kata-deploy: support build confidential rootfs and initrd for CCA

Also add cca-attester for coco-guest-component

Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
Co-authored-by: Seunguk Shin <seunguk.shin@arm.com>
This commit is contained in:
Seunguk Shin
2024-11-21 09:43:16 +00:00
committed by Kevin Zhao
parent 40dac78412
commit c7d5f207f1
4 changed files with 19 additions and 0 deletions

View File

@@ -57,6 +57,8 @@ BASE_TARBALLS = serial-targets \
shim-v2-tarball \
virtiofsd-tarball
BASE_SERIAL_TARBALLS = rootfs-image-tarball \
rootfs-cca-confidential-image-tarball \
rootfs-cca-confidential-initrd-tarball \
rootfs-initrd-tarball
endif
@@ -200,6 +202,12 @@ rootfs-image-nvidia-gpu-confidential-tarball: agent-tarball busybox-tarball paus
rootfs-initrd-nvidia-gpu-confidential-tarball: agent-tarball busybox-tarball pause-image-tarball coco-guest-components-tarball kernel-nvidia-gpu-confidential-tarball
${MAKE} $@-build
rootfs-cca-confidential-image-tarball: agent-tarball pause-image-tarball coco-guest-components-tarball kernel-cca-confidential-tarball
${MAKE} $@-build
rootfs-cca-confidential-initrd-tarball: agent-tarball pause-image-tarball coco-guest-components-tarball kernel-cca-confidential-tarball
${MAKE} $@-build
shim-v2-tarball:
${MAKE} $@-build

View File

@@ -1335,6 +1335,10 @@ handle_build() {
rootfs-initrd-nvidia-gpu-confidential) install_initrd_nvidia_gpu_confidential ;;
rootfs-cca-confidential-image) install_image_confidential ;;
rootfs-cca-confidential-initrd) install_initrd_confidential ;;
runk) install_runk ;;
shim-v2) install_shimv2 ;;

View File

@@ -46,6 +46,7 @@ RESOURCE_PROVIDER="kbs,sev"
case "$(uname -m)" in
x86_64) ATTESTER="snp-attester,tdx-attester,nvidia-attester" ;;
s390x) ATTESTER="se-attester" ;;
aarch64) ATTESTER="cca-attester" ;;
*) ATTESTER="none" ;;
esac

View File

@@ -123,6 +123,9 @@ assets:
aarch64:
name: "ubuntu"
version: "noble" # 24.04 LTS
confidential:
name: "ubuntu"
version: "noble" # 24.04 LTS
nvidia-gpu:
name: "ubuntu"
version: "noble" # 24.04 LTS
@@ -163,6 +166,9 @@ assets:
aarch64:
name: "alpine"
version: "3.22"
confidential:
name: "ubuntu"
version: "noble" # 24.04 LTS
nvidia-gpu:
name: "ubuntu"
version: "noble" # 24.04 LTS