From 5f103003d616dcb771432626150dca3f9a689c1d Mon Sep 17 00:00:00 2001
From: Zvonko Kaiser <zkaiser@nvidia.com>
Date: Tue, 16 May 2023 11:20:30 +0000
Subject: [PATCH 1/4] gpu: Update kernel building to the latest changes

Use now the sev.conf rather then the snp.conf.
Devices can be prestend in two different way in the
container (1) as vfio devices /dev/vfio/<num>
(2) the device is managed by whataever driver in
the VM kernel claims it.

Fixes: #6844

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
---
 .../local-build/kata-deploy-binaries.sh       |  2 +-
 tools/packaging/kernel/build-kernel.sh        | 20 ++++++++-----------
 .../kernel/configs/fragments/gpu/nvidia.conf  | 14 -------------
 3 files changed, 9 insertions(+), 27 deletions(-)
 delete mode 100644 tools/packaging/kernel/configs/fragments/gpu/nvidia.conf

diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index a552aed122..c170cb7595 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -293,7 +293,7 @@ install_kernel_nvidia_gpu_snp() {
 	install_kernel_helper \
 		"assets.kernel.snp.version" \
 		"kernel-nvidia-gpu-snp" \
-		"-x snp -g nvidia -u ${kernel_url} -H deb"
+		"-x sev -g nvidia -u ${kernel_url} -H deb"
 }
 
 #Install GPU and TDX experimental enabled kernel asset
diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh
index c1f89cfebe..cb755b189d 100755
--- a/tools/packaging/kernel/build-kernel.sh
+++ b/tools/packaging/kernel/build-kernel.sh
@@ -241,7 +241,7 @@ get_kernel_frag_path() {
 	local redefined_string="redefined"
 	local redundant_string="redundant"
 
-	# Later, if we need to add kernel version specific subdirs in order to
+	# Later, if we need to add kernel version specifqic subdirs in order to
 	# handle specific cases, then add the path definition and search/list/cat
 	# here.
 	local all_configs="${common_configs} ${arch_configs}"
@@ -251,25 +251,21 @@ get_kernel_frag_path() {
 
 	if [[ "${gpu_vendor}" != "" ]];then
 		info "Add kernel config for GPU due to '-g ${gpu_vendor}'"
-		local gpu_configs="$(ls ${gpu_path}/${gpu_vendor}.conf)"
-		all_configs="${all_configs} ${gpu_configs}"
 		# If conf_guest is set we need to update the CONFIG_LOCALVERSION
 		# to match the suffix created in install_kata
 		# -nvidia-gpu-{snp|tdx}, the linux headers will be named the very
 		# same if build with make deb-pkg for TDX or SNP.
+		local gpu_configs=$(mktemp).conf
+		local gpu_subst_configs="$(ls ${gpu_path}/${gpu_vendor}.${arch_target}.conf.in)"
 		if [[ "${conf_guest}" != "" ]];then
-			local gpu_cc_configs=$(mktemp).conf
-			local gpu_subst_configs="$(ls ${gpu_path}/${gpu_vendor}.conf.in)"
-
 			export CONF_GUEST_SUFFIX="-${conf_guest}"
-			envsubst <${gpu_subst_configs} >${gpu_cc_configs}
-			unset CONF_GUEST_SUFFIX
-
-			all_configs="${all_configs} ${gpu_cc_configs}"
 		else
-			local gpu_configs="$(ls ${gpu_path}/${gpu_vendor}.conf)"
-			all_configs="${all_configs} ${gpu_configs}"
+			export CONF_GUEST_SUFFIX=""
 		fi
+		envsubst <${gpu_subst_configs} >${gpu_configs}
+		unset CONF_GUEST_SUFFIX
+
+		all_configs="${all_configs} ${gpu_configs}"
 	fi
 
 	if [ "${MEASURED_ROOTFS}" == "yes" ]; then
diff --git a/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf b/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf
deleted file mode 100644
index 883c0f3af9..0000000000
--- a/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# Support mmconfig PCI config space access.
-# It's used to enable the MMIO access method for PCIe devices.
-CONFIG_PCI_MMCONFIG=y
-
-# Support for loading modules.
-# It is used to support loading GPU drivers.
-CONFIG_MODULES=y
-CONFIG_MODULE_UNLOAD=y
-
-# CRYPTO_FIPS requires this config when loading modules is enabled.
-CONFIG_MODULE_SIG=y
-
-# Linux kernel version suffix
-CONFIG_LOCALVERSION="-nvidia-gpu"

