packaging: add support to build initrd for sev

We need special initrd for SEV. The work on SEV initrd is based on Ubuntu. Thus, adding another entry in versions.yaml This binary will have '-sev' suffix to distinguish it from the generic binary. Fixes: #6572 Signed-Off-By: Unmesh Deodhar <udeodhar@amd.com>
2025-04-30 20:54:26 +00:00 · 2023-04-17 23:19:25 +00:00 · 2023-04-17 23:19:25 +00:00 · b87820ee8c
commit b87820ee8c
parent b0e6a094be
4 changed files with 30 additions and 37 deletions
--- a/tools/packaging/guest-image/build_image.sh
+++ b/tools/packaging/guest-image/build_image.sh
@ -22,6 +22,8 @@ readonly osbuilder_dir="$(cd "${repo_root_dir}/tools/osbuilder" && pwd)"
 export GOPATH=${GOPATH:-${HOME}/go}

 arch_target="$(uname -m)"
+final_initrd_name="kata-containers-initrd"
+image_initrd_extension=".img"

 build_initrd() {
 	info "Build initrd"
@ -37,7 +39,7 @@ build_initrd() {
 	mv "kata-containers-initrd.img" "${install_dir}/${initrd_name}"
 	(
 		cd "${install_dir}"
-		ln -sf "${initrd_name}" kata-containers-initrd.img
+		ln -sf "${initrd_name}" "${final_initrd_name}${image_initrd_extension}"
 	)
 }

@ -71,6 +73,7 @@ Options:
 --imagetype=${image_type}
 --prefix=${prefix}
 --destdir=${destdir}
+ --image_initrd_suffix=${image_initrd_suffix}
 EOF

 	exit "${return_code}"
@ -80,6 +83,7 @@ main() {
 	image_type=image
 	destdir="$PWD"
 	prefix="/opt/kata"
+	image_initrd_suffix=""
 	builddir="${PWD}"
 	while getopts "h-:" opt; do
 		case "$opt" in
@ -99,6 +103,15 @@ main() {
 				initrd_os_version=$(get_from_kata_deps "assets.initrd.architecture.${arch_target}.version")
 				initrd_name="kata-${initrd_distro}-${initrd_os_version}.${image_type}"
 				;;
+			image_initrd_suffix=*)
+				image_initrd_suffix=${OPTARG#*=}
+				if [ "${image_initrd_suffix}" == "sev" ]; then
+					initrd_distro=$(get_from_kata_deps "assets.initrd.architecture.${arch_target}.sev.name")
+					initrd_os_version=$(get_from_kata_deps "assets.initrd.architecture.${arch_target}.sev.version")
+					initrd_name="kata-${initrd_distro}-${initrd_os_version}-${image_initrd_suffix}.${image_type}"
+					final_initrd_name="${final_initrd_name}-${image_initrd_suffix}"
+				fi
+				;;
 			prefix=*)
 				prefix=${OPTARG#*=}
 				;;
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@ -39,6 +39,7 @@ all: serial-targets \
 serial-targets:
 	${MAKE} -f $(MK_PATH) -j 1 V= \
 	rootfs-image-tarball \
+	rootfs-initrd-sev-tarball \
 	rootfs-initrd-tarball \
 	cloud-hypervisor-tarball

@ -87,6 +88,9 @@ qemu-tdx-experimental-tarball:
 rootfs-image-tarball:
 	${MAKE} $@-build

+rootfs-initrd-sev-tarball: kernel-sev-tarball
+	${MAKE} $@-build
+
 rootfs-initrd-tarball:
 	${MAKE} $@-build

--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@ -91,6 +91,7 @@ options:
 	qemu-tdx-experimental
 	rootfs-image
 	rootfs-initrd
+	rootfs-initrd-sev
 	shim-v2
 	tdvf
 	virtiofsd
@ -155,8 +156,10 @@ install_image() {

 #Install guest initrd
 install_initrd() {
-	local jenkins="${jenkins_url}/job/kata-containers-main-rootfs-initrd-$(uname -m)/${cached_artifacts_path}"
-	local component="rootfs-initrd"
+	local initrd_type="${1:-""}"
+	local initrd_suffix="${2:-""}"
+	local jenkins="${jenkins_url}/job/kata-containers-main-rootfs-${initrd_type}-$(uname -m)/${cached_artifacts_path}"
+	local component="rootfs-${initrd_type}"

 	local osbuilder_last_commit="$(get_last_modification "${repo_root_dir}/tools/osbuilder")"
 	local guest_image_last_commit="$(get_last_modification "${repo_root_dir}/tools/packaging/guest-image")"
@ -169,7 +172,7 @@ install_initrd() {
 	install_cached_tarball_component \
 		"${component}" \
 		"${jenkins}" \
-		"${osbuilder_last_commit}-${guest_image_last_commit}-${agent_last_commit}-${libs_last_commit}-${gperf_version}-${libseccomp_version}-${rust_version}-initrd" \
+		"${osbuilder_last_commit}-${guest_image_last_commit}-${agent_last_commit}-${libs_last_commit}-${gperf_version}-${libseccomp_version}-${rust_version}-${initrd_type}" \
 		"" \
 		"${final_tarball_name}" \
 		"${final_tarball_path}" \
@ -184,39 +187,6 @@ install_initrd_sev() {
 	install_initrd "initrd-sev" "sev"
 }

-#Install kernel component helper
-install_cached_kernel_tarball_component() {
-	local kernel_name=${1}
-
-	install_cached_tarball_component \
-		"${kernel_name}" \
-		"${jenkins_url}/job/kata-containers-main-${kernel_name}-$(uname -m)/${cached_artifacts_path}" \
-		"${kernel_version}-${kernel_kata_config_version}" \
-		"$(get_kernel_image_name)" \
-		"${final_tarball_name}" \
-		"${final_tarball_path}" \
-		|| return 1
-	
-	if [[ "${kernel_name}" != "kernel-sev" ]]; then
-		return 0
-	fi
-
-	# SEV specific code path
-	install_cached_tarball_component \
-		"${kernel_name}" \
-		"${jenkins_url}/job/kata-containers-main-${kernel_name}-$(uname -m)/${cached_artifacts_path}" \
-		"${kernel_version}-${kernel_kata_config_version}" \
-		"$(get_kernel_image_name)" \
-		"kata-static-kernel-sev-modules.tar.xz" \
-		"${workdir}/kata-static-kernel-sev-modules.tar.xz" \
-		|| return 1
-
-	mkdir -p "${module_dir}"
-	tar xvf "${workdir}/kata-static-kernel-sev-modules.tar.xz" -C  "${module_dir}" && return 0
-
-	return 1
-}
-
 #Install kernel asset
 install_kernel_helper() {
 	local kernel_version_yaml_path="${1}"
@ -504,6 +474,7 @@ handle_build() {
 		install_firecracker
 		install_image
 		install_initrd
+		install_initrd_sev
 		install_kernel
 		install_kernel_dragonball_experimental
 		install_kernel_tdx_experimental
@ -545,6 +516,8 @@ handle_build() {

 	rootfs-initrd) install_initrd ;;

+	rootfs-initrd-sev) install_initrd_sev ;;
+	
 	shim-v2) install_shimv2 ;;

 	tdvf) install_tdvf ;;
--- a/versions.yaml
+++ b/versions.yaml
@ -156,6 +156,9 @@ assets:
      x86_64:
        name: *default-initrd-name
        version: *default-initrd-version
+        sev:
+          name: *glibc-initrd-name
+          version: *glibc-initrd-version

  kernel:
    description: "Linux kernel optimised for virtual machines"