mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-10 04:18:26 +00:00
Merge pull request #8983 from fidencio/topic/add-confidential-image
packaging: Add confidential image / initrd
This commit is contained in:
Fabiano Fidêncio
GitHub
commit
e0bb632053
@ -49,8 +49,10 @@ jobs:
|
|||||||
- qemu-tdx-experimental
|
- qemu-tdx-experimental
|
||||||
- stratovirt
|
- stratovirt
|
||||||
- rootfs-image
|
- rootfs-image
|
||||||
|
- rootfs-image-confidential
|
||||||
- rootfs-image-tdx
|
- rootfs-image-tdx
|
||||||
- rootfs-initrd
|
- rootfs-initrd
|
||||||
|
- rootfs-initrd-confidential
|
||||||
- rootfs-initrd-mariner
|
- rootfs-initrd-mariner
|
||||||
- rootfs-initrd-sev
|
- rootfs-initrd-sev
|
||||||
- runk
|
- runk
|
||||||
|
|||||||
@ -39,7 +39,9 @@ BASE_TARBALLS = serial-targets \
|
|||||||
tdvf-tarball \
|
tdvf-tarball \
|
||||||
virtiofsd-tarball
|
virtiofsd-tarball
|
||||||
BASE_SERIAL_TARBALLS = rootfs-image-tarball \
|
BASE_SERIAL_TARBALLS = rootfs-image-tarball \
|
||||||
|
rootfs-image-confidential-tarball \
|
||||||
rootfs-image-tdx-tarball \
|
rootfs-image-tdx-tarball \
|
||||||
|
rootfs-initrd-confidential-tarball \
|
||||||
rootfs-initrd-mariner-tarball \
|
rootfs-initrd-mariner-tarball \
|
||||||
rootfs-initrd-sev-tarball \
|
rootfs-initrd-sev-tarball \
|
||||||
rootfs-initrd-tarball \
|
rootfs-initrd-tarball \
|
||||||
@ -160,12 +162,18 @@ stratovirt-tarball:
|
|||||||
rootfs-image-tarball: agent-tarball
|
rootfs-image-tarball: agent-tarball
|
||||||
${MAKE} $@-build
|
${MAKE} $@-build
|
||||||
|
|
||||||
|
rootfs-image-confidential-tarball: agent-opa-tarball kernel-confidential-tarball
|
||||||
|
${MAKE} $@-build
|
||||||
|
|
||||||
rootfs-image-tdx-tarball: agent-opa-tarball kernel-confidential-tarball
|
rootfs-image-tdx-tarball: agent-opa-tarball kernel-confidential-tarball
|
||||||
${MAKE} $@-build
|
${MAKE} $@-build
|
||||||
|
|
||||||
rootfs-initrd-mariner-tarball: agent-opa-tarball
|
rootfs-initrd-mariner-tarball: agent-opa-tarball
|
||||||
${MAKE} $@-build
|
${MAKE} $@-build
|
||||||
|
|
||||||
|
rootfs-initrd-confidential-tarball: agent-opa-tarball kernel-confidential-tarball
|
||||||
|
${MAKE} $@-build
|
||||||
|
|
||||||
rootfs-initrd-sev-tarball: agent-opa-tarball kernel-confidential-tarball
|
rootfs-initrd-sev-tarball: agent-opa-tarball kernel-confidential-tarball
|
||||||
${MAKE} $@-build
|
${MAKE} $@-build
|
||||||
|
|
||||||
|
|||||||
@ -112,8 +112,10 @@ options:
|
|||||||
qemu-tdx-experimental
|
qemu-tdx-experimental
|
||||||
stratovirt
|
stratovirt
|
||||||
rootfs-image
|
rootfs-image
|
||||||
|
rootfs-image-confidential
|
||||||
rootfs-image-tdx
|
rootfs-image-tdx
|
||||||
rootfs-initrd
|
rootfs-initrd
|
||||||
|
rootfs-initrd-confidential
|
||||||
rootfs-initrd-mariner
|
rootfs-initrd-mariner
|
||||||
rootfs-initrd-sev
|
rootfs-initrd-sev
|
||||||
runk
|
runk
|
||||||
@ -284,6 +286,13 @@ install_image() {
|
|||||||
"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=image --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
|
"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=image --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#Install guest image for confidential guests
|
||||||
|
install_image_confidential() {
|
||||||
|
export AGENT_POLICY=yes
|
||||||
|
export MEASURED_ROOTFS=yes
|
||||||
|
install_image "confidential"
|
||||||
|
}
|
||||||
