Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

image: set attestation variant explicitly

Browse Source
This commit is contained in:
Malte Poll 2023-05-22 11:17:24 +02:00 committed by Malte Poll
parent 9a1ee8697e
commit 2ebc0cf2c8
6 changed files with 16 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
image/Makefile
View File

@ -19,6 +19,7 @@ export INSTALL_DEBUGD ?= $(DEBUG)
export CONSOLE_MOTD = $(AUTOLOGIN)
-include $(CURDIR)/config.mk
csps := aws azure gcp openstack qemu
variants := aws_aws-nitro-tpm azure_azure-sev-snp gcp_gcp-sev-es gcp_gcp-sev-snp openstack_qemu-vtpm qemu_qemu-vtpm
certs := $(PKI)/PK.cer $(PKI)/KEK.cer $(PKI)/db.cer
SYSTEMD_FIXED_RPMS := systemd-251.11-2.fc37.x86_64.rpm systemd-libs-251.11-2.fc37.x86_64.rpm systemd-networkd-251.11-2.fc37.x86_64.rpm systemd-pam-251.11-2.fc37.x86_64.rpm systemd-resolved-251.11-2.fc37.x86_64.rpm systemd-udev-251.11-2.fc37.x86_64.rpm
@ -28,13 +29,19 @@ PREBUILD_RPMS_SYSTEMD := $(addprefix prebuilt/rpms/systemd/,$(SYSTEMD_FIXED_RPMS
PREBUILT_RPMS_AZURE := $(addprefix prebuilt/rpms/azure/,$(AZURE_FIXED_KERNEL_RPMS))
PREBUILT_RPMS_GCP := $(addprefix prebuilt/rpms/gcp/,$(GCP_FIXED_KERNEL_RPMS))
.PHONY: all clean inject-bins $(csps)
.PHONY: all clean inject-bins $(csps) $(variants)
.NOTPARALLEL: mkosi.output.%/fedora~37/image.raw clean-%
all: $(csps)
$(csps): %: mkosi.output.%/fedora~37/image.raw
aws: aws_aws-nitro-tpm
azure: azure_azure-sev-snp
gcp: gcp_gcp-sev-es gcp_gcp-sev-snp
openstack: openstack_qemu-vtpm
qemu: qemu_qemu-vtpm
$(variants): %: mkosi.output.%/fedora~37/image.raw
prebuilt/rpms/systemd/%.rpm:
@echo "Downloading $*"
@ -57,13 +64,18 @@ prebuilt/rpms/azure/%.rpm:
mkosi.output.%/fedora~37/image.raw: inject-bins inject-certs
rm -rf .csp/
mkdir -p .csp/
touch .csp/$*
$(eval csp := $(firstword $(subst _, ,$*)))
$(eval attestation_variant := $(lastword $(subst _, ,$*)))
touch .csp/$(csp)
mkosi \
--image-version=$(IMAGE_VERSION) \
$(AUTOLOGIN_ARGS) \
--environment=INSTALL_DEBUGD \
--environment=CONSOLE_MOTD \
--kernel-command-line="$(KERNEL_DEBUG_CMDLNE)" \
--kernel-command-line="constel.attestation-variant=$(attestation_variant)" \
--kernel-command-line="constel.csp=$(csp)" \
--output-dir=mkosi.output.$* \
$(SEARCH_PATHS_PARAM) \
build
secure-boot/signed-shim.sh $@

4
image/mkosi.conf.d/mkosi.aws.conf
View File

@ -1,10 +1,6 @@
[Match]
PathExists=../.csp/aws
[Output]
KernelCommandLine=constel.csp=aws constel.attestation-variant=aws-nitro-tpm
OutputDirectory=mkosi.output.aws
[Content]
Packages=kernel
kernel-core

4
image/mkosi.conf.d/mkosi.azure.conf
View File

@ -1,10 +1,6 @@
[Match]
PathExists=../.csp/azure
[Output]
KernelCommandLine=constel.csp=azure constel.attestation-variant=azure-sev-snp
OutputDirectory=mkosi.output.azure
# replace kernel
[Content]
Packages=prebuilt/rpms/azure/kernel-6.1.18-200.fc37.x86_64.rpm

4
image/mkosi.conf.d/mkosi.gcp.conf
View File

@ -1,10 +1,6 @@
[Match]
PathExists=../.csp/gcp
[Output]
KernelCommandLine=constel.csp=gcp constel.attestation-variant=gcp-sev-es
OutputDirectory=mkosi.output.gcp
# replace kernel
[Content]
Packages=prebuilt/rpms/gcp/kernel-6.1.18-200.fc37.x86_64.rpm

3
image/mkosi.conf.d/mkosi.openstack.conf
View File

@ -2,8 +2,7 @@
PathExists=../.csp/openstack
[Output]
KernelCommandLine=constel.csp=openstack constel.attestation-variant=qemu-vtpm mem_encrypt=on kvm_amd.sev=1 module_blacklist=qemu_fw_cfg console=tty0 console=ttyS0
OutputDirectory=mkosi.output.openstack
KernelCommandLine=mem_encrypt=on kvm_amd.sev=1 module_blacklist=qemu_fw_cfg console=tty0 console=ttyS0
[Content]
Autologin=yes

4
image/mkosi.conf.d/mkosi.qemu.conf
View File

@ -1,10 +1,6 @@
[Match]
PathExists=../.csp/qemu
[Output]
KernelCommandLine=constel.csp=qemu constel.attestation-variant=qemu-vtpm
OutputDirectory=mkosi.output.qemu
[Content]
Autologin=yes
Environment=CONSOLE_MOTD=true