From 211b0ab268566028e9d66c288ad837011a76fded Mon Sep 17 00:00:00 2001
From: Zvonko Kaiser <zkaiser@nvidia.com>
Date: Wed, 24 May 2023 09:07:20 +0000
Subject: [PATCH 2/4] gpu: Update Kernel Config

Newer drivers need more symbols so lets enable them

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
---
 tools/packaging/kernel/build-kernel.sh                     | 2 +-
 .../packaging/kernel/configs/fragments/gpu/nvidia.conf.in  | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh
index cb755b189d..9f2dfd6078 100755
--- a/tools/packaging/kernel/build-kernel.sh
+++ b/tools/packaging/kernel/build-kernel.sh
@@ -241,7 +241,7 @@ get_kernel_frag_path() {
 	local redefined_string="redefined"
 	local redundant_string="redundant"
 
-	# Later, if we need to add kernel version specifqic subdirs in order to
+	# Later, if we need to add kernel version specific subdirs in order to
 	# handle specific cases, then add the path definition and search/list/cat
 	# here.
 	local all_configs="${common_configs} ${arch_configs}"
diff --git a/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in b/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in
index 73cce61739..040d87a9d2 100644
--- a/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in
+++ b/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in
@@ -12,3 +12,10 @@ CONFIG_MODULE_SIG=y
 
 # Linux kernel version suffix
 CONFIG_LOCALVERSION="-nvidia-gpu${CONF_GUEST_SUFFIX}"
+
+# Newer NVIDIA drivers need additional symbols
+CONFIG_X86_MCE=y
+CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
+CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y
+CONFIG_MEMORY_FAILURE=y
+

From b7932be4b6f52ef4f81086b812a542a90089d2ac Mon Sep 17 00:00:00 2001
From: Zvonko Kaiser <zkaiser@nvidia.com>
Date: Wed, 24 May 2023 09:22:41 +0000
Subject: [PATCH 3/4] gpu: Add Arm64 Kernel Settings

For different archs we need diferent settings use ${ARCH} to choose
the right fragment

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
---
 .../local-build/kata-deploy-binaries.sh       |  4 ++--
 tools/packaging/kernel/build-kernel.sh        |  2 +-
 .../fragments/gpu/nvidia.arm64.conf.in        | 24 +++++++++++++++++++
 .../{nvidia.conf.in => nvidia.x86_64.conf.in} |  1 -
 4 files changed, 27 insertions(+), 4 deletions(-)
 create mode 100644 tools/packaging/kernel/configs/fragments/gpu/nvidia.arm64.conf.in
 rename tools/packaging/kernel/configs/fragments/gpu/{nvidia.conf.in => nvidia.x86_64.conf.in} (99%)

diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index c170cb7595..3db8c76d0a 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -288,10 +288,10 @@ install_kernel_nvidia_gpu() {
 
 #Install GPU and SNP enabled kernel asset
 install_kernel_nvidia_gpu_snp() {
-	local kernel_url="$(get_from_kata_deps assets.kernel.snp.url)"
+	local kernel_url="$(get_from_kata_deps assets.kernel.sev.url)"
 
