2022-10-19 07:10:15 -04:00
|
|
|
#!/usr/bin/env bash
|
2022-10-11 05:34:57 -04:00
|
|
|
# Copyright (c) Edgeless Systems GmbH
|
|
|
|
#
|
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2022-10-19 07:10:15 -04:00
|
|
|
set -euo pipefail
|
2022-11-10 04:28:35 -05:00
|
|
|
shopt -s inherit_errexit
|
2022-10-19 07:10:15 -04:00
|
|
|
|
2023-02-27 12:19:52 -05:00
|
|
|
if [[ -f ${CONFIG_FILE-} ]]; then
|
2022-11-10 08:17:04 -05:00
|
|
|
# shellcheck source=/dev/null
|
|
|
|
. "${CONFIG_FILE}"
|
2022-10-19 07:10:15 -04:00
|
|
|
fi
|
|
|
|
|
|
|
|
PK_FILE=${PKI}/PK.cer
|
|
|
|
KEK_FILES=${PKI}/KEK.cer,${PKI}/MicCorKEKCA2011_2011-06-24.crt
|
|
|
|
DB_FILES=${PKI}/db.cer,${PKI}/MicWinProPCA2011_2011-10-19.crt,${PKI}/MicCorUEFCA2011_2011-06-27.crt
|
|
|
|
|
|
|
|
gsutil mb -l "${GCP_REGION}" "gs://${GCP_BUCKET}" || true
|
|
|
|
gsutil pap set enforced "gs://${GCP_BUCKET}" || true
|
|
|
|
gsutil cp "${GCP_IMAGE_PATH}" "gs://${GCP_BUCKET}/${GCP_IMAGE_FILENAME}"
|
|
|
|
gcloud compute images create "${GCP_IMAGE_NAME}" \
|
2022-11-10 08:17:04 -05:00
|
|
|
"--family=${GCP_IMAGE_FAMILY}" \
|
|
|
|
"--source-uri=gs://${GCP_BUCKET}/${GCP_IMAGE_FILENAME}" \
|
|
|
|
"--guest-os-features=GVNIC,SEV_CAPABLE,VIRTIO_SCSI_MULTIQUEUE,UEFI_COMPATIBLE" \
|
|
|
|
"--platform-key-file=${PK_FILE}" \
|
|
|
|
"--key-exchange-key-file=${KEK_FILES}" \
|
|
|
|
"--signature-database-file=${DB_FILES}" \
|
|
|
|
"--project=${GCP_PROJECT}"
|
2022-10-19 07:10:15 -04:00
|
|
|
gcloud compute images add-iam-policy-binding "${GCP_IMAGE_NAME}" \
|
2022-11-10 08:17:04 -05:00
|
|
|
"--project=${GCP_PROJECT}" \
|
|
|
|
--member='allAuthenticatedUsers' \
|
|
|
|
--role='roles/compute.imageUser'
|
2022-10-19 07:10:15 -04:00
|
|
|
gsutil rm "gs://${GCP_BUCKET}/${GCP_IMAGE_FILENAME}"
|
2022-11-16 09:45:10 -05:00
|
|
|
|
|
|
|
image_reference=$(gcloud compute images describe "${GCP_IMAGE_NAME}" \
|
|
|
|
--project "${GCP_PROJECT}" \
|
|
|
|
'--format=value(selfLink.scope(v1))')
|
|
|
|
json=$(jq -ncS \
|
|
|
|
--arg image_reference "${image_reference}" \
|
|
|
|
'{"gcp": {"sev-es": $image_reference}}')
|
|
|
|
echo -n "${json}" > "${GCP_JSON_OUTPUT}"
|