From e4b3b08871d6c2017ce0f2cad5ed9c7388b622a7 Mon Sep 17 00:00:00 2001
From: Zvonko Kaiser <zkaiser@nvidia.com>
Date: Wed, 12 Apr 2023 10:08:03 +0000
Subject: [PATCH 1/6] gpu: Add proper CONFIG_LOCALVERSION depending on TEE

If conf_guest is set we need to update the CONFIG_LOCALVERSION
to match the suffix created in install_kata
-nvidia-gpu-{snp|tdx}, the linux headers will be named the very
same if build with make deb-pkg for TDX or SNP.

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
---
 tools/packaging/kernel/build-kernel.sh | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh
index 4de27ca338..4cbaabd9cb 100755
--- a/tools/packaging/kernel/build-kernel.sh
+++ b/tools/packaging/kernel/build-kernel.sh
@@ -239,8 +239,23 @@ get_kernel_frag_path() {
 
 	if [[ "${gpu_vendor}" != "" ]];then
 		info "Add kernel config for GPU due to '-g ${gpu_vendor}'"
-		local gpu_configs="$(ls ${gpu_path}/${gpu_vendor}.conf)"
-		all_configs="${all_configs} ${gpu_configs}"
+		# If conf_guest is set we need to update the CONFIG_LOCALVERSION
+		# to match the suffix created in install_kata
+		# -nvidia-gpu-{snp|tdx}, the linux headers will be named the very
+		# same if build with make deb-pkg for TDX or SNP.
+		if [[ "${conf_guest}" != "" ]];then
+			local gpu_cc_configs=$(mktemp).conf
+			local gpu_subst_configs="$(ls ${gpu_path}/${gpu_vendor}.conf.in)"
+
+			export CONF_GUEST_SUFFIX="-${conf_guest}"
+			envsubst <${gpu_subst_configs} >${gpu_cc_configs}
+			unset CONF_GUEST_SUFFIX
+
+			all_configs="${all_configs} ${gpu_cc_configs}"
+		else
+			local gpu_configs="$(ls ${gpu_path}/${gpu_vendor}.conf)"
+			all_configs="${all_configs} ${gpu_configs}"
+		fi
 	fi
 
 	if [[ "${conf_guest}" != "" ]];then
@@ -545,7 +560,7 @@ main() {
 		if [ -n "$kernel_version" ];  then
 			kernel_major_version=$(get_major_kernel_version "${kernel_version}")
 			if [[ ${kernel_major_version} != "5.10" ]]; then
-				info "dragonball-experimental kernel patches are only tested on 5.10.x kernel now, other kernel version may cause confliction"	
+				info "dragonball-experimental kernel patches are only tested on 5.10.x kernel now, other kernel version may cause confliction"
 			fi
 		fi
 	fi

From aca6ff7289f8eae304966a320b209c545115be92 Mon Sep 17 00:00:00 2001
From: Zvonko Kaiser <zkaiser@nvidia.com>
Date: Mon, 3 Apr 2023 10:10:47 +0000
Subject: [PATCH 2/6] gpu: Build and Ship an GPU enabled Kernel

With each release make sure we ship a GPU and TEE enabled kernel

Fixes: #6553

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
---
 .../build-kata-static-tarball-amd64.yaml      |  2 +
 .github/workflows/release.yaml                |  2 +-
 .../kata-deploy/local-build/Makefile          |  8 ++++
 .../local-build/kata-deploy-binaries.sh       | 26 +++++++++++++
 tools/packaging/kernel/build-kernel.sh        | 39 +++++++++++++++++--
 tools/packaging/kernel/kata_config_version    |  2 +-
 .../packaging/static-build/kernel/Dockerfile  |  6 ++-
 tools/packaging/static-build/kernel/build.sh  |  6 +++
 8 files changed, 84 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml
index a7f3bdc197..f86c8b1252 100644
--- a/.github/workflows/build-kata-static-tarball-amd64.yaml
+++ b/.github/workflows/build-kata-static-tarball-amd64.yaml
@@ -21,6 +21,8 @@ jobs:
           - kernel
           - kernel-dragonball-experimental
           - kernel-tdx-experimental
+          - kernel-gpu-snp
+          - kernel-gpu-tdx
           - nydus
           - qemu
           - qemu-tdx-experimental
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index a642fa36fb..f9e810aadc 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -92,7 +92,7 @@ jobs:
           tarball="kata-containers-$tag-vendor.tar.gz"
           pushd $GITHUB_WORKSPACE
           bash -c "tools/packaging/release/generate_vendor.sh ${tarball}"
-          GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" 
+          GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}"
           popd
 
