github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2026-01-29 21:39:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #4931 from jpecholt/snp-support

Browse Source 
Added SNP-Support for Kata-Containers
This commit is contained in:
Peng Tao
2022-09-27 14:17:54 +08:00
committed by GitHub
parent 41a3bd87a5 d9e6eb11ae
commit 8a2df6b31c
23 changed files with 458 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
tools/packaging/kernel/README.md
View File

@@ -9,7 +9,8 @@ automates the process to build a kernel for Kata Containers.
The `build-kernel.sh` script requires an installed Golang version matching the
[component build requirements](../../../docs/Developer-Guide.md#requirements-to-build-individual-components).
It also requires [yq](https://github.com/mikefarah/yq) version 3.4.1
> **Hint**: `snap install yq --channel=v3/stable`
> **Hint**: `snap install yq --channel=v3/stable` \
> **or** `go install github.com/mikefarah/yq/v3@latest`
The Linux kernel scripts further require a few packages (flex, bison, and libelf-dev)
@@ -53,7 +54,7 @@ Options:
```
Example:
```
```bash
$ ./build-kernel.sh -v 5.10.25 -g nvidia -f -d setup
```
> **Note**
@@ -68,8 +69,8 @@ $ ./build-kernel.sh -v 5.10.25 -g nvidia -f -d setup
## Setup kernel source code
```bash
$ go get -d -u github.com/kata-containers/kata-containers
$ cd $GOPATH/src/github.com/kata-containers/kata-containers/tools/packaging/kernel
$ git clone github.com/kata-containers/kata-containers
$ cd kata-containers/tools/packaging/kernel
$ ./build-kernel.sh setup
```

4
tools/packaging/kernel/build-kernel.sh
View File

@@ -101,7 +101,7 @@ Options:
-t <hypervisor> : Hypervisor_target.
-u <url> : Kernel URL to be used to download the kernel tarball.
-v <version> : Kernel version to use if kernel path not provided.
-x <type> : Confidential guest protection type, such as sev and tdx
-x <type> : Confidential guest protection type, such as sev, snp and tdx
EOF
exit "$exit_code"
}
@@ -525,7 +525,7 @@ main() {
x)
conf_guest="${OPTARG}"
case "$conf_guest" in
sev|tdx) ;;
sev|snp|tdx) ;;
*) die "Confidential guest type '$conf_guest' not supported" ;;
esac
;;

10
tools/packaging/kernel/configs/fragments/x86_64/snp/snp.conf Normal file
View File

@@ -0,0 +1,10 @@
# !s390x !ppc64le !arm64
# enable sev-snp support
CONFIG_AMD_MEM_ENCRYPT=y
CONFIG_SEV_GUEST=y
CONFIG_VIRT_DRIVERS=y
# Prepare kernel for direct boot using OVMF
CONFIG_EFI=y
CONFIG_EFI_STUB=y