diff --git a/src/runtime/Makefile b/src/runtime/Makefile index ce100e88fc..a50f6d719f 100644 --- a/src/runtime/Makefile +++ b/src/runtime/Makefile @@ -166,6 +166,9 @@ HYPERVISORS := $(HYPERVISOR_ACRN) $(HYPERVISOR_FC) $(HYPERVISOR_QEMU) $(HYPERVIS QEMUPATH := $(QEMUBINDIR)/$(QEMUCMD) QEMUVALIDHYPERVISORPATHS := [\"$(QEMUPATH)\"] +QEMUSNPPATH := $(QEMUBINDIR)/$(QEMUSNPCMD) +QEMUSNPVALIDHYPERVISORPATHS := [\"$(QEMUSNPPATH)\"] + QEMUTDXPATH := $(QEMUBINDIR)/$(QEMUTDXCMD) QEMUTDXVALIDHYPERVISORPATHS := [\"$(QEMUTDXPATH)\"] @@ -590,6 +593,8 @@ USER_VARS += QEMUPATH USER_VARS += QEMUVALIDHYPERVISORPATHS USER_VARS += QEMUVIRTIOFSCMD USER_VARS += QEMUVIRTIOFSPATH +USER_VARS += QEMUSNPPATH +USER_VARS += QEMUSNPVALIDHYPERVISORPATHS USER_VARS += QEMUTDXPATH USER_VARS += QEMUTDXVALIDHYPERVISORPATHS USER_VARS += RUNTIME_NAME diff --git a/src/runtime/arch/amd64-options.mk b/src/runtime/arch/amd64-options.mk index 70adbc0ed8..ca6ea0bf84 100644 --- a/src/runtime/arch/amd64-options.mk +++ b/src/runtime/arch/amd64-options.mk @@ -13,6 +13,7 @@ TDXCPUFEATURES := -vmx-rdseed-exit,pmu=off QEMUCMD := qemu-system-x86_64 QEMUTDXCMD := qemu-system-x86_64-tdx +QEMUSNPCMD := qemu-system-x86_64-snp # Firecracker binary name FCCMD := firecracker diff --git a/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh b/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh index 5bdf079b3a..507980c2d2 100755 --- a/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh +++ b/tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh @@ -19,6 +19,7 @@ shims=( "qemu-tdx" "qemu-sev" "qemu-se" + "qemu-snp" "clh" "clh-tdx" ) @@ -258,6 +259,7 @@ function remove_artifacts() { /opt/confidential-containers/bin/kata-runtime \ /opt/confidential-containers/bin/kata-collect-data.sh \ /opt/confidential-containers/bin/qemu-system-x86_64 \ + /opt/confidential-containers/bin/qemu-system-x86_64-snp \ /opt/confidential-containers/bin/qemu-system-x86_64-tdx \ /opt/confidential-containers/bin/qemu-system-s390x \ /opt/confidential-containers/bin/cloud-hypervisor \ diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile index 2959fbfc07..1a1d51575d 100644 --- a/tools/packaging/kata-deploy/local-build/Makefile +++ b/tools/packaging/kata-deploy/local-build/Makefile @@ -19,6 +19,7 @@ EXTRA_TARBALL=cc-cloud-hypervisor-tarball \ cc-sev-ovmf-tarball \ cc-x86_64-ovmf-tarball \ cc-sev-rootfs-initrd-tarball \ + cc-snp-qemu-tarball \ cc-tdx-rootfs-image-tarball endif @@ -115,6 +116,9 @@ cc-kernel-tarball: cc-qemu-tarball: ${MAKE} $@-build +cc-snp-qemu-tarball: + ${MAKE} $@-build + cc-rootfs-image-tarball: ${MAKE} $@-build diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 9e9c6637b9..36bbca9c8c 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -100,6 +100,7 @@ options: cc-tdx-kernel cc-sev-kernel cc-qemu + cc-snp-qemu cc-tdx-qemu cc-rootfs-image cc-rootfs-initrd @@ -479,7 +480,7 @@ install_cc_sev_kernel() { install_cc_tee_qemu() { tee="${1}" - [ "${tee}" != "tdx" ] && die "Non supported TEE" + [[ "${tee}" != "tdx" && "${tee}" != "snp" ]] && die "Non supported TEE" export qemu_repo="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.url)" export qemu_version="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.tag)" @@ -502,6 +503,10 @@ install_cc_tdx_qemu() { install_cc_tee_qemu "tdx" } +install_cc_snp_qemu() { + install_cc_tee_qemu "snp" +} + install_cc_tdx_td_shim() { install_cached_component \ "td-shim" \ @@ -825,6 +830,8 @@ handle_build() { cc-qemu) install_cc_qemu ;; + cc-snp-qemu) install_cc_snp_qemu ;; + cc-rootfs-image) install_cc_image ;; cc-rootfs-initrd) install_cc_initrd ;; diff --git a/tools/packaging/qemu/patches/tag_patches/3b6a2b6b7466f6dea53243900b7516c3f29027b7/no_patches.txt b/tools/packaging/qemu/patches/tag_patches/3b6a2b6b7466f6dea53243900b7516c3f29027b7/no_patches.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/tools/packaging/static-build/cache_components.sh b/tools/packaging/static-build/cache_components.sh index ef223b1c2a..3b849958e6 100755 --- a/tools/packaging/static-build/cache_components.sh +++ b/tools/packaging/static-build/cache_components.sh @@ -22,6 +22,7 @@ cache_qemu_artifacts() { if [ -n "${TEE}" ]; then qemu_tarball_name="kata-static-cc-${TEE}-qemu.tar.xz" [ "${TEE}" == "tdx" ] && current_qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu.tdx.tag") + [ "${TEE}" == "snp" ] && current_qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu.snp.tag") fi local qemu_sha=$(calc_qemu_files_sha256sum) local current_qemu_image="$(get_qemu_image_name)" diff --git a/versions.yaml b/versions.yaml index ab0112d271..e7f496b56a 100644 --- a/versions.yaml +++ b/versions.yaml @@ -105,8 +105,7 @@ assets: snp: description: "VMM that uses KVM and supports AMD SEV-SNP" url: "https://github.com/AMDESE/qemu" - branch: "snp-v3" - commit: "ffa95097ee" + tag: "3b6a2b6b7466f6dea53243900b7516c3f29027b7" qemu-experimental: description: "QEMU with virtiofs support"