   upload-libseccomp-tarball:
diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile
index 2ad324b787..02c36e4173 100644
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@@ -26,6 +26,8 @@ all: serial-targets \
 	kernel-tarball \
 	kernel-dragonball-experimental-tarball \
 	kernel-tdx-experimental-tarball \
+	kernel-gpu-snp-tarball \
+	kernel-gpu-tdx-tarball \
 	nydus-tarball \
 	qemu-tarball \
 	qemu-tdx-experimental-tarball \
@@ -54,6 +56,12 @@ kernel-tarball:
 kernel-dragonball-experimental-tarball:
 	${MAKE} $@-build
 
+kernel-gpu-snp-tarball:
+	${MAKE} $@-build
+
+kernel-gpu-tdx-tarball:
+	${MAKE} $@-build
+
 kernel-experimental-tarball:
 	${MAKE} $@-build
 
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index 816c8e01e2..534b7cfd00 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -82,6 +82,8 @@ options:
 	kernel-dragonball-experimental
 	kernel-experimental
 	kernel-tdx-experimental
+	kernel-gpu-snp
+	kernel-gpu-tdx
 	nydus
 	qemu
 	qemu-tdx-experimental
@@ -213,6 +215,26 @@ install_kernel_dragonball_experimental() {
 		"-e -t dragonball"
 }
 
+#Install GPU and SNP enabled kernel asset
+install_kernel_gpu_snp() {
+	local kernel_url="$(get_from_kata_deps assets.kernel.snp.url)"
+
+	install_kernel_helper \
+		"assets.kernel.snp.version" \
+		"kernel-gpu-snp" \
+		"-x snp -g nvidia -u ${kernel_url} -H deb"
+}
+
+#Install GPU and TDX enabled kernel asset
+install_kernel_gpu_tdx() {
+	local kernel_url="$(get_from_kata_deps assets.kernel-tdx-experimental.url)"
+
+	install_kernel_helper \
+		"assets.kernel-tdx-experimental.version" \
+		"kernel-gpu-tdx" \
+		"-x tdx -g nvidia -u ${kernel_url} -H deb"
+}
+
 #Install experimental kernel asset
 install_kernel_experimental() {
 	install_kernel_helper \
@@ -448,6 +470,10 @@ handle_build() {
 
 	kernel-tdx-experimental) install_kernel_tdx_experimental ;;
 
+	kernel-gpu-snp) install_kernel_gpu_snp;;
+
+	kernel-gpu-tdx) install_kernel_gpu_tdx;;
+
 	qemu) install_qemu ;;
 
 	qemu-tdx-experimental) install_qemu_tdx_experimental ;;
diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh
index 4cbaabd9cb..2f3e0e353d 100755
--- a/tools/packaging/kernel/build-kernel.sh
+++ b/tools/packaging/kernel/build-kernel.sh
@@ -61,6 +61,8 @@ DESTDIR="${DESTDIR:-/}"
 PREFIX="${PREFIX:-/usr}"
 #Kernel URL
 kernel_url=""
+#Linux headers for GPU guest fs module building
+linux_headers=""
 
 packaging_scripts_dir="${script_dir}/../scripts"
 source "${packaging_scripts_dir}/lib.sh"
@@ -239,6 +241,8 @@ get_kernel_frag_path() {
 
 	if [[ "${gpu_vendor}" != "" ]];then
 		info "Add kernel config for GPU due to '-g ${gpu_vendor}'"
+		local gpu_configs="$(ls ${gpu_path}/${gpu_vendor}.conf)"
+		all_configs="${all_configs} ${gpu_configs}"
 		# If conf_guest is set we need to update the CONFIG_LOCALVERSION
 		# to match the suffix created in install_kata
 		# -nvidia-gpu-{snp|tdx}, the linux headers will be named the very
@@ -430,6 +434,24 @@ build_kernel() {
 	popd >>/dev/null
 }
 
