From 9259646235e8c05dad553818eaf465400aece08b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Wed, 3 Aug 2022 14:44:10 +0200
Subject: [PATCH 1/5] ovmf: Adjust final tarball location
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Let's create the OVMF tarball in the directory where the script was
called from, instead of doing it in the $DESTDIR.

This aligns with the logic being used for creating / extracting the
tarball content, which is already in use by the kata-deploy local build
scripts.

Fixes: #4808

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 tools/packaging/static-build/ovmf/build-ovmf.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/packaging/static-build/ovmf/build-ovmf.sh b/tools/packaging/static-build/ovmf/build-ovmf.sh
index fe3925b1c..9245dead4 100755
--- a/tools/packaging/static-build/ovmf/build-ovmf.sh
+++ b/tools/packaging/static-build/ovmf/build-ovmf.sh
@@ -90,7 +90,8 @@ if [ "${ovmf_build}" == "tdx" ]; then
 	install $build_root/$ovmf_dir/"${build_path_arch}"/DumpTdxEventLog.efi ${install_dir}
 fi
 
+local_dir=${PWD}
 pushd $DESTDIR
-tar -czvf "${ovmf_dir}-${ovmf_build}.tar.gz" "./$PREFIX"
+tar -czvf "${local_dir}/${ovmf_dir}-${ovmf_build}.tar.gz" "./$PREFIX"
 rm -rf $(dirname ./$PREFIX) 
 popd

From 554dff20c39e8354f5d0e4bfa24ad347d60424cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Wed, 3 Aug 2022 14:47:03 +0200
Subject: [PATCH 2/5] td-shim: Adjust final tarball location
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Let's create the td-shim tarball in the directory where the script was
called from, instead of doing it in the $DESTDIR.

This aligns with the logic being used for creating / extracting the
tarball content, which is already in use by the kata-deploy local build
scripts.

Fixes: #4809

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 tools/packaging/static-build/td-shim/build-td-shim.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/packaging/static-build/td-shim/build-td-shim.sh b/tools/packaging/static-build/td-shim/build-td-shim.sh
index ed933c007..cbc336d66 100755
--- a/tools/packaging/static-build/td-shim/build-td-shim.sh
+++ b/tools/packaging/static-build/td-shim/build-td-shim.sh
@@ -35,7 +35,8 @@ install target/x86_64-unknown-uefi/release/final-boot-kernel.bin ${install_dir}/
 popd #td-shim
 popd #${build_root}
 
+local_dir=${PWD}
 pushd ${DESTDIR}
-tar -czvf "td-shim.tar.gz" "./$PREFIX"
+tar -czvf "${local_dir}/td-shim.tar.gz" "./$PREFIX"
 rm -rf $(dirname ./$PREFIX)
 popd #${DESTDIR}

From 04be5521d01ac78725a34db76a921c1b408bb3fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Wed, 3 Aug 2022 13:46:19 +0200
Subject: [PATCH 3/5] packaging: Reorganise TDX targets
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Let's simply add the tdx targets after the CC ones.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 .../kata-deploy/local-build/Makefile          | 19 ++--
 .../local-build/kata-deploy-binaries.sh       | 87 +++++++++----------
 2 files changed, 53 insertions(+), 53 deletions(-)

diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile
index 20e86eb7e..64bfae4ab 100644
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@@ -85,21 +85,12 @@ cc: cc-cloud-hypervisor-tarball \
 cc-cloud-hypervisor-tarball:
 	${MAKE} $@-build
 
-cc-tdx-cloud-hypervisor-tarball:
-	${MAKE} $@-build
-
 cc-kernel-tarball:
 	${MAKE} $@-build
 
-cc-tdx-kernel-tarball:
-	${MAKE} $@-build
-
 cc-qemu-tarball:
 	${MAKE} $@-build
 
-cc-tdx-qemu-tarball:
-	${MAKE} $@-build
-
 cc-rootfs-image-tarball:
 	${MAKE} $@-build
 
@@ -108,3 +99,13 @@ cc-shim-v2-tarball:
 
 cc-virtiofsd-tarball:
 	${MAKE} $@-build
+
+cc-tdx-cloud-hypervisor-tarball:
+	${MAKE} $@-build
+
+cc-tdx-kernel-tarball:
+	${MAKE} $@-build
+
+cc-tdx-qemu-tarball:
+	${MAKE} $@-build
+
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index 30ea804f0..05f0e69f1 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -108,11 +108,6 @@ install_cc_clh() {
 	sudo install -D --owner root --group root --mode 0744 cloud-hypervisor/cloud-hypervisor "${destdir}/${cc_prefix}/bin/cloud-hypervisor"
 }
 
