mirror of
https://github.com/aljazceru/kata-containers.git
synced 2025-12-31 13:04:23 +01:00
e1f075dc60
The ability to do a measured boot has been overlooked when releasing the payload consumed by the Confidential Containers project, and this happened as we depend, at the shim-v2 build time, of a `root_hash_*.txt` generated in the `tools/osbuilder/` directory, which is then used to add a specific parameter to the `kernel_params` in the Kata Containers configuration files. With everything said above, the best way we can ensure this is done is by saving those files during the rootfs build, download them during the shim-v2 build (which *must* happen only after the rootfs builds happen), and correctly use them there. Fixes: #5847 Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>