Merge pull request #6062 from Alex-Carter01/snp-qemu

kata-deploy: SNP version of Qemu

src/runtime/Makefile

@@ -166,6 +166,9 @@ HYPERVISORS := $(HYPERVISOR_ACRN) $(HYPERVISOR_FC) $(HYPERVISOR_QEMU) $(HYPERVIS
 QEMUPATH := $(QEMUBINDIR)/$(QEMUCMD)
 QEMUVALIDHYPERVISORPATHS := [\"$(QEMUPATH)\"]
 
+QEMUSNPPATH := $(QEMUBINDIR)/$(QEMUSNPCMD)
+QEMUSNPVALIDHYPERVISORPATHS := [\"$(QEMUSNPPATH)\"]
+
 QEMUTDXPATH := $(QEMUBINDIR)/$(QEMUTDXCMD)
 QEMUTDXVALIDHYPERVISORPATHS := [\"$(QEMUTDXPATH)\"]
 
@@ -590,6 +593,8 @@ USER_VARS += QEMUPATH
 USER_VARS += QEMUVALIDHYPERVISORPATHS
 USER_VARS += QEMUVIRTIOFSCMD
 USER_VARS += QEMUVIRTIOFSPATH
+USER_VARS += QEMUSNPPATH
+USER_VARS += QEMUSNPVALIDHYPERVISORPATHS
 USER_VARS += QEMUTDXPATH
 USER_VARS += QEMUTDXVALIDHYPERVISORPATHS
 USER_VARS += RUNTIME_NAME

src/runtime/arch/amd64-options.mk

@@ -13,6 +13,7 @@ TDXCPUFEATURES := -vmx-rdseed-exit,pmu=off
 
 QEMUCMD := qemu-system-x86_64
 QEMUTDXCMD := qemu-system-x86_64-tdx
+QEMUSNPCMD := qemu-system-x86_64-snp
 
 # Firecracker binary name
 FCCMD := firecracker

tools/packaging/kata-deploy-cc/scripts/kata-deploy.sh

@@ -19,6 +19,7 @@ shims=(
         "qemu-tdx"
         "qemu-sev"
         "qemu-se"
+        "qemu-snp"
         "clh"
         "clh-tdx"
 )
@@ -258,6 +259,7 @@ function remove_artifacts() {
 		/opt/confidential-containers/bin/kata-runtime \
 		/opt/confidential-containers/bin/kata-collect-data.sh \
 		/opt/confidential-containers/bin/qemu-system-x86_64 \
+		/opt/confidential-containers/bin/qemu-system-x86_64-snp \
 		/opt/confidential-containers/bin/qemu-system-x86_64-tdx \
 		/opt/confidential-containers/bin/qemu-system-s390x \
 		/opt/confidential-containers/bin/cloud-hypervisor \

tools/packaging/kata-deploy/local-build/Makefile

@@ -19,6 +19,7 @@ EXTRA_TARBALL=cc-cloud-hypervisor-tarball \
 	cc-sev-ovmf-tarball \
 	cc-x86_64-ovmf-tarball \
 	cc-sev-rootfs-initrd-tarball \
+	cc-snp-qemu-tarball \
 	cc-tdx-rootfs-image-tarball
 endif
 
@@ -115,6 +116,9 @@ cc-kernel-tarball:
 cc-qemu-tarball:
 	${MAKE} $@-build
 
+cc-snp-qemu-tarball:
+	${MAKE} $@-build
+
 cc-rootfs-image-tarball:
 	${MAKE} $@-build
 

tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh

@@ -100,6 +100,7 @@ options:
 	cc-tdx-kernel
 	cc-sev-kernel
 	cc-qemu
+	cc-snp-qemu
 	cc-tdx-qemu
 	cc-rootfs-image
 	cc-rootfs-initrd
@@ -479,7 +480,7 @@ install_cc_sev_kernel() {
 install_cc_tee_qemu() {
 	tee="${1}"
 
-	[ "${tee}" != "tdx" ] && die "Non supported TEE"
+	[[ "${tee}" != "tdx" && "${tee}" != "snp" ]] && die "Non supported TEE"
 
 	export qemu_repo="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.url)"
 	export qemu_version="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.tag)"
@@ -502,6 +503,10 @@ install_cc_tdx_qemu() {
 	install_cc_tee_qemu "tdx"
 }
 
+install_cc_snp_qemu() {
+	install_cc_tee_qemu "snp"
+}
+
 install_cc_tdx_td_shim() {
 	install_cached_component \
 		"td-shim" \
@@ -825,6 +830,8 @@ handle_build() {
 
 	cc-qemu) install_cc_qemu ;;
 
+	cc-snp-qemu) install_cc_snp_qemu ;;
+
 	cc-rootfs-image) install_cc_image ;;
 
 	cc-rootfs-initrd) install_cc_initrd ;;

tools/packaging/static-build/cache_components.sh

@@ -22,6 +22,7 @@ cache_qemu_artifacts() {
 	if [ -n "${TEE}" ]; then
 		qemu_tarball_name="kata-static-cc-${TEE}-qemu.tar.xz"
 		[ "${TEE}" == "tdx" ] && current_qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu.tdx.tag")
+        [ "${TEE}" == "snp" ] && current_qemu_version=$(get_from_kata_deps "assets.hypervisor.qemu.snp.tag")
 	fi
 	local qemu_sha=$(calc_qemu_files_sha256sum)
 	local current_qemu_image="$(get_qemu_image_name)"

versions.yaml

@@ -105,8 +105,7 @@ assets:
       snp:
         description: "VMM that uses KVM and supports AMD SEV-SNP"
         url: "https://github.com/AMDESE/qemu"
-        branch: "snp-v3"
+        tag: "3b6a2b6b7466f6dea53243900b7516c3f29027b7"
-        commit: "ffa95097ee"
 
     qemu-experimental:
       description: "QEMU with virtiofs support"