compoenents and I wrote in the PR and I'm quoting it here: "I rather deal with possible breakages on this later on, than block this PR to get in." ... and here we are. :-) Fixes: #6884 Signed-off-by: Fabiano Fidêncio --- tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf | 4 ++++ tools/packaging/kernel/kata_config_version | 2 +- tools/packaging/kernel/patches/5.19-TDX-v2.x/no_patches.txt | 0 versions.yaml | 5 ++--- 4 files changed, 7 insertions(+), 4 deletions(-) delete mode 100644 tools/packaging/kernel/patches/5.19-TDX-v2.x/no_patches.txt diff --git a/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf b/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf index 2f877a5c99..1b1f8751ef 100644 --- a/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf +++ b/tools/packaging/kernel/configs/fragments/x86_64/tdx/tdx.conf @@ -5,9 +5,13 @@ CONFIG_DMA_RESTRICTED_POOL=y CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_INTEL_IOMMU_SVM=y +CONFIG_INTEL_TDX_ATTESTATION=y +CONFIG_INTEL_TDX_FIXES=y CONFIG_INTEL_TDX_GUEST=y CONFIG_OF=y CONFIG_OF_RESERVED_MEM=y CONFIG_X86_5LEVEL=y CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +CONFIG_X86_MEM_ENCRYPT_COMMON=y CONFIG_X86_PLATFORM_DEVICES=y +CONFIG_X86_PLATFORM_DRIVERS_INTEL=y diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version index f35a418cd9..b6e2c490e7 100644 --- a/tools/packaging/kernel/kata_config_version +++ b/tools/packaging/kernel/kata_config_version @@ -1 +1 @@ -105cc \ No newline at end of file +106cc diff --git a/tools/packaging/kernel/patches/5.19-TDX-v2.x/no_patches.txt b/tools/packaging/kernel/patches/5.19-TDX-v2.x/no_patches.txt deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/versions.yaml b/versions.yaml index cc2cdde34b..c92352a67a 100644 --- a/versions.yaml +++ b/versions.yaml @@ -183,10 +183,9 @@ assets: version: "v5.10.25" kernel-tdx-experimental: - # yamllint disable-line rule:line-length - description: "Linux kernel with TDX support -- based on https://github.com/intel/tdx-tools/releases/tag/2023ww01" + description: "Linux kernel that supports TDX" url: "https://github.com/kata-containers/linux/archive/refs/tags" - version: "5.19-TDX-v2.2" + tag: "5.15-plus-TDX" externals: description: "Third-party projects used by the system" From 7bf6ba11c6efe36ce25b0f7a0f23568c4f373115 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 18 May 2023 12:49:15 +0200 Subject: [PATCH 7/9] Revert "versions: Move Kernel TDX to its own experimental entry" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 20ab2c24207867e0de95c3edac9fa1b444c29fc6. As the Jenkins TDX CI is running on a system with a TDX stack called "2022ww44", we should keep the QEMU / kernel / OVMF versions matching what's provided in that stack. The reason we were able to update this on `main` is because the GHA TDX CI is running on a TDX stack called "2023ww01", but we have decided to NOT take the bullet, NOT updating the Jenkins CI in order to avoid unexepected breakages. This regression was introduced as part of the last CCv0 merge to main, and would've been caught by the CI, and should've been caught by the reviewer (myself :-)), but CI was having a hard time to even build the compoenents and I wrote in the PR and I'm quoting it here: "I rather deal with possible breakages on this later on, than block this PR to get in." ... and here we are. :-) Fixes: #6884 Signed-off-by: Fabiano Fidêncio --- versions.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/versions.yaml b/versions.yaml index c92352a67a..824152e1be 100644 --- a/versions.yaml +++ b/versions.yaml @@ -158,6 +158,10 @@ assets: description: "Linux kernel optimised for virtual machines" url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/" version: "v5.19.2" + tdx: + description: "Linux kernel that supports TDX" + url: "https://github.com/kata-containers/linux/archive/refs/tags" + tag: "5.15-plus-TDX" sev: description: "Linux kernel that supports SEV" url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/" @@ -182,11 +186,6 @@ assets: url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/" version: "v5.10.25" - kernel-tdx-experimental: - description: "Linux kernel that supports TDX" - url: "https://github.com/kata-containers/linux/archive/refs/tags" - tag: "5.15-plus-TDX" - externals: description: "Third-party projects used by the system" From 7f13329c6a48b64c249af7be26a30b68032c5d4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 18 May 2023 12:49:31 +0200 Subject: [PATCH 8/9] Revert "versions: Update QEMU