mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-01 07:47:15 +00:00
Merge pull request #8983 from fidencio/topic/add-confidential-image
packaging: Add confidential image / initrd
This commit is contained in:
commit
e0bb632053
@ -49,8 +49,10 @@ jobs:
|
||||
- qemu-tdx-experimental
|
||||
- stratovirt
|
||||
- rootfs-image
|
||||
- rootfs-image-confidential
|
||||
- rootfs-image-tdx
|
||||
- rootfs-initrd
|
||||
- rootfs-initrd-confidential
|
||||
- rootfs-initrd-mariner
|
||||
- rootfs-initrd-sev
|
||||
- runk
|
||||
|
@ -39,7 +39,9 @@ BASE_TARBALLS = serial-targets \
|
||||
tdvf-tarball \
|
||||
virtiofsd-tarball
|
||||
BASE_SERIAL_TARBALLS = rootfs-image-tarball \
|
||||
rootfs-image-confidential-tarball \
|
||||
rootfs-image-tdx-tarball \
|
||||
rootfs-initrd-confidential-tarball \
|
||||
rootfs-initrd-mariner-tarball \
|
||||
rootfs-initrd-sev-tarball \
|
||||
rootfs-initrd-tarball \
|
||||
@ -160,12 +162,18 @@ stratovirt-tarball:
|
||||
rootfs-image-tarball: agent-tarball
|
||||
${MAKE} $@-build
|
||||
|
||||
rootfs-image-confidential-tarball: agent-opa-tarball kernel-confidential-tarball
|
||||
${MAKE} $@-build
|
||||
|
||||
rootfs-image-tdx-tarball: agent-opa-tarball kernel-confidential-tarball
|
||||
${MAKE} $@-build
|
||||
|
||||
rootfs-initrd-mariner-tarball: agent-opa-tarball
|
||||
${MAKE} $@-build
|
||||
|
||||
rootfs-initrd-confidential-tarball: agent-opa-tarball kernel-confidential-tarball
|
||||
${MAKE} $@-build
|
||||
|
||||
rootfs-initrd-sev-tarball: agent-opa-tarball kernel-confidential-tarball
|
||||
${MAKE} $@-build
|
||||
|
||||
|
@ -112,8 +112,10 @@ options:
|
||||
qemu-tdx-experimental
|
||||
stratovirt
|
||||
rootfs-image
|
||||
rootfs-image-confidential
|
||||
rootfs-image-tdx
|
||||
rootfs-initrd
|
||||
rootfs-initrd-confidential
|
||||
rootfs-initrd-mariner
|
||||
rootfs-initrd-sev
|
||||
runk
|
||||
@ -284,6 +286,13 @@ install_image() {
|
||||
"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=image --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
|
||||
}
|
||||
|
||||
#Install guest image for confidential guests
|
||||
install_image_confidential() {
|
||||
export AGENT_POLICY=yes
|
||||
export MEASURED_ROOTFS=yes
|
||||
install_image "confidential"
|
||||
}
|
||||
|
||||
#Install guest image for tdx
|
||||
install_image_tdx() {
|
||||
export AGENT_POLICY=yes
|
||||
@ -344,6 +353,13 @@ install_initrd() {
|
||||
"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=initrd --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
|
||||
}
|
||||
|
||||
#Install guest initrd for confidential guests
|
||||
install_initrd_confidential() {
|
||||
export AGENT_POLICY=yes
|
||||
export MEASURED_ROOTFS=yes
|
||||
install_initrd "confidential"
|
||||
}
|
||||
|
||||
#Install Mariner guest initrd
|
||||
install_initrd_mariner() {
|
||||
export AGENT_POLICY=yes
|
||||
@ -888,7 +904,9 @@ handle_build() {
|
||||
install_clh
|
||||
install_firecracker
|
||||
install_image
|
||||
install_image_confidential
|
||||
install_initrd
|
||||
install_initrd_confidential
|
||||
install_initrd_mariner
|
||||
install_initrd_sev
|
||||
install_kata_ctl
|
||||
@ -965,10 +983,14 @@ handle_build() {
|
||||
|
||||
rootfs-image) install_image ;;
|
||||
|
||||
rootfs-image-confidential) install_image_confidential ;;
|
||||
|
||||
rootfs-image-tdx) install_image_tdx ;;
|
||||
|
||||
rootfs-initrd) install_initrd ;;
|
||||
|
||||
rootfs-initrd-confidential) install_initrd_confidential ;;
|
||||
|
||||
rootfs-initrd-mariner) install_initrd_mariner ;;
|
||||
|
||||
rootfs-initrd-sev) install_initrd_sev ;;
|
||||
@ -1081,7 +1103,9 @@ main() {
|
||||
qemu
|
||||
stratovirt
|
||||
rootfs-image
|
||||
rootfs-image-confidential
|
||||
rootfs-initrd
|
||||
rootfs-initrd-confidential
|
||||
rootfs-initrd-mariner
|
||||
runk
|
||||
shim-v2
|
||||
|
@ -133,6 +133,9 @@ assets:
|
||||
x86_64:
|
||||
name: *default-image-name
|
||||
version: *default-image-version
|
||||
confidential:
|
||||
name: *default-image-name
|
||||
version: *default-image-version
|
||||
tdx:
|
||||
name: *default-image-name
|
||||
version: *default-image-version
|
||||
@ -159,6 +162,9 @@ assets:
|
||||
x86_64:
|
||||
name: *default-initrd-name
|
||||
version: *default-initrd-version
|
||||
confidential:
|
||||
name: *glibc-initrd-name
|
||||
version: *glibc-initrd-version
|
||||
mariner:
|
||||
name: "cbl-mariner"
|
||||
version: "2.0"
|
||||
|
Loading…
Reference in New Issue
Block a user