github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-10-22 20:39:41 +00:00
Code Issues Projects Releases Wiki Activity

kata-deploy: support build confidential rootfs and initrd for CCA

Browse Source 
Also add cca-attester for coco-guest-component

Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
Co-authored-by: Seunguk Shin <seunguk.shin@arm.com>
This commit is contained in:
Seunguk Shin
2024-11-21 09:43:16 +00:00
committed by Kevin Zhao
parent 40dac78412
commit c7d5f207f1
4 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tools/packaging/kata-deploy/local-build/Makefile
View File

@@ -57,6 +57,8 @@ BASE_TARBALLS = serial-targets \
shim-v2-tarball \ shim-v2-tarball \
virtiofsd-tarball virtiofsd-tarball
BASE_SERIAL_TARBALLS = rootfs-image-tarball \ BASE_SERIAL_TARBALLS = rootfs-image-tarball \
rootfs-cca-confidential-image-tarball \
rootfs-cca-confidential-initrd-tarball \
rootfs-initrd-tarball rootfs-initrd-tarball
endif endif
@@ -200,6 +202,12 @@ rootfs-image-nvidia-gpu-confidential-tarball: agent-tarball busybox-tarball paus
rootfs-initrd-nvidia-gpu-confidential-tarball: agent-tarball busybox-tarball pause-image-tarball coco-guest-components-tarball kernel-nvidia-gpu-confidential-tarball rootfs-initrd-nvidia-gpu-confidential-tarball: agent-tarball busybox-tarball pause-image-tarball coco-guest-components-tarball kernel-nvidia-gpu-confidential-tarball
${MAKE} $@-build ${MAKE} $@-build
rootfs-cca-confidential-image-tarball: agent-tarball pause-image-tarball coco-guest-components-tarball kernel-cca-confidential-tarball
${MAKE} $@-build
rootfs-cca-confidential-initrd-tarball: agent-tarball pause-image-tarball coco-guest-components-tarball kernel-cca-confidential-tarball
${MAKE} $@-build
shim-v2-tarball: shim-v2-tarball:
${MAKE} $@-build ${MAKE} $@-build

4
tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
View File

@@ -1335,6 +1335,10 @@ handle_build() {
rootfs-initrd-nvidia-gpu-confidential) install_initrd_nvidia_gpu_confidential ;; rootfs-initrd-nvidia-gpu-confidential) install_initrd_nvidia_gpu_confidential ;;
rootfs-cca-confidential-image) install_image_confidential ;;
rootfs-cca-confidential-initrd) install_initrd_confidential ;;
runk) install_runk ;; runk) install_runk ;;
shim-v2) install_shimv2 ;; shim-v2) install_shimv2 ;;

1
tools/packaging/static-build/coco-guest-components/build.sh
View File

@@ -46,6 +46,7 @@ RESOURCE_PROVIDER="kbs,sev"
case "$(uname -m)" in case "$(uname -m)" in
x86_64) ATTESTER="snp-attester,tdx-attester,nvidia-attester" ;; x86_64) ATTESTER="snp-attester,tdx-attester,nvidia-attester" ;;
s390x) ATTESTER="se-attester" ;; s390x) ATTESTER="se-attester" ;;
aarch64) ATTESTER="cca-attester" ;;
*) ATTESTER="none" ;; *) ATTESTER="none" ;;
esac esac

6
versions.yaml
View File

@@ -123,6 +123,9 @@ assets:
aarch64: aarch64:
name: "ubuntu" name: "ubuntu"
version: "noble" # 24.04 LTS version: "noble" # 24.04 LTS
confidential:
name: "ubuntu"
version: "noble" # 24.04 LTS
nvidia-gpu: nvidia-gpu:
name: "ubuntu" name: "ubuntu"
version: "noble" # 24.04 LTS version: "noble" # 24.04 LTS
@@ -163,6 +166,9 @@ assets:
aarch64: aarch64:
name: "alpine" name: "alpine"
version: "3.22" version: "3.22"
confidential:
name: "ubuntu"
version: "noble" # 24.04 LTS
nvidia-gpu: nvidia-gpu:
name: "ubuntu" name: "ubuntu"
version: "noble" # 24.04 LTS version: "noble" # 24.04 LTS