|
|
||||||
#Install guest image for tdx
|
#Install guest image for tdx
|
||||||
install_image_tdx() {
|
install_image_tdx() {
|
||||||
export AGENT_POLICY=yes
|
export AGENT_POLICY=yes
|
||||||
@ -344,6 +353,13 @@ install_initrd() {
|
|||||||
"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=initrd --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
|
"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=initrd --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#Install guest initrd for confidential guests
|
||||||
|
install_initrd_confidential() {
|
||||||
|
export AGENT_POLICY=yes
|
||||||
|
export MEASURED_ROOTFS=yes
|
||||||
|
install_initrd "confidential"
|
||||||
|
}
|
||||||
|
|
||||||
#Install Mariner guest initrd
|
#Install Mariner guest initrd
|
||||||
install_initrd_mariner() {
|
install_initrd_mariner() {
|
||||||
export AGENT_POLICY=yes
|
export AGENT_POLICY=yes
|
||||||
@ -888,7 +904,9 @@ handle_build() {
|
|||||||
install_clh
|
install_clh
|
||||||
install_firecracker
|
install_firecracker
|
||||||
install_image
|
install_image
|
||||||
|
install_image_confidential
|
||||||
install_initrd
|
install_initrd
|
||||||
|
install_initrd_confidential
|
||||||
install_initrd_mariner
|
install_initrd_mariner
|
||||||
install_initrd_sev
|
install_initrd_sev
|
||||||
install_kata_ctl
|
install_kata_ctl
|
||||||
@ -965,10 +983,14 @@ handle_build() {
|
|||||||
|
|
||||||
rootfs-image) install_image ;;
|
rootfs-image) install_image ;;
|
||||||
|
|
||||||
|
rootfs-image-confidential) install_image_confidential ;;
|
||||||
|
|
||||||
rootfs-image-tdx) install_image_tdx ;;
|
rootfs-image-tdx) install_image_tdx ;;
|
||||||
|
|
||||||
rootfs-initrd) install_initrd ;;
|
rootfs-initrd) install_initrd ;;
|
||||||
|
|
||||||
|
rootfs-initrd-confidential) install_initrd_confidential ;;
|
||||||
|
|
||||||
rootfs-initrd-mariner) install_initrd_mariner ;;
|
rootfs-initrd-mariner) install_initrd_mariner ;;
|
||||||
|
|
||||||
rootfs-initrd-sev) install_initrd_sev ;;
|
rootfs-initrd-sev) install_initrd_sev ;;
|
||||||
@ -1081,7 +1103,9 @@ main() {
|
|||||||
qemu
|
qemu
|
||||||
stratovirt
|
stratovirt
|
||||||
rootfs-image
|
rootfs-image
|
||||||
|
rootfs-image-confidential
|
||||||
rootfs-initrd
|
rootfs-initrd
|
||||||
|
rootfs-initrd-confidential
|
||||||
rootfs-initrd-mariner
|
rootfs-initrd-mariner
|
||||||
runk
|
runk
|
||||||
shim-v2
|
shim-v2
|
||||||
|
|||||||
@ -133,6 +133,9 @@ assets:
|
|||||||
x86_64:
|
x86_64:
|
||||||
name: *default-image-name
|
name: *default-image-name
|
||||||
version: *default-image-version
|
version: *default-image-version
|
||||||
|
confidential:
|
||||||
|
name: *default-image-name
|
||||||
|
version: *default-image-version
|
||||||
tdx:
|
tdx:
|
||||||
name: *default-image-name
|
name: *default-image-name
|
||||||
version: *default-image-version
|
version: *default-image-version
|
||||||
@ -159,6 +162,9 @@ assets:
|
|||||||
x86_64:
|
x86_64:
|
||||||
name: *default-initrd-name
|
name: *default-initrd-name
|
||||||
version: *default-initrd-version
|
version: *default-initrd-version
|
||||||
|
confidential:
|
||||||
|
name: *glibc-initrd-name
|
||||||
|
version: *glibc-initrd-version
|
||||||
mariner:
|
mariner:
|
||||||
name: "cbl-mariner"
|
name: "cbl-mariner"
|
||||||
version: "2.0"
|
version: "2.0"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user