Merge pull request #24 from dongx1x/build-version

tools: update build script and add version for ubuntu kernel
cc-api · Mar 28, 2024 · 8fcb3ad · 8fcb3ad
2 parents c15dcff + 5c359b3
commit 8fcb3ad
Show file tree

Hide file tree

Showing 20 changed files with 44 additions and 20 deletions.
diff --git a/tools/build/README.md b/tools/build/README.md
@@ -9,7 +9,7 @@ is available on Ubuntu 23.10, and [this Github repository](https://github.com/ca
 provides guidance and straightforward instructions on how to get started.
 Please follow the instructions to create a guest image and set up the TDX environment.
 
-Some additional patches are provided in [kernel](kernel/) directory for CCNP container measurement,
+Some additional patches are provided in [kernel/patches](kernel/patches) directory for CCNP container measurement,
 here is the information about the patches:
 
 | Patch Number | Comments |
@@ -23,4 +23,20 @@ Install the build dependencies and build the packages
 
 ```Shell
 sudo ./build.sh
-```
+```
+
+*Note: this build script is based on Ubuntu 23.10 TDX early preview kernel, please make sure this kernel has been installed.*
+
+## Install
+
+All the packages are built in `output` directory, please follow [cvm-image-rewriter plugin](../cvm-image-rewriter/plugins/06-install-tdx-guest-kernel/README.md) or install them by `apt`/`dpkg`
+
+```Shell
+sudo apt install -y ./output/*.deb
+```
+
+or
+
+```Shell
+sudo dpkg -i ./output/*.deb
+```
diff --git a/tools/build/build.sh b/tools/build/build.sh
@@ -2,26 +2,15 @@
 
 set -e
 
+BASE_KERNEL_VERSION="6.5.0-1003-intel-opt"
+
 CUR_DIR=$(dirname "$(readlink -f "$0")")
-KERNEL_PATCHES_DIR=${CUR_DIR}/kernel
+KERNEL_DIR=${CUR_DIR}/kernel
 TMP_DIR=$(mktemp -d /tmp/ccnp_build.XXXXXX)
 OUT_DIR=${CUR_DIR}/output
 
-KERNEL_CONFIG_ANNOTATIONS=$(cat << EOF
-
-CONFIG_TSM_REPORTS                              policy<{'amd64': 'm'}>
-CONFIG_TSM_REPORTS                              note<'Required for ConfigFS TSM support'>
-
-CONFIG_IMA_CGPATH_TEMPLATE                      policy<{'amd64': 'n'}>
-CONFIG_IMA_CGPATH_TEMPLATE                      note<'CGPATH for CCNP container measurement'>
-
-CONFIG_IMA_DEP_CGN_TEMPLATE                     policy<{'amd64': 'n'}>
-CONFIG_IMA_DEP_CGN_TEMPLATE                     note<'CGN for CCNP container measurement'>
-EOF
-)
-
 patch_kernel() {
-    for p in "${KERNEL_PATCHES_DIR}"/*
+    for p in "${KERNEL_DIR}"/patches/*
     do
         patch -p1 -F1 -s < "${p}"
     done
@@ -32,18 +21,20 @@ build_ubuntu_kernel() {
     add-apt-repository -s -y ppa:kobuk-team/tdx-release
     # Install the build dependencies
     DEBIAN_FRONTEND=noninteractive apt update && apt install -y devscripts && \
-    apt build-dep -y linux-image-unsigned-"$(uname -r)"
+    apt build-dep -y linux-image-unsigned-"${BASE_KERNEL_VERSION}"
     # Download the source codes
-    apt source linux-image-unsigned-"$(uname -r)"
+    apt source linux-image-unsigned-"${BASE_KERNEL_VERSION}"
     # A workaround to fix build issue of DKMS
     mv /lib/modules/"$(uname -r)"/modules.dep /lib/modules/"$(uname -r)"/modules.dep.bk
     touch /lib/modules/"$(uname -r)"/modules.dep
 
     pushd linux-*/
     patch_kernel
     # Add new configs in the patch
-    echo "${KERNEL_CONFIG_ANNOTATIONS}" | sed -i "/CONFIG_TDX_GUEST_DRIVER *note.*/ r /dev/stdin" \
+    sed -i "/CONFIG_TDX_GUEST_DRIVER *note.*/ r ${KERNEL_DIR}/ubuntu/annotations" \
         debian.intel-opt/config/annotations
+    # Change kernel version in changelog
+    sed -i "0 r ${KERNEL_DIR}/ubuntu/changelog" debian/changelog debian.intel-opt/changelog
 
     debuild -uc -us -b
     popd

diff --git a/...oot-aggregate-and-runtime-measureme.patch → ...oot-aggregate-and-runtime-measureme.patch b/...oot-aggregate-and-runtime-measureme.patch → ...oot-aggregate-and-runtime-measureme.patch
