From 82e6b65f63bde66d7817652090cb224e9544740c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 18 May 2023 12:46:59 +0200 Subject: [PATCH] Partially revert "versions: Bump OVMF for TDX" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This partially reverts commit 054174d3e6330f7f3821983957b4bacfc6847dae As the Jenkins TDX CI is running on a system with a TDX stack called "2022ww44", we should keep the QEMU / kernel / OVMF versions matching what's provided in that stack. The reason we were able to update this on `main` is because the GHA TDX CI is running on a TDX stack called "2023ww01", but we have decided to NOT take the bullet, NOT updating the Jenkins CI in order to avoid unexepected breakages. This regression was introduced as part of the last CCv0 merge to main, and would've been caught by the CI, and should've been caught by the reviewer (myself :-)), but CI was having a hard time to even build the compoenents and I wrote in the PR and I'm quoting it here: "I rather deal with possible breakages on this later on, than block this PR to get in." ... and here we are. :-) Fixes: #6884 Signed-off-by: Fabiano FidĂȘncio --- tools/packaging/static-build/ovmf/build-ovmf.sh | 4 +++- tools/packaging/static-build/ovmf/build.sh | 3 +++ versions.yaml | 10 +++++----- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/tools/packaging/static-build/ovmf/build-ovmf.sh b/tools/packaging/static-build/ovmf/build-ovmf.sh index 19c3230d16..ed8a6e1d12 100755 --- a/tools/packaging/static-build/ovmf/build-ovmf.sh +++ b/tools/packaging/static-build/ovmf/build-ovmf.sh @@ -57,7 +57,7 @@ fi info "Building ovmf" build_cmd="build -b ${build_target} -t ${toolchain} -a ${architecture} -p ${ovmf_package}" if [ "${ovmf_build}" == "tdx" ]; then - build_cmd+=" -D DEBUG_ON_SERIAL_PORT=FALSE -D TDX_MEM_PARTIAL_ACCEPT=512 -D TDX_EMULATION_ENABLE=FALSE -D SECURE_BOOT_ENABLE=TRUE -D TDX_ACCEPT_PAGE_SIZE=2M" + build_cmd+=" -D DEBUG_ON_SERIAL_PORT=TRUE -D TDX_MEM_PARTIAL_ACCEPT=512 -D TDX_EMULATION_ENABLE=FALSE -D TDX_ACCEPT_PAGE_SIZE=2M" fi eval "${build_cmd}" @@ -71,6 +71,7 @@ if [ "${ovmf_build}" == "tdx" ]; then build_path_arch="${build_path_target_toolchain}/X64" stat "${build_path_fv}/OVMF_CODE.fd" stat "${build_path_fv}/OVMF_VARS.fd" + stat "${build_path_arch}/DumpTdxEventLog.efi" fi #need to leave tmp dir @@ -93,6 +94,7 @@ fi if [ "${ovmf_build}" == "tdx" ]; then install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF_CODE.fd ${install_dir} install $build_root/$ovmf_dir/"${build_path_fv}"/OVMF_VARS.fd ${install_dir} + install $build_root/$ovmf_dir/"${build_path_arch}"/DumpTdxEventLog.efi ${install_dir} fi local_dir=${PWD} diff --git a/tools/packaging/static-build/ovmf/build.sh b/tools/packaging/static-build/ovmf/build.sh index ff48a2aba2..626f433efd 100755 --- a/tools/packaging/static-build/ovmf/build.sh +++ b/tools/packaging/static-build/ovmf/build.sh @@ -28,6 +28,9 @@ if [ -z "$ovmf_repo" ]; then "sev") ovmf_repo=$(get_from_kata_deps "externals.ovmf.sev.url" "${kata_version}") ;; + "tdx") + ovmf_repo=$(get_from_kata_deps "externals.ovmf.tdx.url" "${kata_version}") + ;; *) ovmf_repo=$(get_from_kata_deps "externals.ovmf.url" "${kata_version}") ;; diff --git a/versions.yaml b/versions.yaml index b894d3f822..cc2cdde34b 100644 --- a/versions.yaml +++ b/versions.yaml @@ -305,11 +305,11 @@ externals: package: "OvmfPkg/AmdSev/AmdSevX64.dsc" package_output_dir: "AmdSev" tdx: - # yamllint disable-line rule:line-length - description: "QEMU with TDX support - based on https://github.com/intel/tdx-tools/releases/tag/2023ww01" - version: "edk2-stable202211" - package: "OvmfPkg/IntelTdx/IntelTdxX64.dsc" - package_output_dir: "IntelTdx" + url: "https://github.com/tianocore/edk2-staging" + description: "TDVF build needed for TDX measured direct boot." + version: "2022-tdvf-ww28.5" + package: "OvmfPkg/OvmfPkgX64.dsc" + package_output_dir: "OvmfX64" td-shim: description: "Confidential Containers Shim Firmware"