osbuilder: Support attestation-agent[cc_kbc] TDX dependencies

attestation-agent depends on tdx-attest-rs when cc_kbc is enabled, which depends on libtdx-attest.so. Include the dev package in build container, and the runtime package in the built rootfs. The build of tdx-attest-sys (which is a dep of tdx-attest-rs) uses bindgen, which requires libclang so install that in the build container as well. We specify the tdx stack DCAP v1.15 Fixes: #6519 Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
2026-01-26 01:34:23 +01:00 · 2023-03-23 21:16:08 +08:00
parent 1da81308c7
commit 38037dbe1f
5 changed files with 35 additions and 3 deletions
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -301,7 +301,7 @@ install_cc_se_image() {
 }

 install_cc_tdx_image() {
-	AA_KBC="eaa_kbc"
+	AA_KBC="cc_kbc_tdx"
 	image_type="image"
 	image_suffix="tdx"
 	root_hash_suffix="tdx"
--- a/tools/packaging/static-build/cache_components.sh
+++ b/tools/packaging/static-build/cache_components.sh
@@ -110,7 +110,7 @@ cache_rootfs_artifacts() {
 	if [ -n "${TEE}" ]; then
 		if [ "${TEE}" == "tdx" ]; then
 			rootfs_tarball_name="kata-static-cc-tdx-rootfs-image.tar.xz"
-			aa_kbc="eaa_kbc"
+			aa_kbc="cc_kbc_tdx"
 			image_type="image"
 			root_hash_vanilla=""
 			root_hash_tdx="${repo_root_dir}/tools/osbuilder/root_hash_tdx.txt"