mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-09-01 08:56:32 +00:00
config: Adjust TDXKERNELPARAMS for different VMMs
As Cloud Hypervisor and QEMU are using different rootfs images (the former with `offline_fs_kbc` as aa_kbc, and the latter with `eaa_kbc`), we need to differentiate the kernel parameters passed to each one of those, as the `root_hash.txt` file used for measured boot will differ according to the rootfs used. Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
This commit is contained in:
Fabiano Fidêncio
@@ -132,7 +132,9 @@ ROOTMEASURECONFIGTDX ?= ""
|
|||||||
AGENT_AA_KBC_PARAMS ?= ""
|
AGENT_AA_KBC_PARAMS ?= ""
|
||||||
AGENT_AA_KBC_PARAMS_TDX ?= ""
|
AGENT_AA_KBC_PARAMS_TDX ?= ""
|
||||||
AGENT_AA_KBC_PARAMS_SEV ?= ""
|
AGENT_AA_KBC_PARAMS_SEV ?= ""
|
||||||
TDXKERNELPARAMS := tdx_disable_filter $(ROOTMEASURECONFIGTDX) agent.enable_signature_verification=false $(AGENT_AA_KBC_PARAMS_TDX)
|
TDXKERNELPARAMS := tdx_disable_filter agent.enable_signature_verification=false $(AGENT_AA_KBC_PARAMS_TDX)
|
||||||
|
TDXKERNELPARAMS_QEMU += $(TDXKERNELPARAMS) $(ROOTMEASURECONFIGTDX)
|
||||||
|
TDXKERNELPARAMS_CLH += $(TDXKERNELPARAMS) $(ROOTMEASURECONFIG)
|
||||||
SEVKERNELPARAMS := $(AGENTCONFIGFILEKERNELPARAM) agent.enable_signature_verification=false $(AGENT_AA_KBC_PARAMS_SEV)
|
SEVKERNELPARAMS := $(AGENTCONFIGFILEKERNELPARAM) agent.enable_signature_verification=false $(AGENT_AA_KBC_PARAMS_SEV)
|
||||||
KERNELPARAMS += $(ROOTMEASURECONFIG) agent.enable_signature_verification=false $(AGENT_AA_KBC_PARAMS)
|
KERNELPARAMS += $(ROOTMEASURECONFIG) agent.enable_signature_verification=false $(AGENT_AA_KBC_PARAMS)
|
||||||
|
|
||||||
@@ -519,6 +521,8 @@ USER_VARS += TDXCPUFEATURES
|
|||||||
USER_VARS += DEFMACHINETYPE_CLH
|
USER_VARS += DEFMACHINETYPE_CLH
|
||||||
USER_VARS += KERNELPARAMS
|
USER_VARS += KERNELPARAMS
|
||||||
USER_VARS += TDXKERNELPARAMS
|
USER_VARS += TDXKERNELPARAMS
|
||||||
|
USER_VARS += TDXKERNELPARAMS_QEMU
|
||||||
|
USER_VARS += TDXKERNELPARAMS_CLH
|
||||||
USER_VARS += SEVKERNELPARAMS
|
USER_VARS += SEVKERNELPARAMS
|
||||||
USER_VARS += LIBEXECDIR
|
USER_VARS += LIBEXECDIR
|
||||||
USER_VARS += LOCALSTATEDIR
|
USER_VARS += LOCALSTATEDIR
|
||||||
|
|||||||
@@ -70,7 +70,7 @@ valid_hypervisor_paths = @CLHVALIDHYPERVISORPATHS@
|
|||||||
# may stop the virtual machine from booting.
|
# may stop the virtual machine from booting.
|
||||||
# To see the list of default parameters, enable hypervisor debug, create a
|
# To see the list of default parameters, enable hypervisor debug, create a
|
||||||
# container and look for 'default-kernel-parameters' log entries.
|
# container and look for 'default-kernel-parameters' log entries.
|
||||||
kernel_params = "@TDXKERNELPARAMS@"
|
kernel_params = "@TDXKERNELPARAMS_CLH@"
|
||||||
|
|
||||||
# Default number of vCPUs per SB/VM:
|
# Default number of vCPUs per SB/VM:
|
||||||
# unspecified or 0 --> will be set to @DEFVCPUS@
|
# unspecified or 0 --> will be set to @DEFVCPUS@
|
||||||
|
|||||||
@@ -59,7 +59,7 @@ valid_hypervisor_paths = @QEMUTDXVALIDHYPERVISORPATHS@
|
|||||||
# may stop the virtual machine from booting.
|
# may stop the virtual machine from booting.
|
||||||
# To see the list of default parameters, enable hypervisor debug, create a
|
# To see the list of default parameters, enable hypervisor debug, create a
|
||||||
# container and look for 'default-kernel-parameters' log entries.
|
# container and look for 'default-kernel-parameters' log entries.
|
||||||
kernel_params = "@TDXKERNELPARAMS@"
|
kernel_params = "@TDXKERNELPARAMS_QEMU@"
|
||||||
|
|
||||||
# Path to the firmware.
|
# Path to the firmware.
|
||||||
# If you want that qemu uses the default firmware leave this option empty
|
# If you want that qemu uses the default firmware leave this option empty
|
||||||
|
|||||||
Reference in New Issue
Block a user