+build_kernel_headers() {
+	local kernel_path=${1:-}
+	[ -n "${kernel_path}" ] || die "kernel_path not provided"
+	[ -d "${kernel_path}" ] || die "path to kernel does not exist, use ${script_name} setup"
+	[ -n "${arch_target}" ] || arch_target="$(uname -m)"
+	arch_target=$(arch_to_kernel "${arch_target}")
+	pushd "${kernel_path}" >>/dev/null
+
+	if [ "$linux_headers" == "deb" ]; then
+		make -j $(nproc ${CI:+--ignore 1}) deb-pkg ARCH="${arch_target}"
+	fi
+	if [ "$linux_headers" == "rpm" ]; then
+		make -j $(nproc ${CI:+--ignore 1}) rpm-pkg ARCH="${arch_target}"
+	fi
+
+	popd >>/dev/null
+}
+
 install_kata() {
 	local kernel_path=${1:-}
 	[ -n "${kernel_path}" ] || die "kernel_path not provided"
@@ -445,14 +467,15 @@ install_kata() {
 	if [[ ${build_type} != "" ]]; then
 		suffix="-${build_type}"
 	fi
-	if [[ ${gpu_vendor} != "" ]];then
-		suffix="-${gpu_vendor}-gpu${suffix}"
-	fi
 
 	if [[ ${conf_guest} != "" ]];then
 		suffix="-${conf_guest}${suffix}"
 	fi
 
+	if [[ ${gpu_vendor} != "" ]];then
+		suffix="-${gpu_vendor}-gpu${suffix}"
+	fi
+
 	vmlinuz="vmlinuz-${kernel_version}-${config_version}${suffix}"
 	vmlinux="vmlinux-${kernel_version}-${config_version}${suffix}"
 
@@ -487,10 +510,12 @@ install_kata() {
 	ls -la "${install_path}/vmlinux${suffix}.container"
 	ls -la "${install_path}/vmlinuz${suffix}.container"
 	popd >>/dev/null
+
+	set +x
 }
 
 main() {
-	while getopts "a:b:c:deEfg:hk:p:t:u:v:x:" opt; do
+	while getopts "a:b:c:deEfg:hH:k:p:t:u:v:x:" opt; do
 		case "$opt" in
 			a)
 				arch_target="${OPTARG}"
@@ -521,6 +546,9 @@ main() {
 			h)
 				usage 0
 				;;
+			H)
+				linux_headers="${OPTARG}"
+				;;
 			k)
 				kernel_path="$(realpath ${OPTARG})"
 				;;
@@ -609,6 +637,9 @@ main() {
 		build)
 			build_kernel "${kernel_path}"
 			;;
+		build-headers)
+			build_kernel_headers "${kernel_path}"
+			;;
 		install)
 			install_kata "${kernel_path}"
 			;;
diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version
index b16e5f75e3..f96ac06721 100644
--- a/tools/packaging/kernel/kata_config_version
+++ b/tools/packaging/kernel/kata_config_version
@@ -1 +1 @@
-104
+105
diff --git a/tools/packaging/static-build/kernel/Dockerfile b/tools/packaging/static-build/kernel/Dockerfile
index 4ccf2c0df5..b4c2329722 100644
--- a/tools/packaging/static-build/kernel/Dockerfile
+++ b/tools/packaging/static-build/kernel/Dockerfile
@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 ENV DEBIAN_FRONTEND=noninteractive
 
 # kernel deps
@@ -18,6 +18,10 @@ RUN apt-get update && \
 	    iptables \
 	    kmod \
 	    libelf-dev \
+	    libssl-dev \
+	    gettext \
+	    rsync \
+	    cpio \
 	    patch && \
     if [ "$(uname -m)" = "s390x" ]; then apt-get install -y --no-install-recommends libssl-dev; fi && \
     apt-get clean && rm -rf /var/lib/lists/
diff --git a/tools/packaging/static-build/kernel/build.sh b/tools/packaging/static-build/kernel/build.sh
index d9f6ccd90e..091f76cefa 100755
--- a/tools/packaging/static-build/kernel/build.sh
+++ b/tools/packaging/static-build/kernel/build.sh
@@ -38,3 +38,9 @@ sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	--env DESTDIR="${DESTDIR}" --env PREFIX="${PREFIX}" \
 	"${container_image}" \
 	bash -c "${kernel_builder} $* install"
+
+sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+	-w "${PWD}" \
+	--env DESTDIR="${DESTDIR}" --env PREFIX="${PREFIX}" \
+	"${container_image}" \
+	bash -c "${kernel_builder} $* build-headers"

