github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-13 12:59:36 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #4631 from fidencio/topic/cc-build-kernel-with-tdx-support

Browse Source 
CC | packaging: Allow building a TDX capable kernel
This commit is contained in:
Fabiano Fidêncio
2022-07-12 12:08:15 +02:00
committed by GitHub
parent e8902bb373 516ed240f4
commit 6f79928df7
3 changed files with 37 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tools/packaging/kata-deploy/local-build/Makefile
View File

@@ -88,6 +88,9 @@ cc-cloud-hypervisor-tarball:
cc-kernel-tarball: cc-kernel-tarball:
${MAKE} $@-build ${MAKE} $@-build
cc-tdx-kernel-tarball:
${MAKE} $@-build
cc-qemu-tarball: cc-qemu-tarball:
${MAKE} $@-build ${MAKE} $@-build

19
tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
View File

@@ -84,6 +84,7 @@ options:
cc cc
cc-cloud-hypervisor cc-cloud-hypervisor
cc-kernel cc-kernel
cc-tdx-kernel
cc-qemu cc-qemu
cc-rootfs-image cc-rootfs-image
cc-shimv2 cc-shimv2
@@ -116,6 +117,22 @@ install_cc_image() {
"${rootfs_builder}" --imagetype=image --prefix="${cc_prefix}" --destdir="${destdir}" "${rootfs_builder}" --imagetype=image --prefix="${cc_prefix}" --destdir="${destdir}"
} }
#Install CC kernel assert, with TEE support
install_cc_tee_kernel() {
tee="${1}"
[ "${tee}" != "tdx" ] && die "Non supported TEE"
export kernel_version="$(yq r $versions_yaml assets.kernel.${tee}.tag)"
export kernel_url="$(yq r $versions_yaml assets.kernel.${tee}.url)"
DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${kernel_builder}" -x "${tee}" -v "${kernel_version}" -u "${kernel_url}"
}
#Install CC kernel assert for Intel TDX
install_cc_tdx_kernel() {
install_cc_tee_kernel "tdx"
}
#Install CC kernel asset #Install CC kernel asset
install_cc_kernel() { install_cc_kernel() {
export kernel_version="$(yq r $versions_yaml assets.kernel.version)" export kernel_version="$(yq r $versions_yaml assets.kernel.version)"
@@ -258,6 +275,8 @@ handle_build() {
cc-kernel) install_cc_kernel ;; cc-kernel) install_cc_kernel ;;
cc-tdx-kernel) install_cc_tdx_kernel ;;
cc-qemu) install_cc_qemu ;; cc-qemu) install_cc_qemu ;;
cc-rootfs-image) install_cc_image ;; cc-rootfs-image) install_cc_image ;;

