packaging: Allow building a TDX capable QEMU

We're adding a new target for building a TDX capable QEMU for CC. This commit, differently than b307531c29, introduces support for building the artefacts that are TEE specific. Fixes: #4623 Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2025-08-18 16:08:25 +00:00 · 2022-07-12 15:20:19 +02:00 · 2022-07-12 15:20:19 +02:00 · be165c40f9
commit be165c40f9
parent 6d9d8e0660
3 changed files with 28 additions and 1 deletions
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@ -94,6 +94,9 @@ cc-tdx-kernel-tarball:
 cc-qemu-tarball:
 	${MAKE} $@-build

+cc-tdx-qemu-tarball:
+	${MAKE} $@-build
+
 cc-rootfs-image-tarball:
 	${MAKE} $@-build

--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@ -86,6 +86,7 @@ options:
 	cc-kernel
 	cc-tdx-kernel
 	cc-qemu
+	cc-tdx-qemu
 	cc-rootfs-image
 	cc-shimv2
 	cc-virtiofsd
@ -139,6 +140,23 @@ install_cc_kernel() {
 	DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${kernel_builder}" -f -v "${kernel_version}"
 }

+install_cc_tee_qemu() {
+	tee="${1}"
+
+	[ "${tee}" != "tdx" ] && die "Non supported TEE"
+
+	export qemu_repo="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.url)"
+	export qemu_version="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.tag)"
+	export tee="${tee}"
+	"${qemu_cc_builder}"
+	tar xvf "${builddir}/kata-static-${tee}-qemu-cc.tar.gz" -C "${destdir}"
+}
+
+
+install_cc_tdx_qemu() {
+	install_cc_tee_qemu "tdx"
+}
+
 # Install static CC qemu asset
 install_cc_qemu() {
 	info "build static CC qemu"
@ -279,6 +297,8 @@ handle_build() {

 	cc-qemu) install_cc_qemu ;;

+	cc-tdx-qemu) install_cc_tdx_qemu ;;
+
 	cc-rootfs-image) install_cc_image ;;

 	cc-shim-v2) install_cc_shimv2 ;;
--- a/tools/packaging/static-build/qemu/build-static-qemu-cc.sh
+++ b/tools/packaging/static-build/qemu/build-static-qemu-cc.sh
@ -14,6 +14,7 @@ source "${script_dir}/../../scripts/lib.sh"

 qemu_repo="${qemu_repo:-}"
 qemu_version="${qemu_version:-}"
+tee="${tee:-}"

 export prefix="/opt/confidential-containers/"

@ -28,4 +29,7 @@ fi
 [ -n "$qemu_version" ] || qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu.version")
 [ -n "$qemu_version" ] || die "failed to get qemu version"

-"${script_dir}/build-base-qemu.sh" "${qemu_repo}" "${qemu_version}" "" "kata-static-qemu-cc.tar.gz"
+
+tarball_name="kata-static-qemu-cc.tar.gz"
+[ -n "${tee}" ] && tarball_name="kata-static-${tee}-qemu-cc.tar.gz"
+"${script_dir}/build-base-qemu.sh" "${qemu_repo}" "${qemu_version}" "${tee}" "${tarball_name}"