TDX version" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 3018c9ad517874779a0017ab38a9796ab1c79da9. As the Jenkins TDX CI is running on a system with a TDX stack called "2022ww44", we should keep the QEMU / kernel / OVMF versions matching what's provided in that stack. The reason we were able to update this on `main` is because the GHA TDX CI is running on a TDX stack called "2023ww01", but we have decided to NOT take the bullet, NOT updating the Jenkins CI in order to avoid unexepected breakages. This regression was introduced as part of the last CCv0 merge to main, and would've been caught by the CI, and should've been caught by the reviewer (myself :-)), but CI was having a hard time to even build the compoenents and I wrote in the PR and I'm quoting it here: "I rather deal with possible breakages on this later on, than block this PR to get in." ... and here we are. :-) Fixes: #6884 Signed-off-by: Fabiano Fidêncio --- .../no_patches.txt | 0 tools/packaging/scripts/configure-hypervisor.sh | 1 - versions.yaml | 5 ++--- 3 files changed, 2 insertions(+), 4 deletions(-) delete mode 100644 tools/packaging/qemu/patches/tag_patches/ad4c7f529a279685da84297773b4ec8080153c2d-plus-TDX-v1.3/no_patches.txt diff --git a/tools/packaging/qemu/patches/tag_patches/ad4c7f529a279685da84297773b4ec8080153c2d-plus-TDX-v1.3/no_patches.txt b/tools/packaging/qemu/patches/tag_patches/ad4c7f529a279685da84297773b4ec8080153c2d-plus-TDX-v1.3/no_patches.txt deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/tools/packaging/scripts/configure-hypervisor.sh b/tools/packaging/scripts/configure-hypervisor.sh index 751b2866f9..495251e4c1 100755 --- a/tools/packaging/scripts/configure-hypervisor.sh +++ b/tools/packaging/scripts/configure-hypervisor.sh @@ -247,7 +247,6 @@ generate_qemu_options() { else qemu_options+=(size:--disable-png) fi - qemu_options+=(size:--disable-vnc-sasl) # Disable PAM authentication: it's a feature used together with VNC access diff --git a/versions.yaml b/versions.yaml index 824152e1be..37c04b127a 100644 --- a/versions.yaml +++ b/versions.yaml @@ -109,10 +109,9 @@ assets: version: "7a800cf9496fddddf71b21a00991e0ec757a170a" qemu-tdx-experimental: - # yamllint disable-line rule:line-length - description: "QEMU with TDX support - based on https://github.com/intel/tdx-tools/releases/tag/2023ww01" + description: "VMM that uses KVM and supports TDX" url: "https://github.com/kata-containers/qemu" - tag: "ad4c7f529a279685da84297773b4ec8080153c2d-plus-TDX-v1.3" + tag: "TDX-v3.1" image: description: | From c29e5036a68f67c556750356e43f7bf88b0fe313 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 18 May 2023 12:49:42 +0200 Subject: [PATCH 9/9] Revert "versions: Move QEMU TDX to its own experimental entry" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 800ee5cd8868f7d59e14c481df814fb405cd2164. As the Jenkins TDX CI is running on a system with a TDX stack called "2022ww44", we should keep the QEMU / kernel / OVMF versions matching what's provided in that stack. The reason we were able to update this on `main` is because the GHA TDX CI is running on a TDX stack called "2023ww01", but we have decided to NOT take the bullet, NOT updating the Jenkins CI in order to avoid unexepected breakages. This regression was introduced as part of the last CCv0 merge to main, and would've been caught by the CI, and should've been caught by the reviewer (myself :-)), but CI was having a hard time to even build the compoenents and I wrote in the PR and I'm quoting it here: "I rather deal with possible breakages on this later on, than block this PR to get in." ... and here we are. :-) Fixes: #6884 Signed-off-by: Fabiano Fidêncio --- versions.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/versions.yaml b/versions.yaml index 37c04b127a..ebac758eb5 100644 --- a/versions.yaml +++ b/versions.yaml @@ -98,6 +98,10 @@ assets: uscan-url: >- https://github.com/qemu/qemu/tags .*/v?(\d\S+)\.tar\.gz + tdx: + description: "VMM that uses KVM and supports TDX" + url: "https://github.com/kata-containers/qemu" + tag: "TDX-v3.1" snp: description: "VMM that uses KVM and supports AMD SEV-SNP" url: "https://github.com/AMDESE/qemu" @@ -108,11 +112,6 @@ assets: url: "https://github.com/qemu/qemu" version: "7a800cf9496fddddf71b21a00991e0ec757a170a" - qemu-tdx-experimental: - description: "VMM that uses KVM and supports TDX" - url: "https://github.com/kata-containers/qemu" - tag: "TDX-v3.1" - image: description: | Root filesystem disk image used to boot the guest virtual