From 87ea43cd4e38552222b5e387e3e1297a0596651d Mon Sep 17 00:00:00 2001
From: Zvonko Kaiser <zkaiser@nvidia.com>
Date: Fri, 14 Apr 2023 07:46:52 +0000
Subject: [PATCH 3/6] gpu: Add configuration fragment

Adding configuration fragment for the kernel,
depending on the TEE kernel update the LOCALVERSION

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
---
 .../kernel/configs/fragments/gpu/nvidia.conf.in    | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in

diff --git a/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in b/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in
new file mode 100644
index 0000000000..73cce61739
--- /dev/null
+++ b/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in
@@ -0,0 +1,14 @@
+# Support mmconfig PCI config space access.
+# It's used to enable the MMIO access method for PCIe devices.
+CONFIG_PCI_MMCONFIG=y
+
+# Support for loading modules.
+# It is used to support loading GPU drivers.
+CONFIG_MODULES=y
+CONFIG_MODULE_UNLOAD=y
+
+# CRYPTO_FIPS requires this config when loading modules is enabled.
+CONFIG_MODULE_SIG=y
+
+# Linux kernel version suffix
+CONFIG_LOCALVERSION="-nvidia-gpu${CONF_GUEST_SUFFIX}"

From e4ee07f7d45f657acb19508abbdd019a418792c3 Mon Sep 17 00:00:00 2001
From: Zvonko Kaiser <zkaiser@nvidia.com>
Date: Mon, 17 Apr 2023 09:26:54 +0000
Subject: [PATCH 4/6] gpu: Add GPU TDX experimental kernel

With each release make sure we ship a GPU and TEE enabled kernel
This adds tdx-experimental kernel support

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
---
 .github/workflows/build-kata-static-tarball-amd64.yaml   | 2 +-
 .github/workflows/release.yaml                           | 2 +-
 tools/packaging/kata-deploy/local-build/Makefile         | 6 +++---
 .../kata-deploy/local-build/kata-deploy-binaries.sh      | 9 +++++----
 tools/packaging/kernel/build-kernel.sh                   | 4 +---
 5 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml
index f86c8b1252..47d2640609 100644
--- a/.github/workflows/build-kata-static-tarball-amd64.yaml
+++ b/.github/workflows/build-kata-static-tarball-amd64.yaml
@@ -22,7 +22,7 @@ jobs:
           - kernel-dragonball-experimental
           - kernel-tdx-experimental
           - kernel-gpu-snp
-          - kernel-gpu-tdx
+          - kernel-gpu-tdx-experimental
           - nydus
           - qemu
           - qemu-tdx-experimental
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index f9e810aadc..f31261d51d 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -78,7 +78,7 @@ jobs:
           mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}"
           pushd $GITHUB_WORKSPACE
           echo "uploading asset '${tarball}' for tag: ${tag}"
-          GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}"
+          GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" 
           popd
 
   upload-cargo-vendored-tarball:
diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile
index 02c36e4173..8451ae7ce6 100644
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@@ -27,7 +27,7 @@ all: serial-targets \
 	kernel-dragonball-experimental-tarball \
 	kernel-tdx-experimental-tarball \
 	kernel-gpu-snp-tarball \
-	kernel-gpu-tdx-tarball \
+	kernel-gpu-tdx-experimental-tarball \
 	nydus-tarball \
 	qemu-tarball \
 	qemu-tdx-experimental-tarball \
@@ -59,8 +59,8 @@ kernel-dragonball-experimental-tarball:
 kernel-gpu-snp-tarball:
 	${MAKE} $@-build
 
-kernel-gpu-tdx-tarball:
-	${MAKE} $@-build
+kernel-gpu-tdx-experimental-tarball:
+	${MAKE} $@-build	
 
 kernel-experimental-tarball:
 	${MAKE} $@-build
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index 534b7cfd00..350a7d6ae6 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -82,8 +82,9 @@ options:
 	kernel-dragonball-experimental
 	kernel-experimental
 	kernel-tdx-experimental
+	kernel-gpu
 	kernel-gpu-snp
-	kernel-gpu-tdx
+	kernel-gpu-tdx-experimental
 	nydus
 	qemu
 	qemu-tdx-experimental
@@ -225,8 +226,8 @@ install_kernel_gpu_snp() {
 		"-x snp -g nvidia -u ${kernel_url} -H deb"
 }
 