-# Install static CC cloud-hypervisor asset
-install_tdx_cc_clh() {
-	install_cc_clh
-}
-
 #Install cc capable guest image
 install_cc_image() {
 	info "Create CC image"
@@ -123,45 +118,12 @@ install_cc_image() {
 	"${rootfs_builder}" --imagetype=image --prefix="${cc_prefix}" --destdir="${destdir}"
 }
 
-#Install CC kernel assert, with TEE support
-install_cc_tee_kernel() {
-	tee="${1}"
-
-	[ "${tee}" != "tdx" ] && die "Non supported TEE"
-
-	export kernel_version="$(yq r $versions_yaml assets.kernel.${tee}.tag)"
-	export kernel_url="$(yq r $versions_yaml assets.kernel.${tee}.url)"
-	DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${kernel_builder}" -x "${tee}" -v "${kernel_version}" -u "${kernel_url}"
-}
-
-#Install CC kernel assert for Intel TDX
-install_cc_tdx_kernel() {
-	install_cc_tee_kernel "tdx"
-}
-
 #Install CC kernel asset
 install_cc_kernel() {
 	export kernel_version="$(yq r $versions_yaml assets.kernel.version)"
 	DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${kernel_builder}" -f -v "${kernel_version}"
 }
 
-install_cc_tee_qemu() {
-	tee="${1}"
-
-	[ "${tee}" != "tdx" ] && die "Non supported TEE"
-
-	export qemu_repo="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.url)"
-	export qemu_version="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.tag)"
-	export tee="${tee}"
-	"${qemu_cc_builder}"
-	tar xvf "${builddir}/kata-static-${tee}-qemu-cc.tar.gz" -C "${destdir}"
-}
-
-
-install_cc_tdx_qemu() {
-	install_cc_tee_qemu "tdx"
-}
-
 # Install static CC qemu asset
 install_cc_qemu() {
 	info "build static CC qemu"
@@ -188,6 +150,43 @@ install_cc_virtiofsd() {
 	sudo install -D --owner root --group root --mode 0744 virtiofsd/virtiofsd "${destdir}/${cc_prefix}/libexec/virtiofsd"
 }
 
+# Install static CC cloud-hypervisor asset
+install_tdx_cc_clh() {
+	install_cc_clh
+}
+
+#Install CC kernel assert, with TEE support
+install_cc_tee_kernel() {
+	tee="${1}"
+
+	[ "${tee}" != "tdx" ] && die "Non supported TEE"
+
+	export kernel_version="$(yq r $versions_yaml assets.kernel.${tee}.tag)"
+	export kernel_url="$(yq r $versions_yaml assets.kernel.${tee}.url)"
+	DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${kernel_builder}" -x "${tee}" -v "${kernel_version}" -u "${kernel_url}"
+}
+
+#Install CC kernel assert for Intel TDX
+install_cc_tdx_kernel() {
+	install_cc_tee_kernel "tdx"
+}
+
+install_cc_tee_qemu() {
+	tee="${1}"
+
+	[ "${tee}" != "tdx" ] && die "Non supported TEE"
+
+	export qemu_repo="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.url)"
+	export qemu_version="$(yq r $versions_yaml assets.hypervisor.qemu.${tee}.tag)"
+	export tee="${tee}"
+	"${qemu_cc_builder}"
+	tar xvf "${builddir}/kata-static-${tee}-qemu-cc.tar.gz" -C "${destdir}"
+}
+
+install_cc_tdx_qemu() {
+	install_cc_tee_qemu "tdx"
+}
+
 #Install guest image
 install_image() {
 	info "Create image"
@@ -296,22 +295,22 @@ handle_build() {
 
 	cc-cloud-hypervisor) install_cc_clh ;;
 
-	cc-tdx-cloud-hypervisor) install_tdx_cc_clh ;;
-
 	cc-kernel) install_cc_kernel ;;
 
-	cc-tdx-kernel) install_cc_tdx_kernel ;;
-
 	cc-qemu) install_cc_qemu ;;
 
-	cc-tdx-qemu) install_cc_tdx_qemu ;;
-
 	cc-rootfs-image) install_cc_image ;;
 
 	cc-shim-v2) install_cc_shimv2 ;;
 
 	cc-virtiofsd) install_cc_virtiofsd ;;
 
+	cc-tdx-cloud-hypervisor) install_tdx_cc_clh ;;
+
+	cc-tdx-kernel) install_cc_tdx_kernel ;;
+
+	cc-tdx-qemu) install_cc_tdx_qemu ;;
+
 	cloud-hypervisor) install_clh ;;
 
 	firecracker) install_firecracker ;;

From 9d0d5b93616c4bb58bfa8f25c5f85b3e259a5334 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Wed, 3 Aug 2022 14:09:45 +0200
Subject: [PATCH 4/5] packaging: Build and ship TDVF
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We're adding a new target for building a TDVF, a firmware used with QEMU
to start TDX capable VMs for CC.

