mirror of
https://github.com/aljazceru/kata-containers.git
synced 2026-01-31 12:14:27 +01:00
config: Added SEV config
Added default sev kata config template. Added required default variables in Makefile. Fixes #5012 Fixes #5008 Signed-Off-By: Ryan Savino <ryan.savino@amd.com>
This commit is contained in:
Ryan Savino
@@ -56,6 +56,7 @@ BINLIBEXECLIST :=
|
||||
BIN_PREFIX = $(PROJECT_TYPE)
|
||||
PROJECT_DIR = $(PROJECT_TAG)
|
||||
IMAGENAME = $(PROJECT_TAG).img
|
||||
INITRDNAME = $(PROJECT_TAG)-initrd.img
|
||||
|
||||
TARGET = $(BIN_PREFIX)-runtime
|
||||
RUNTIME_OUTPUT = $(CURDIR)/$(TARGET)
|
||||
@@ -98,6 +99,7 @@ GENERATED_VARS = \
|
||||
CONFIG_FC_IN \
|
||||
CONFIG_CLH_TDX_IN \
|
||||
CONFIG_QEMU_TDX_IN \
|
||||
CONFIG_QEMU_SEV_IN \
|
||||
$(USER_VARS)
|
||||
SCRIPTS += $(COLLECT_SCRIPT)
|
||||
SCRIPTS_DIR := $(BINDIR)
|
||||
@@ -112,12 +114,19 @@ PKGLIBEXECDIR := $(LIBEXECDIR)/$(PROJECT_DIR)
|
||||
KERNELDIR := $(PKGDATADIR)
|
||||
|
||||
IMAGEPATH := $(PKGDATADIR)/$(IMAGENAME)
|
||||
INITRDPATH := $(PKGDATADIR)/$(INITRDNAME)
|
||||
FIRMWAREPATH :=
|
||||
FIRMWAREVOLUMEPATH :=
|
||||
TDVFFIRMWAREPATH := $(PREFIXDEPS)/share/tdvf/OVMF_CODE.fd
|
||||
TDVFFIRMWAREVOLUMEPATH := $(PREFIXDEPS)/share/tdvf/OVMF_VARS.fd
|
||||
TDSHIMFIRMWAREPATH := ${PREFIXDEPS}/share/td-shim/td-shim.bin
|
||||
SEVFIRMWAREPATH := $(PREFIXDEPS)/share/ovmf/OVMF.fd
|
||||
|
||||
AGENTCONFIGFILEPATH := /etc/agent-config.toml
|
||||
AGENTCONFIGFILEKERNELPARAM := agent.config_file=$(AGENTCONFIGFILEPATH)
|
||||
|
||||
TDXKERNELPARAMS := tdx_disable_filter
|
||||
SEVKERNELPARAMS := $(AGENTCONFIGFILEKERNELPARAM)
|
||||
|
||||
# Name of default configuration file the runtime will use.
|
||||
CONFIG_FILE = configuration.toml
|
||||
@@ -226,9 +235,13 @@ DEFBINDMOUNTS := []
|
||||
DEFSERVICEOFFLOAD ?= false
|
||||
|
||||
# SEV Guest Pre-Attestation
|
||||
DEFGUESTPREATTESTATIONSECRETGUID ?= 0a46e24d-478c-4eb1-8696-113eeec3aa99
|
||||
DEFGUESTPREATTESTATION ?= false
|
||||
DEFGUESTPREATTESTATIONPROXY ?= localhost:44444
|
||||
DEFGUESTPREATTESTATIONKEYSET ?= KEYSET-1
|
||||
DEFGUESTPREATTESTATIONSECRETGUID ?= e6f5a162-d67f-4750-a67c-5d065f2a9910
|
||||
DEFGUESTPREATTESTATIONSECRETTYPE ?= bundle
|
||||
DEFSEVCERTCHAIN ?= /opt/sev/cert_chain.cert
|
||||
DEFSEVGUESTPOLICY ?= 0
|
||||
|
||||
SED = sed
|
||||
|
||||
@@ -280,6 +293,18 @@ ifneq (,$(QEMUCMD))
|
||||
|
||||
CONFIGS += $(CONFIG_QEMU_TDX)
|
||||
|
||||
CONFIG_FILE_QEMU_SEV = configuration-qemu-sev.toml
|
||||
CONFIG_QEMU_SEV = config/$(CONFIG_FILE_QEMU_SEV)
|
||||
CONFIG_QEMU_SEV_IN = $(CONFIG_QEMU_SEV).in
|
||||
|
||||
CONFIG_PATH_QEMU_SEV = $(abspath $(CONFDIR)/$(CONFIG_FILE_QEMU_SEV))
|
||||
CONFIG_PATHS += $(CONFIG_PATH_QEMU_SEV)
|
||||
|
||||
SYSCONFIG_QEMU_SEV = $(abspath $(SYSCONFDIR)/$(CONFIG_FILE_QEMU_SEV))
|
||||
