github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-27 15:57:09 +00:00
Code Issues Projects Releases Wiki Activity

config: Add root hash value and measure config to kernel params

Browse Source 
After we have a guest kernel with builtin initramfs which
provide the rootfs measurement capability and Kata rootfs
image with hash device, we need set related root hash value
and measure config to the kernel params in kata configuration file.

Fixes: #6674

Signed-off-by: Wang, Arron <arron.wang@intel.com>
This commit is contained in:
Wang, Arron 2022-09-15 10:17:55 +08:00 committed by Fabiano Fidêncio
parent 0080588075
commit f62b2670c0
4 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/runtime/Makefile
View File

@ -133,6 +133,10 @@ FIRMWARETDVFVOLUMEPATH :=
FIRMWARESEVPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd FIRMWARESEVPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd
FIRMWARESNPPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd FIRMWARESNPPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd
ROOTMEASURECONFIG ?= ""
KERNELPARAMS += $(ROOTMEASURECONFIG)
KERNELTDXPARAMS += $(ROOTMEASURECONFIG)
# Name of default configuration file the runtime will use. # Name of default configuration file the runtime will use.
CONFIG_FILE = configuration.toml CONFIG_FILE = configuration.toml

3
tools/packaging/guest-image/build_image.sh
View File

@ -54,6 +54,9 @@ build_image() {
IMG_OS_VERSION="${img_os_version}" \ IMG_OS_VERSION="${img_os_version}" \
ROOTFS_BUILD_DEST="${builddir}/rootfs-image" ROOTFS_BUILD_DEST="${builddir}/rootfs-image"
mv -f "kata-containers.img" "${install_dir}/${image_name}" mv -f "kata-containers.img" "${install_dir}/${image_name}"
if [ -e "root_hash.txt" ]; then
cp root_hash.txt "${install_dir}/"
fi
( (
cd "${install_dir}" cd "${install_dir}"
ln -sf "${image_name}" kata-containers.img ln -sf "${image_name}" kata-containers.img

14
tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
View File

@ -485,7 +485,19 @@ install_shimv2() {
export GO_VERSION export GO_VERSION
export RUST_VERSION export RUST_VERSION
DESTDIR="${destdir}" PREFIX="${prefix}" "${shimv2_builder}"
if [ "${MEASURED_ROOTFS}" == "yes" ]; then
extra_opts="DEFSERVICEOFFLOAD=true"
if [ -f "${repo_root_dir}/tools/osbuilder/root_hash.txt" ]; then
root_hash=$(sudo sed -e 's/Root hash:\s*//g;t;d' "${repo_root_dir}/tools/osbuilder//root_hash.txt")
root_measure_config="rootfs_verity.scheme=dm-verity rootfs_verity.hash=${root_hash}"
extra_opts+=" ROOTMEASURECONFIG=\"${root_measure_config}\""
fi
DESTDIR="${destdir}" PREFIX="${prefix}" EXTRA_OPTS="${extra_opts}" "${shimv2_builder}"
else
DESTDIR="${destdir}" PREFIX="${prefix}" "${shimv2_builder}"
fi
} }
install_ovmf() { install_ovmf() {

6
tools/packaging/static-build/shim-v2/build.sh
View File

@ -21,6 +21,8 @@ DESTDIR=${DESTDIR:-${PWD}}
PREFIX=${PREFIX:-/opt/kata} PREFIX=${PREFIX:-/opt/kata}
container_image="${SHIM_V2_CONTAINER_BUILDER:-$(get_shim_v2_image_name)}" container_image="${SHIM_V2_CONTAINER_BUILDER:-$(get_shim_v2_image_name)}"
EXTRA_OPTS="${EXTRA_OPTS:-""}"
sudo docker pull ${container_image} || \ sudo docker pull ${container_image} || \
(sudo docker build \ (sudo docker build \
--build-arg GO_VERSION="${GO_VERSION}" \ --build-arg GO_VERSION="${GO_VERSION}" \
@ -47,12 +49,12 @@ sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
-w "${repo_root_dir}/src/runtime" \ -w "${repo_root_dir}/src/runtime" \
"${container_image}" \ "${container_image}" \
bash -c "git config --global --add safe.directory ${repo_root_dir} && make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch}" bash -c "git config --global --add safe.directory ${repo_root_dir} && make PREFIX=${PREFIX} QEMUCMD=qemu-system-${arch} ${EXTRA_OPTS}"
sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
-w "${repo_root_dir}/src/runtime" \ -w "${repo_root_dir}/src/runtime" \
"${container_image}" \ "${container_image}" \
bash -c "git config --global --add safe.directory ${repo_root_dir} && make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" install" bash -c "git config --global --add safe.directory ${repo_root_dir} && make PREFIX="${PREFIX}" DESTDIR="${DESTDIR}" ${EXTRA_OPTS} install"
for vmm in ${VMM_CONFIGS}; do for vmm in ${VMM_CONFIGS}; do
config_file="${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-${vmm}.toml" config_file="${DESTDIR}/${PREFIX}/share/defaults/kata-containers/configuration-${vmm}.toml"