Fixes: #4625

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 tools/packaging/kata-deploy/local-build/Makefile  |  2 ++
 .../local-build/kata-deploy-binaries.sh           | 15 +++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile
index 64bfae4ab..6f35e4524 100644
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@@ -109,3 +109,5 @@ cc-tdx-kernel-tarball:
 cc-tdx-qemu-tarball:
 	${MAKE} $@-build
 
+cc-tdx-tdvf-tarball:
+	${MAKE} $@-build
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index 05f0e69f1..170b80911 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -24,6 +24,7 @@ readonly versions_yaml="${repo_root_dir}/versions.yaml"
 readonly clh_builder="${static_build_dir}/cloud-hypervisor/build-static-clh.sh"
 readonly firecracker_builder="${static_build_dir}/firecracker/build-static-firecracker.sh"
 readonly kernel_builder="${static_build_dir}/kernel/build.sh"
+readonly ovmf_builder="${static_build_dir}/ovmf/build.sh"
 readonly qemu_builder="${static_build_dir}/qemu/build-static-qemu.sh"
 readonly shimv2_builder="${static_build_dir}/shim-v2/build.sh"
 readonly virtiofsd_builder="${static_build_dir}/virtiofsd/build-static-virtiofsd.sh"
@@ -187,6 +188,18 @@ install_cc_tdx_qemu() {
 	install_cc_tee_qemu "tdx"
 }
 
+install_cc_tee_ovmf() {
+	tee="${1}"
+	tarball_name="${2}"
+
+	DESTDIR="${destdir}" PREFIX="${cc_prefix}" ovmf_build="${tee}" "${ovmf_builder}"
+	tar xvf "${builddir}/${tarball_name}" -C "${destdir}"
+}
+
+install_cc_tdx_tdvf() {
+	install_cc_tee_ovmf "tdx" "edk2-staging-tdx.tar.gz"
+}
+
 #Install guest image
 install_image() {
 	info "Create image"
@@ -311,6 +324,8 @@ handle_build() {
 
 	cc-tdx-qemu) install_cc_tdx_qemu ;;
 
+	cc-tdx-tdvf) install_cc_tdx_tdvf ;;
+
 	cloud-hypervisor) install_clh ;;
 
 	firecracker) install_firecracker ;;

From 4cf502fb200b2da90f5e8387e00fd618f4154ec5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fabiano.fidencio@intel.com>
Date: Wed, 3 Aug 2022 15:34:35 +0200
Subject: [PATCH 5/5] packaging: Build and ship TD-shim
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We're adding a new target for building TD-shim, a firmware used with
Cloud Hypervisor to start TDX capable VMs for CC.

Fixes: #4780

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
---
 tools/packaging/kata-deploy/local-build/Makefile          | 3 +++
 .../kata-deploy/local-build/kata-deploy-binaries.sh       | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile
index 6f35e4524..ae13afa01 100644
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@@ -109,5 +109,8 @@ cc-tdx-kernel-tarball:
 cc-tdx-qemu-tarball:
 	${MAKE} $@-build
 
+cc-tdx-td-shim-tarball:
+	${MAKE} $@-build
+
 cc-tdx-tdvf-tarball:
 	${MAKE} $@-build
diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index 170b80911..5aa8bd336 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -27,6 +27,7 @@ readonly kernel_builder="${static_build_dir}/kernel/build.sh"
 readonly ovmf_builder="${static_build_dir}/ovmf/build.sh"
 readonly qemu_builder="${static_build_dir}/qemu/build-static-qemu.sh"
 readonly shimv2_builder="${static_build_dir}/shim-v2/build.sh"
+readonly td_shim_builder="${static_build_dir}/td-shim/build.sh"
 readonly virtiofsd_builder="${static_build_dir}/virtiofsd/build-static-virtiofsd.sh"
 
 readonly rootfs_builder="${repo_root_dir}/tools/packaging/guest-image/build_image.sh"
@@ -188,6 +189,11 @@ install_cc_tdx_qemu() {
 	install_cc_tee_qemu "tdx"
 }
 
+install_cc_tdx_td_shim() {
+	DESTDIR="${destdir}" PREFIX="${cc_prefix}" "${td_shim_builder}"
+	tar xvf "${builddir}/td-shim.tar.gz" -C "${destdir}"
+}
+
 install_cc_tee_ovmf() {
 	tee="${1}"
 	tarball_name="${2}"
@@ -324,6 +330,8 @@ handle_build() {
 
 	cc-tdx-qemu) install_cc_tdx_qemu ;;
 
+	cc-tdx-td-shim) install_cc_tdx_td_shim ;;
+
 	cc-tdx-tdvf) install_cc_tdx_tdvf ;;
 
 	cloud-hypervisor) install_clh ;;