SYSCONFIG_PATHS += $(SYSCONFIG_QEMU_SEV)
|
||||
|
||||
CONFIGS += $(CONFIG_QEMU_SEV)
|
||||
|
||||
# qemu-specific options (all should be suffixed by "_QEMU")
|
||||
DEFBLOCKSTORAGEDRIVER_QEMU := virtio-scsi
|
||||
DEFNETWORKMODEL_QEMU := tcfilter
|
||||
@@ -290,6 +315,10 @@ ifneq (,$(QEMUCMD))
|
||||
KERNELTDXTYPE = compressed
|
||||
KERNELTDXNAME = $(call MAKE_KERNEL_TDX_NAME,$(KERNELTDXTYPE))
|
||||
KERNELTDXPATH = $(KERNELDIR)/$(KERNELTDXNAME)
|
||||
|
||||
KERNELSEVTYPE = compressed
|
||||
KERNELSEVNAME = $(call MAKE_KERNEL_SEV_NAME,$(KERNELSEVTYPE))
|
||||
KERNELSEVPATH = $(KERNELDIR)/$(KERNELSEVNAME)
|
||||
endif
|
||||
|
||||
ifneq (,$(CLHCMD))
|
||||
@@ -449,6 +478,7 @@ USER_VARS += FCVALIDJAILERPATHS
|
||||
USER_VARS += SYSCONFIG
|
||||
USER_VARS += IMAGENAME
|
||||
USER_VARS += IMAGEPATH
|
||||
USER_VARS += INITRDPATH
|
||||
USER_VARS += MACHINETYPE
|
||||
USER_VARS += KERNELDIR
|
||||
USER_VARS += KERNELTYPE
|
||||
@@ -458,6 +488,7 @@ USER_VARS += KERNELTYPE_CLH
|
||||
USER_VARS += KERNELPATH_ACRN
|
||||
USER_VARS += KERNELPATH
|
||||
USER_VARS += KERNELTDXPATH
|
||||
USER_VARS += KERNELSEVPATH
|
||||
USER_VARS += KERNELPATH_CLH
|
||||
USER_VARS += KERNELTDXPATH_CLH
|
||||
USER_VARS += KERNELPATH_FC
|
||||
@@ -467,12 +498,14 @@ USER_VARS += FIRMWAREVOLUMEPATH
|
||||
USER_VARS += TDSHIMFIRMWAREPATH
|
||||
USER_VARS += TDVFFIRMWAREPATH
|
||||
USER_VARS += TDVFFIRMWAREVOLUMEPATH
|
||||
USER_VARS += SEVFIRMWAREPATH
|
||||
USER_VARS += MACHINEACCELERATORS
|
||||
USER_VARS += CPUFEATURES
|
||||
USER_VARS += TDXCPUFEATURES
|
||||
USER_VARS += DEFMACHINETYPE_CLH
|
||||
USER_VARS += KERNELPARAMS
|
||||
USER_VARS += TDXKERNELPARAMS
|
||||
USER_VARS += SEVKERNELPARAMS
|
||||
USER_VARS += LIBEXECDIR
|
||||
USER_VARS += LOCALSTATEDIR
|
||||
USER_VARS += PKGDATADIR
|
||||
@@ -541,9 +574,13 @@ USER_VARS += DEFBINDMOUNTS
|
||||
USER_VARS += DEFVFIOMODE
|
||||
USER_VARS += BUILDFLAGS
|
||||
USER_VARS += DEFSERVICEOFFLOAD
|
||||
USER_VARS += DEFGUESTPREATTESTATION
|
||||
USER_VARS += DEFGUESTPREATTESTATIONPROXY
|
||||
USER_VARS += DEFGUESTPREATTESTATIONKEYSET
|
||||
USER_VARS += DEFGUESTPREATTESTATIONSECRETGUID
|
||||
USER_VARS += DEFGUESTPREATTESTATIONSECRETTYPE
|
||||
USER_VARS += DEFSEVCERTCHAIN
|
||||
USER_VARS += DEFSEVGUESTPOLICY
|
||||
|
||||
|
||||
V = @
|
||||
@@ -626,6 +663,10 @@ define MAKE_KERNEL_TDX_NAME
|
||||
$(if $(findstring uncompressed,$1),vmlinux-tdx.container,vmlinuz-tdx.container)
|
||||
endef
|
||||
|
||||
define MAKE_KERNEL_SEV_NAME
|
||||
$(if $(findstring uncompressed,$1),vmlinux-sev.container,vmlinuz-sev.container)
|
||||
endef
|
||||
|
||||
define MAKE_KERNEL_VIRTIOFS_NAME
|
||||
$(if $(findstring uncompressed,$1),vmlinux-virtiofs.container,vmlinuz-virtiofs.container)
|
||||
endef
|
||||
|
||||
Reference in New Issue
Block a user