github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-30 14:25:43 +00:00
Code Issues Projects Releases Wiki Activity

packaging: add efi secret module to rootfs for sev

Browse Source 
Adds the efi_secret kernel module to the sev initrd.

Adds a rootfs flag for kernel module based on the AA_KBC.

Finding the kernel module in the local build based on kernel version and kernel config version.

Moved kernel config version checking function from kernel builder to lib script.

Fixes: #5118

Signed-Off-By: Alex Carter <alex.carter@ibm.com>
This commit is contained in:
Alex Carter 2022-09-01 17:14:09 +00:00 committed by Alex
parent fa11294b0f
commit 69230fac97
3 changed files with 30 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tools/packaging/guest-image/build_image.sh
View File

@ -17,6 +17,9 @@ readonly packaging_root_dir="$(cd "${script_dir}/../" && pwd)"
readonly repo_root_dir="$(cd "${script_dir}/../../../" && pwd)" readonly repo_root_dir="$(cd "${script_dir}/../../../" && pwd)"
readonly osbuilder_dir="$(cd "${repo_root_dir}/tools/osbuilder" && pwd)" readonly osbuilder_dir="$(cd "${repo_root_dir}/tools/osbuilder" && pwd)"
patches_path=""
readonly default_patches_dir="${packaging_root_dir}/kernel/patches"
export GOPATH=${GOPATH:-${HOME}/go} export GOPATH=${GOPATH:-${HOME}/go}
source "${packaging_root_dir}/scripts/lib.sh" source "${packaging_root_dir}/scripts/lib.sh"
@ -32,7 +35,17 @@ build_initrd() {
export USE_DOCKER=1 export USE_DOCKER=1
export AGENT_INIT="yes" export AGENT_INIT="yes"
# ROOTFS_BUILD_DEST is a Make variable # ROOTFS_BUILD_DEST is a Make variable
sudo -E PATH="$PATH" make rootfs ROOTFS_BUILD_DEST="${rootfs_build_dest}"
if [ -z "${AA_KBC}" == "offline_sev_kbc" ]; then
config_version=$(get_config_version)
kernel_version="$(get_from_kata_deps "assets.kernel.sev.version")"
kernel_version=${kernel_version#v}
module_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build/cc-sev-kernel/builddir/kata-linux-${kernel_version}-${config_version}/lib/modules/${kernel_version}"
sudo -E PATH="$PATH" make rootfs ROOTFS_BUILD_DEST="${rootfs_build_dest}" KERNEL_MODULES_DIR="${module_dir}"
else
sudo -E PATH="$PATH" make rootfs ROOTFS_BUILD_DEST="${rootfs_build_dest}"
fi
if [ -n "${INCLUDE_ROOTFS:-}" ]; then if [ -n "${INCLUDE_ROOTFS:-}" ]; then
sudo cp -RL --preserve=mode "${INCLUDE_ROOTFS}/." "${rootfs_build_dest}/${initrd_distro}_rootfs/" sudo cp -RL --preserve=mode "${INCLUDE_ROOTFS}/." "${rootfs_build_dest}/${initrd_distro}_rootfs/"
fi fi

16
tools/packaging/kernel/build-kernel.sh
View File

@ -331,22 +331,6 @@ get_default_kernel_config() {
echo "${config}" echo "${config}"
} }
get_config_and_patches() {
if [ -z "${patches_path}" ]; then
patches_path="${default_patches_dir}"
fi
}
get_config_version() {
get_config_and_patches
config_version_file="${default_patches_dir}/../kata_config_version"
if [ -f "${config_version_file}" ]; then
cat "${config_version_file}"
else
die "failed to find ${config_version_file}"
fi
}
setup_kernel() { setup_kernel() {
local kernel_path=${1:-} local kernel_path=${1:-}
[ -n "${kernel_path}" ] || die "kernel_path not provided" [ -n "${kernel_path}" ] || die "kernel_path not provided"

16
tools/packaging/scripts/lib.sh
View File

@ -97,3 +97,19 @@ get_kata_hash() {
ref=$2 ref=$2
git ls-remote --heads --tags "https://github.com/${project}/${repo}.git" | grep "${ref}" | awk '{print $1}' git ls-remote --heads --tags "https://github.com/${project}/${repo}.git" | grep "${ref}" | awk '{print $1}'
} }
get_config_and_patches() {
if [ -z "${patches_path}" ]; then
patches_path="${default_patches_dir}"
fi
}
get_config_version() {
get_config_and_patches
config_version_file="${default_patches_dir}/../kata_config_version"
if [ -f "${config_version_file}" ]; then
cat "${config_version_file}"
else
die "failed to find ${config_version_file}"
fi
}