diff --git a/...ialize-fake-TPM-device-for-TDX-RTMR.patch → ...ialize-fake-TPM-device-for-TDX-RTMR.patch b/...ialize-fake-TPM-device-for-TDX-RTMR.patch → ...ialize-fake-TPM-device-for-TDX-RTMR.patch
diff --git a/...ve-comparison-on-RTMR-2-measurement.patch → ...ve-comparison-on-RTMR-2-measurement.patch b/...ve-comparison-on-RTMR-2-measurement.patch → ...ve-comparison-on-RTMR-2-measurement.patch
diff --git a/...0004-fix-fix-sha-index-issue-in-IMA.patch → ...0004-fix-fix-sha-index-issue-in-IMA.patch b/...0004-fix-fix-sha-index-issue-in-IMA.patch → ...0004-fix-fix-sha-index-issue-in-IMA.patch
diff --git a/...sh-algorithm-for-measurement-in-ker.patch → ...sh-algorithm-for-measurement-in-ker.patch b/...sh-algorithm-for-measurement-in-ker.patch → ...sh-algorithm-for-measurement-in-ker.patch
diff --git a/...nd-TDX-RTMR-interface-for-kernel-IM.patch → ...nd-TDX-RTMR-interface-for-kernel-IM.patch b/...nd-TDX-RTMR-interface-for-kernel-IM.patch → ...nd-TDX-RTMR-interface-for-kernel-IM.patch
diff --git a/...ernel/0007-fix-fix-compile-warnings.patch → ...tches/0007-fix-fix-compile-warnings.patch b/...ernel/0007-fix-fix-compile-warnings.patch → ...tches/0007-fix-fix-compile-warnings.patch
diff --git a/...ma-template-ima-dep-cgn-for-OCI-con.patch → ...ma-template-ima-dep-cgn-for-OCI-con.patch b/...ma-template-ima-dep-cgn-for-OCI-con.patch → ...ma-template-ima-dep-cgn-for-OCI-con.patch
diff --git a/...ma-template-ima-cgpath-for-Kubernat.patch → ...ma-template-ima-cgpath-for-Kubernat.patch b/...ma-template-ima-cgpath-for-Kubernat.patch → ...ma-template-ima-cgpath-for-Kubernat.patch
diff --git a/...-passing-a-stack-buffer-as-a-scatte.patch → ...-passing-a-stack-buffer-as-a-scatte.patch b/...-passing-a-stack-buffer-as-a-scatte.patch → ...-passing-a-stack-buffer-as-a-scatte.patch
diff --git a/...dd-a-coco-Makefile-and-coco-Kconfig.patch → ...dd-a-coco-Makefile-and-coco-Kconfig.patch b/...dd-a-coco-Makefile-and-coco-Kconfig.patch → ...dd-a-coco-Makefile-and-coco-Kconfig.patch
diff --git a/...oduce-a-shared-ABI-for-attestation-.patch → ...oduce-a-shared-ABI-for-attestation-.patch b/...oduce-a-shared-ABI-for-attestation-.patch → ...oduce-a-shared-ABI-for-attestation-.patch
diff --git a/...p-for-kernel-internal-get_ext_repor.patch → ...p-for-kernel-internal-get_ext_repor.patch b/...p-for-kernel-internal-get_ext_repor.patch → ...p-for-kernel-internal-get_ext_repor.patch
diff --git a/...-slab-Add-__free-support-for-kvfree.patch → ...-slab-Add-__free-support-for-kvfree.patch b/...-slab-Add-__free-support-for-kvfree.patch → ...-slab-Add-__free-support-for-kvfree.patch
diff --git a/...-TSM_REPORTS-support-for-SNP_GET_EX.patch → ...-TSM_REPORTS-support-for-SNP_GET_EX.patch b/...-TSM_REPORTS-support-for-SNP_GET_EX.patch → ...-TSM_REPORTS-support-for-SNP_GET_EX.patch
diff --git a/...d-Quote-generation-support-using-TS.patch → ...d-Quote-generation-support-using-TS.patch b/...d-Quote-generation-support-using-TS.patch → ...d-Quote-generation-support-using-TS.patch
diff --git a/tools/build/kernel/ubuntu/annotations b/tools/build/kernel/ubuntu/annotations
@@ -0,0 +1,9 @@
+
+CONFIG_TSM_REPORTS                              policy<{'amd64': 'm'}>
+CONFIG_TSM_REPORTS                              note<'Required for ConfigFS TSM support'>
+
+CONFIG_IMA_CGPATH_TEMPLATE                      policy<{'amd64': 'n'}>
+CONFIG_IMA_CGPATH_TEMPLATE                      note<'CGPATH for CCNP container measurement'>
+
+CONFIG_IMA_DEP_CGN_TEMPLATE                     policy<{'amd64': 'n'}>
+CONFIG_IMA_DEP_CGN_TEMPLATE                     note<'CGN for CCNP container measurement'>
diff --git a/tools/build/kernel/ubuntu/changelog b/tools/build/kernel/ubuntu/changelog
@@ -0,0 +1,8 @@
+linux-intel-opt (6.5.0-1003.3.ccnp.1) mantic; urgency=medium
+
+  * [CCNP] Add CCNP kernel patches
+
+    - [Config] intel-opt: Enable IMA CGPath options
+    - [Config] intel-opt: Enable ConfigFS TSM options
+
+ -- Xiaocheng Dong <[email protected]>  Thu, 26 Mar 2024 15:26:10 +0800