github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-18 16:08:25 +00:00
Code Issues Projects Releases Wiki Activity

config: Add root hash value and measure config to kernel params

Browse Source 
After we have a guest kernel with builtin initramfs which
provide the rootfs measurement capability and Kata rootfs
image with hash device, we need set related root hash value
and measure config to the kernel params in kata configuration file.

Fixes: #5168

Signed-off-by: Wang, Arron <arron.wang@intel.com>
This commit is contained in:
Wang, Arron 2022-09-15 10:17:55 +08:00
parent 30460044a5
commit 8225457dd5
3 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/runtime/Makefile
View File

@ -125,8 +125,10 @@ SEVFIRMWAREPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd
AGENTCONFIGFILEPATH := /etc/agent-config.toml AGENTCONFIGFILEPATH := /etc/agent-config.toml
AGENTCONFIGFILEKERNELPARAM := agent.config_file=$(AGENTCONFIGFILEPATH) AGENTCONFIGFILEKERNELPARAM := agent.config_file=$(AGENTCONFIGFILEPATH)
TDXKERNELPARAMS := tdx_disable_filter ROOTMEASURECONFIG ?= ""
SEVKERNELPARAMS := $(AGENTCONFIGFILEKERNELPARAM) TDXKERNELPARAMS := tdx_disable_filter $(ROOTMEASURECONFIG)
SEVKERNELPARAMS := $(AGENTCONFIGFILEKERNELPARAM) $(ROOTMEASURECONFIG)
KERNELPARAMS += $(ROOTMEASURECONFIG)
# Name of default configuration file the runtime will use. # Name of default configuration file the runtime will use.
CONFIG_FILE = configuration.toml CONFIG_FILE = configuration.toml

3
tools/packaging/guest-image/build_image.sh
View File

@ -68,6 +68,9 @@ build_image() {
IMG_OS_VERSION="${img_os_version}" \ IMG_OS_VERSION="${img_os_version}" \
ROOTFS_BUILD_DEST="${builddir}/rootfs-image" ROOTFS_BUILD_DEST="${builddir}/rootfs-image"
mv -f "kata-containers.img" "${install_dir}/${image_name}" mv -f "kata-containers.img" "${install_dir}/${image_name}"
if [ -e "root_hash.txt" ]; then
cp root_hash.txt "${install_dir}/"
fi
( (
cd "${install_dir}" cd "${install_dir}"
ln -sf "${image_name}" kata-containers.img ln -sf "${image_name}" kata-containers.img

10
tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
View File

@ -150,7 +150,15 @@ install_cc_shimv2() {
GO_VERSION="$(yq r ${versions_yaml} languages.golang.meta.newest-version)" GO_VERSION="$(yq r ${versions_yaml} languages.golang.meta.newest-version)"
export GO_VERSION export GO_VERSION
export REMOVE_VMM_CONFIGS="acrn fc" export REMOVE_VMM_CONFIGS="acrn fc"
DESTDIR="${destdir}" PREFIX="${cc_prefix}" EXTRA_OPTS="DEFSERVICEOFFLOAD=true" "${shimv2_builder}"
extra_opts="DEFSERVICEOFFLOAD=true"
if [ -f "${repo_root_dir}/tools/osbuilder/root_hash.txt" ]; then
root_hash=$(sudo sed -e 's/Root hash:\s*//g;t;d' "${repo_root_dir}/tools/osbuilder//root_hash.txt")
root_measure_config="cc_rootfs_verity.scheme=dm-verity cc_rootfs_verity.hash=${root_hash}"
extra_opts+=" ROOTMEASURECONFIG=\"${root_measure_config}\""
fi
DESTDIR="${destdir}" PREFIX="${cc_prefix}" EXTRA_OPTS="${extra_opts}" "${shimv2_builder}"
} }
# Install static CC virtiofsd asset # Install static CC virtiofsd asset