diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index a552aed122..3db8c76d0a 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -288,12 +288,12 @@ install_kernel_nvidia_gpu() { #Install GPU and SNP enabled kernel asset install_kernel_nvidia_gpu_snp() { - local kernel_url="$(get_from_kata_deps assets.kernel.snp.url)" + local kernel_url="$(get_from_kata_deps assets.kernel.sev.url)" install_kernel_helper \ - "assets.kernel.snp.version" \ + "assets.kernel.sev.version" \ "kernel-nvidia-gpu-snp" \ - "-x snp -g nvidia -u ${kernel_url} -H deb" + "-x sev -g nvidia -u ${kernel_url} -H deb" } #Install GPU and TDX experimental enabled kernel asset diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh index c1f89cfebe..a89040828a 100755 --- a/tools/packaging/kernel/build-kernel.sh +++ b/tools/packaging/kernel/build-kernel.sh @@ -251,25 +251,21 @@ get_kernel_frag_path() { if [[ "${gpu_vendor}" != "" ]];then info "Add kernel config for GPU due to '-g ${gpu_vendor}'" - local gpu_configs="$(ls ${gpu_path}/${gpu_vendor}.conf)" - all_configs="${all_configs} ${gpu_configs}" # If conf_guest is set we need to update the CONFIG_LOCALVERSION # to match the suffix created in install_kata # -nvidia-gpu-{snp|tdx}, the linux headers will be named the very # same if build with make deb-pkg for TDX or SNP. + local gpu_configs=$(mktemp).conf + local gpu_subst_configs="${gpu_path}/${gpu_vendor}.${arch_target}.conf.in" if [[ "${conf_guest}" != "" ]];then - local gpu_cc_configs=$(mktemp).conf - local gpu_subst_configs="$(ls ${gpu_path}/${gpu_vendor}.conf.in)" - export CONF_GUEST_SUFFIX="-${conf_guest}" - envsubst <${gpu_subst_configs} >${gpu_cc_configs} - unset CONF_GUEST_SUFFIX - - all_configs="${all_configs} ${gpu_cc_configs}" else - local gpu_configs="$(ls ${gpu_path}/${gpu_vendor}.conf)" - all_configs="${all_configs} ${gpu_configs}" + export CONF_GUEST_SUFFIX="" fi + envsubst <${gpu_subst_configs} >${gpu_configs} + unset CONF_GUEST_SUFFIX + + all_configs="${all_configs} ${gpu_configs}" fi if [ "${MEASURED_ROOTFS}" == "yes" ]; then diff --git a/tools/packaging/kernel/configs/fragments/gpu/nvidia.arm64.conf.in b/tools/packaging/kernel/configs/fragments/gpu/nvidia.arm64.conf.in new file mode 100644 index 0000000000..8cb9cf5119 --- /dev/null +++ b/tools/packaging/kernel/configs/fragments/gpu/nvidia.arm64.conf.in @@ -0,0 +1,29 @@ +# Support for loading modules. +# It is used to support loading GPU drivers. +CONFIG_MODULES=y +CONFIG_MODULE_UNLOAD=y + +# CRYPTO_FIPS requires this config when loading modules is enabled. +CONFIG_MODULE_SIG=y + +# Linux kernel version suffix +CONFIG_LOCALVERSION="-nvidia-gpu${CONF_GUEST_SUFFIX}" + +# Newer NVIDIA drivers need additional symbols +CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y +CONFIG_MEMORY_FAILURE=y + + +# VFIO/IOMMU setttings +CONFIG_MMU_NOTIFIER=y +CONFIG_IOASID=y +CONFIG_IOMMU_IO_PGTABLE=y +CONFIG_IOMMU_IO_PGTABLE_LPAE=y +CONFIG_IOMMU_SVA=y +CONFIG_ARM_SMMU_V3=y +CONFIG_ARM_SMMU_V3_SVA=y + +# CC related configs +CONFIG_CRYPTO_ECC=y +CONFIG_CRYPTO_ECDH=y +CONFIG_CRYPTO_ECDSA=y diff --git a/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf b/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf deleted file mode 100644 index 883c0f3af9..0000000000 --- a/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf +++ /dev/null @@ -1,14 +0,0 @@ -# Support mmconfig PCI config space access. -# It's used to enable the MMIO access method for PCIe devices. -CONFIG_PCI_MMCONFIG=y - -# Support for loading modules. -# It is used to support loading GPU drivers. -CONFIG_MODULES=y -CONFIG_MODULE_UNLOAD=y - -# CRYPTO_FIPS requires this config when loading modules is enabled. -CONFIG_MODULE_SIG=y - -# Linux kernel version suffix -CONFIG_LOCALVERSION="-nvidia-gpu" diff --git a/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in b/tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in similarity index 62% rename from tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in rename to tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in index 73cce61739..6ef830aab1 100644 --- a/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in +++ b/tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in @@ -12,3 +12,14 @@ CONFIG_MODULE_SIG=y # Linux kernel version suffix CONFIG_LOCALVERSION="-nvidia-gpu${CONF_GUEST_SUFFIX}" + +# Newer NVIDIA drivers need additional symbols +CONFIG_X86_MCE=y +CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y +CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y +CONFIG_MEMORY_FAILURE=y + +# CC related configs +CONFIG_CRYPTO_ECC=y +CONFIG_CRYPTO_ECDH=y +CONFIG_CRYPTO_ECDSA=y diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version index 3b20426c05..e2a9fee008 100644 --- a/tools/packaging/kernel/kata_config_version +++ b/tools/packaging/kernel/kata_config_version @@ -1 +1 @@ -108 +109