44
tools/packaging/kernel/build-kernel.sh
View File

@@ -59,6 +59,8 @@ skip_config_checks="false"
DESTDIR="${DESTDIR:-/}" DESTDIR="${DESTDIR:-/}"
#PREFIX= #PREFIX=
PREFIX="${PREFIX:-/usr}" PREFIX="${PREFIX:-/usr}"
#Kernel URL
kernel_url=""
packaging_scripts_dir="${script_dir}/../scripts" packaging_scripts_dir="${script_dir}/../scripts"
source "${packaging_scripts_dir}/lib.sh" source "${packaging_scripts_dir}/lib.sh"
@@ -97,6 +99,7 @@ Options:
-p <path> : Path to a directory with patches to apply to kernel. -p <path> : Path to a directory with patches to apply to kernel.
-s : Skip .config checks -s : Skip .config checks
-t <hypervisor> : Hypervisor_target. -t <hypervisor> : Hypervisor_target.
-u <url> : Kernel URL to be used to download the kernel tarball.
-v <version> : Kernel version to use if kernel path not provided. -v <version> : Kernel version to use if kernel path not provided.
-x <type> : Confidential guest protection type, such as sev and tdx -x <type> : Confidential guest protection type, such as sev and tdx
EOF EOF
@@ -116,34 +119,19 @@ arch_to_kernel() {
esac esac
} }
get_tdx_kernel() { get_tee_kernel() {
local version="${1}" local version="${1}"
local kernel_path=${2} local kernel_path="${2}"
local tee="${3}"
mkdir -p ${kernel_path} mkdir -p ${kernel_path}
kernel_url=$(get_from_kata_deps "assets.kernel.tdx.url") [ -z "${kernel_url}" ] && kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url")
kernel_tarball="${version}.tar.gz" kernel_tarball="${version}.tar.gz"
if [ ! -f "${kernel_tarball}" ]; then if [ ! -f "${kernel_tarball}" ]; then
curl --fail -OL "${kernel_url}/${kernel_tarball}" curl --fail -OL "${kernel_url}/${kernel_tarball}"
fi fi
tar --strip-components=1 -xf ${kernel_tarball} -C ${kernel_path}
}
get_sev_kernel() {
local version="${1}"
local kernel_path=${2}
mkdir -p ${kernel_path}
kernel_url=$(get_from_kata_deps "assets.kernel.sev.url")
kernel_tarball="${version}.tar.gz"
if [ ! -f "${kernel_tarball}" ]; then
curl --fail -OL "${kernel_url}${kernel_tarball}"
fi
mkdir -p ${kernel_path} mkdir -p ${kernel_path}
tar --strip-components=1 -xf ${kernel_tarball} -C ${kernel_path} tar --strip-components=1 -xf ${kernel_tarball} -C ${kernel_path}
@@ -156,11 +144,8 @@ get_kernel() {
[ -n "${kernel_path}" ] || die "kernel_path not provided" [ -n "${kernel_path}" ] || die "kernel_path not provided"
[ ! -d "${kernel_path}" ] || die "kernel_path already exist" [ ! -d "${kernel_path}" ] || die "kernel_path already exist"
if [ "${conf_guest}" == "tdx" ]; then if [ "${conf_guest}" != "" ]; then
get_tdx_kernel ${version} ${kernel_path} get_tee_kernel ${version} ${kernel_path} ${conf_guest}
return
elif [ "${conf_guest}" == "sev" ]; then
get_sev_kernel ${version} ${kernel_path}
return return
fi fi
@@ -486,7 +471,7 @@ install_kata() {
} }
main() { main() {
while getopts "a:b:c:deEfg:hk:p:t:v:x:" opt; do while getopts "a:b:c:deEfg:hk:p:t:u:v:x:" opt; do
case "$opt" in case "$opt" in
a) a)
arch_target="${OPTARG}" arch_target="${OPTARG}"
@@ -529,6 +514,9 @@ main() {
t) t)
hypervisor_target="${OPTARG}" hypervisor_target="${OPTARG}"
;; ;;
u)
kernel_url="${OPTARG}"
;;
v) v)
kernel_version="${OPTARG}" kernel_version="${OPTARG}"
;; ;;
@@ -563,11 +551,9 @@ main() {
kernel_version=$(get_from_kata_deps "assets.kernel-experimental.tag") kernel_version=$(get_from_kata_deps "assets.kernel-experimental.tag")
;; ;;
esac esac
elif [[ "${conf_guest}" == "tdx" ]]; then elif [[ "${conf_guest}" != "" ]]; then
kernel_version=$(get_from_kata_deps "assets.kernel.tdx.tag")
elif [[ "${conf_guest}" == "sev" ]]; then
#If specifying a tag for kernel_version, must be formatted version-like to avoid unintended parsing issues #If specifying a tag for kernel_version, must be formatted version-like to avoid unintended parsing issues
kernel_version=$(get_from_kata_deps "assets.kernel.sev.tag") kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.tag")
else else
kernel_version=$(get_from_kata_deps "assets.kernel.version") kernel_version=$(get_from_kata_deps "assets.kernel.version")
fi fi