 	install_kernel_helper \
-		"assets.kernel.snp.version" \
+		"assets.kernel.sev.version" \
 		"kernel-nvidia-gpu-snp" \
 		"-x sev -g nvidia -u ${kernel_url} -H deb"
 }
diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh
index 9f2dfd6078..a89040828a 100755
--- a/tools/packaging/kernel/build-kernel.sh
+++ b/tools/packaging/kernel/build-kernel.sh
@@ -256,7 +256,7 @@ get_kernel_frag_path() {
 		# -nvidia-gpu-{snp|tdx}, the linux headers will be named the very
 		# same if build with make deb-pkg for TDX or SNP.
 		local gpu_configs=$(mktemp).conf
-		local gpu_subst_configs="$(ls ${gpu_path}/${gpu_vendor}.${arch_target}.conf.in)"
+		local gpu_subst_configs="${gpu_path}/${gpu_vendor}.${arch_target}.conf.in"
 		if [[ "${conf_guest}" != "" ]];then
 			export CONF_GUEST_SUFFIX="-${conf_guest}"
 		else
diff --git a/tools/packaging/kernel/configs/fragments/gpu/nvidia.arm64.conf.in b/tools/packaging/kernel/configs/fragments/gpu/nvidia.arm64.conf.in
new file mode 100644
index 0000000000..b260cbc123
--- /dev/null
+++ b/tools/packaging/kernel/configs/fragments/gpu/nvidia.arm64.conf.in
@@ -0,0 +1,24 @@
+# Support for loading modules.
+# It is used to support loading GPU drivers.
+CONFIG_MODULES=y
+CONFIG_MODULE_UNLOAD=y
+
+# CRYPTO_FIPS requires this config when loading modules is enabled.
+CONFIG_MODULE_SIG=y
+
+# Linux kernel version suffix
+CONFIG_LOCALVERSION="-nvidia-gpu${CONF_GUEST_SUFFIX}"
+
+# Newer NVIDIA drivers need additional symbols
+CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
+CONFIG_MEMORY_FAILURE=y
+
+
+# VFIO/IOMMU setttings 
+CONFIG_MMU_NOTIFIER=y
+CONFIG_IOASID=y
+CONFIG_IOMMU_IO_PGTABLE=y
+CONFIG_IOMMU_IO_PGTABLE_LPAE=y
+CONFIG_IOMMU_SVA=y
+CONFIG_ARM_SMMU_V3=y
+CONFIG_ARM_SMMU_V3_SVA=y
diff --git a/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in b/tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in
similarity index 99%
rename from tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in
rename to tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in
index 040d87a9d2..f07c8aec80 100644
--- a/tools/packaging/kernel/configs/fragments/gpu/nvidia.conf.in
+++ b/tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in
@@ -18,4 +18,3 @@ CONFIG_X86_MCE=y
 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
 CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y
 CONFIG_MEMORY_FAILURE=y
-

From 9318e022af4b2d81c36435bd13b1f6b7dff01723 Mon Sep 17 00:00:00 2001
From: Zvonko Kaiser <zkaiser@nvidia.com>
Date: Tue, 13 Jun 2023 09:37:17 +0000
Subject: [PATCH 4/4] gpu: Add CC relates configs

For the GPU CC use case we need to set several crypto algorithms.
The driver relies on them in the CC case.

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
---
 .../kernel/configs/fragments/gpu/nvidia.arm64.conf.in        | 5 +++++
 .../kernel/configs/fragments/gpu/nvidia.x86_64.conf.in       | 5 +++++
 tools/packaging/kernel/kata_config_version                   | 2 +-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/tools/packaging/kernel/configs/fragments/gpu/nvidia.arm64.conf.in b/tools/packaging/kernel/configs/fragments/gpu/nvidia.arm64.conf.in
index b260cbc123..8cb9cf5119 100644
--- a/tools/packaging/kernel/configs/fragments/gpu/nvidia.arm64.conf.in
+++ b/tools/packaging/kernel/configs/fragments/gpu/nvidia.arm64.conf.in
@@ -22,3 +22,8 @@ CONFIG_IOMMU_IO_PGTABLE_LPAE=y
 CONFIG_IOMMU_SVA=y
 CONFIG_ARM_SMMU_V3=y
 CONFIG_ARM_SMMU_V3_SVA=y
+
+# CC related configs 
+CONFIG_CRYPTO_ECC=y
+CONFIG_CRYPTO_ECDH=y
+CONFIG_CRYPTO_ECDSA=y
diff --git a/tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in b/tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in
index f07c8aec80..6ef830aab1 100644
--- a/tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in
+++ b/tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in
@@ -18,3 +18,8 @@ CONFIG_X86_MCE=y
 CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
 CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y
 CONFIG_MEMORY_FAILURE=y
+
+# CC related configs 
+CONFIG_CRYPTO_ECC=y
+CONFIG_CRYPTO_ECDH=y
+CONFIG_CRYPTO_ECDSA=y
diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version
index 3b20426c05..e2a9fee008 100644
--- a/tools/packaging/kernel/kata_config_version
+++ b/tools/packaging/kernel/kata_config_version
@@ -1 +1 @@
-108
+109