From be165c40f9eda954b20e74d15cccb49977c573b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Tue, 12 Jul 2022 15:20:19 +0200
Subject: [PATCH] packaging: Allow building a TDX capable QEMU
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We're adding a new target for building a TDX capable QEMU for CC.
This commit, differently than b307531c29d951c18f993c41ff344721f6e42b89,
introduces support for building the artefacts that are TEE specific.

Fixes: #4623

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 .../kata-deploy/local-build/Makefile          |  3 +++
 .../local-build/kata-deploy-binaries.sh       | 20 +++++++++++++++++++
 .../static-build/qemu/build-static-qemu-cc.sh |  6 +++++-
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile
index a1c93b6e94..48bac20929 100644
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@@ -94,6 +94,9 @@ cc-tdx-kernel-tarball:
 cc-qemu-tarball:
 	${MAKE} $@-build
 
+cc-tdx-qemu-tarball:
+	${MAKE} $@-build
+
 cc-rootfs-image-tarball:
 	${MAKE} $@-build
 
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index e7e7dfb4bc..e1c6afcf81 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -86,6 +86,7 @@ options:
 	cc-kernel
 	cc-tdx-kernel
 	cc-qemu
+	cc-tdx-qemu
 	cc-rootfs-image
 	cc-shimv2
 	cc-virtiofsd
@@ -139,6 +140,23 @@ install_cc_kernel() {
 	DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${kernel_builder}" -f -v "${kernel_version}"
 }
 
+install_cc_tee_qemu() {
+	tee="${1}"
+
+	[ "${tee}" != "tdx" ] && die "Non supported TEE"
+
+	export qemu_repo="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.url)"
+	export qemu_version="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.tag)"
+	export tee="${tee}"
+	"${qemu_cc_builder}"
+	tar xvf "${builddir}/kata-static-${tee}-qemu-cc.tar.gz" -C "${destdir}"
+}
+
+
+install_cc_tdx_qemu() {
+	install_cc_tee_qemu "tdx"
+}
+
 # Install static CC qemu asset
 install_cc_qemu() {
 	info "build static CC qemu"
@@ -279,6 +297,8 @@ handle_build() {
 
 	cc-qemu) install_cc_qemu ;;
 
+	cc-tdx-qemu) install_cc_tdx_qemu ;;
+
 	cc-rootfs-image) install_cc_image ;;
 
 	cc-shim-v2) install_cc_shimv2 ;;
diff --git a/tools/packaging/static-build/qemu/build-static-qemu-cc.sh b/tools/packaging/static-build/qemu/build-static-qemu-cc.sh
index 44a4056d32..4368202a7f 100755
--- a/tools/packaging/static-build/qemu/build-static-qemu-cc.sh
+++ b/tools/packaging/static-build/qemu/build-static-qemu-cc.sh
@@ -14,6 +14,7 @@ source "${script_dir}/../../scripts/lib.sh"
 
 qemu_repo="${qemu_repo:-}"
 qemu_version="${qemu_version:-}"
+tee="${tee:-}"
 
 export prefix="/opt/confidential-containers/"
 
@@ -28,4 +29,7 @@ fi
 [ -n "$qemu_version" ] || qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu.version")
 [ -n "$qemu_version" ] || die "failed to get qemu version"
 
-"${script_dir}/build-base-qemu.sh" "${qemu_repo}" "${qemu_version}" "" "kata-static-qemu-cc.tar.gz"
+
+tarball_name="kata-static-qemu-cc.tar.gz"
+[ -n "${tee}" ] && tarball_name="kata-static-${tee}-qemu-cc.tar.gz"
+"${script_dir}/build-base-qemu.sh" "${qemu_repo}" "${qemu_version}" "${tee}" "${tarball_name}"