-#Install GPU and TDX enabled kernel asset
-install_kernel_gpu_tdx() {
+#Install GPU and TDX experimental enabled kernel asset
+install_kernel_gpu_tdx_experimental() {
 	local kernel_url="$(get_from_kata_deps assets.kernel-tdx-experimental.url)"
 
 	install_kernel_helper \
@@ -472,7 +473,7 @@ handle_build() {
 
 	kernel-gpu-snp) install_kernel_gpu_snp;;
 
-	kernel-gpu-tdx) install_kernel_gpu_tdx;;
+	kernel-gpu-tdx-experimental) install_kernel_gpu_tdx_experimental;;
 
 	qemu) install_qemu ;;
 
diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh
index 2f3e0e353d..67c4c8f5c7 100755
--- a/tools/packaging/kernel/build-kernel.sh
+++ b/tools/packaging/kernel/build-kernel.sh
@@ -510,8 +510,6 @@ install_kata() {
 	ls -la "${install_path}/vmlinux${suffix}.container"
 	ls -la "${install_path}/vmlinuz${suffix}.container"
 	popd >>/dev/null
-
-	set +x
 }
 
 main() {
@@ -588,7 +586,7 @@ main() {
 		if [ -n "$kernel_version" ];  then
 			kernel_major_version=$(get_major_kernel_version "${kernel_version}")
 			if [[ ${kernel_major_version} != "5.10" ]]; then
-				info "dragonball-experimental kernel patches are only tested on 5.10.x kernel now, other kernel version may cause confliction"
+				info "dragonball-experimental kernel patches are only tested on 5.10.x kernel now, other kernel version may cause confliction"	
 			fi
 		fi
 	fi

From 825e769483abd6621ec717e02551e1964d034f8d Mon Sep 17 00:00:00 2001
From: Zvonko Kaiser <zkaiser@nvidia.com>
Date: Mon, 17 Apr 2023 09:48:00 +0000
Subject: [PATCH 5/6] gpu: Add GPU support to default kernel without any TEE

With each release make sure we ship a GPU enabled kernel

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
---
 .../workflows/build-kata-static-tarball-amd64.yaml  |  1 +
 tools/packaging/kata-deploy/local-build/Makefile    |  4 ++++
 .../kata-deploy/local-build/kata-deploy-binaries.sh | 13 +++++++++++++
 3 files changed, 18 insertions(+)

diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml
index 47d2640609..5942a5d79b 100644
--- a/.github/workflows/build-kata-static-tarball-amd64.yaml
+++ b/.github/workflows/build-kata-static-tarball-amd64.yaml
@@ -21,6 +21,7 @@ jobs:
           - kernel
           - kernel-dragonball-experimental
           - kernel-tdx-experimental
+          - kernel-gpu
           - kernel-gpu-snp
           - kernel-gpu-tdx-experimental
           - nydus
diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile
index 8451ae7ce6..82356f1fa4 100644
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@@ -26,6 +26,7 @@ all: serial-targets \
 	kernel-tarball \
 	kernel-dragonball-experimental-tarball \
 	kernel-tdx-experimental-tarball \
+	kernel-gpu \
 	kernel-gpu-snp-tarball \
 	kernel-gpu-tdx-experimental-tarball \
 	nydus-tarball \
@@ -56,6 +57,9 @@ kernel-tarball:
 kernel-dragonball-experimental-tarball:
 	${MAKE} $@-build
 
+kernel-gpu-tarball:
+	${MAKE} $@-build
+
 kernel-gpu-snp-tarball:
 	${MAKE} $@-build
 
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index 350a7d6ae6..55fcc0624f 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -81,6 +81,7 @@ options:
 	kernel
 	kernel-dragonball-experimental
 	kernel-experimental
+	kernel-gpu
 	kernel-tdx-experimental
 	kernel-gpu
 	kernel-gpu-snp
@@ -216,6 +217,16 @@ install_kernel_dragonball_experimental() {
 		"-e -t dragonball"
 }
 
+#Install GPU enabled kernel asset
+install_kernel_gpu() {
+	local kernel_url="$(get_from_kata_deps assets.kernel.url)"
+
+	install_kernel_helper \
+		"assets.kernel.version" \
+		"kernel-gpu" \
+		"-g nvidia -u ${kernel_url} -H deb"
+}
+
 #Install GPU and SNP enabled kernel asset
 install_kernel_gpu_snp() {
 	local kernel_url="$(get_from_kata_deps assets.kernel.snp.url)"
@@ -471,6 +482,8 @@ handle_build() {
 
 	kernel-tdx-experimental) install_kernel_tdx_experimental ;;
 
+	kernel-gpu) install_kernel_gpu ;;
+
 	kernel-gpu-snp) install_kernel_gpu_snp;;
 
 	kernel-gpu-tdx-experimental) install_kernel_gpu_tdx_experimental;;

From b1730e4a67c4c635820079268fd84cc5f37bd378 Mon Sep 17 00:00:00 2001
From: Zvonko Kaiser <zkaiser@nvidia.com>
Date: Mon, 17 Apr 2023 09:49:00 +0000
Subject: [PATCH 6/6] gpu: Add new kernel build option to usage()

With each release make sure we ship a GPU  enabled kernel

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
---
 .github/workflows/release.yaml                                | 4 ++--
 .../packaging/kata-deploy/local-build/kata-deploy-binaries.sh | 1 -
 tools/packaging/kernel/README.md                              | 1 +
 tools/packaging/kernel/build-kernel.sh                        | 1 +
 tools/packaging/static-build/kernel/Dockerfile                | 3 +--
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index f31261d51d..a642fa36fb 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -78,7 +78,7 @@ jobs:
           mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}"
           pushd $GITHUB_WORKSPACE
           echo "uploading asset '${tarball}' for tag: ${tag}"
-          GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" 
+          GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}"
           popd
 
   upload-cargo-vendored-tarball:
@@ -92,7 +92,7 @@ jobs:
           tarball="kata-containers-$tag-vendor.tar.gz"
           pushd $GITHUB_WORKSPACE
           bash -c "tools/packaging/release/generate_vendor.sh ${tarball}"
-          GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}"
+          GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" 
           popd
 
   upload-libseccomp-tarball:
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index 55fcc0624f..902b067c94 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -81,7 +81,6 @@ options:
 	kernel
 	kernel-dragonball-experimental
 	kernel-experimental
-	kernel-gpu
 	kernel-tdx-experimental
 	kernel-gpu
 	kernel-gpu-snp
diff --git a/tools/packaging/kernel/README.md b/tools/packaging/kernel/README.md
index ce4ea30c40..d9b78480a2 100644
--- a/tools/packaging/kernel/README.md
+++ b/tools/packaging/kernel/README.md
@@ -47,6 +47,7 @@ Options:
 	-f          	: Enable force generate config when setup.
 	-g <vendor> 	: GPU vendor, intel or nvidia.
 	-h          	: Display this help.
+  -H <deb|rpm>  : Linux headers for guest fs module building.
 	-k <path>   	: Path to kernel to build.
 	-p <path>   	: Path to a directory with patches to apply to kernel, only patches in top-level directory are applied.
 	-t <hypervisor>	: Hypervisor_target.
diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh
index 67c4c8f5c7..88fb61c18b 100755
--- a/tools/packaging/kernel/build-kernel.sh
+++ b/tools/packaging/kernel/build-kernel.sh
@@ -97,6 +97,7 @@ Options:
 	-f          	: Enable force generate config when setup.
 	-g <vendor> 	: GPU vendor, intel or nvidia.
 	-h          	: Display this help.
+	-H <deb|rpm>	: Linux headers for guest fs module building.
 	-k <path>   	: Path to kernel to build.
 	-p <path>   	: Path to a directory with patches to apply to kernel.
 	-s          	: Skip .config checks
diff --git a/tools/packaging/static-build/kernel/Dockerfile b/tools/packaging/static-build/kernel/Dockerfile
index b4c2329722..183f8a47e2 100644
--- a/tools/packaging/static-build/kernel/Dockerfile
+++ b/tools/packaging/static-build/kernel/Dockerfile
@@ -23,5 +23,4 @@ RUN apt-get update && \
 	    rsync \
 	    cpio \
 	    patch && \
-    if [ "$(uname -m)" = "s390x" ]; then apt-get install -y --no-install-recommends libssl-dev; fi && \
-    apt-get clean && rm -rf /var/lib/lists/
+    apt-get clean && apt-get autoclean