image: set attestation variant explicitly

2025-01-23 13:51:06 -05:00 · 2023-05-22 11:17:24 +02:00 · 2023-05-22 11:17:24 +02:00 · 2ebc0cf2c8
commit 2ebc0cf2c8
parent 9a1ee8697e
6 changed files with 16 additions and 21 deletions
--- a/image/Makefile
+++ b/image/Makefile
@ -19,6 +19,7 @@ export INSTALL_DEBUGD            ?= $(DEBUG)
 export CONSOLE_MOTD = $(AUTOLOGIN)
 -include $(CURDIR)/config.mk
 csps := aws azure gcp openstack qemu
 variants := aws_aws-nitro-tpm azure_azure-sev-snp gcp_gcp-sev-es gcp_gcp-sev-snp openstack_qemu-vtpm qemu_qemu-vtpm
 certs := $(PKI)/PK.cer $(PKI)/KEK.cer $(PKI)/db.cer
 SYSTEMD_FIXED_RPMS := systemd-251.11-2.fc37.x86_64.rpm systemd-libs-251.11-2.fc37.x86_64.rpm systemd-networkd-251.11-2.fc37.x86_64.rpm systemd-pam-251.11-2.fc37.x86_64.rpm systemd-resolved-251.11-2.fc37.x86_64.rpm systemd-udev-251.11-2.fc37.x86_64.rpm
@ -28,13 +29,19 @@ PREBUILD_RPMS_SYSTEMD := $(addprefix prebuilt/rpms/systemd/,$(SYSTEMD_FIXED_RPMS
 PREBUILT_RPMS_AZURE := $(addprefix prebuilt/rpms/azure/,$(AZURE_FIXED_KERNEL_RPMS))
 PREBUILT_RPMS_GCP := $(addprefix prebuilt/rpms/gcp/,$(GCP_FIXED_KERNEL_RPMS))
-.PHONY: all clean inject-bins $(csps)
+.PHONY: all clean inject-bins $(csps) $(variants)
 .NOTPARALLEL: mkosi.output.%/fedora~37/image.raw clean-%
 all: $(csps)
-$(csps): %: mkosi.output.%/fedora~37/image.raw
+aws: aws_aws-nitro-tpm
 azure: azure_azure-sev-snp
 gcp: gcp_gcp-sev-es gcp_gcp-sev-snp
 openstack: openstack_qemu-vtpm
 qemu: qemu_qemu-vtpm
 $(variants): %: mkosi.output.%/fedora~37/image.raw
 prebuilt/rpms/systemd/%.rpm:
 	@echo "Downloading $*"
@ -57,13 +64,18 @@ prebuilt/rpms/azure/%.rpm:
 mkosi.output.%/fedora~37/image.raw: inject-bins inject-certs
 	rm -rf .csp/
 	mkdir -p .csp/
-	touch .csp/$*
+	$(eval csp := $(firstword $(subst _, ,$*)))
 	$(eval attestation_variant := $(lastword $(subst _, ,$*)))
 	touch .csp/$(csp)
 	mkosi \
 		--image-version=$(IMAGE_VERSION) \
 		$(AUTOLOGIN_ARGS) \
 		--environment=INSTALL_DEBUGD \
 		--environment=CONSOLE_MOTD \
 		--kernel-command-line="$(KERNEL_DEBUG_CMDLNE)" \
 		--kernel-command-line="constel.attestation-variant=$(attestation_variant)" \
 		--kernel-command-line="constel.csp=$(csp)" \
 		--output-dir=mkosi.output.$* \
 		$(SEARCH_PATHS_PARAM) \
 		build
 	secure-boot/signed-shim.sh $@
--- a/image/mkosi.conf.d/mkosi.aws.conf
+++ b/image/mkosi.conf.d/mkosi.aws.conf
@ -1,10 +1,6 @@
 [Match]
 PathExists=../.csp/aws
 [Output]
 KernelCommandLine=constel.csp=aws constel.attestation-variant=aws-nitro-tpm
 OutputDirectory=mkosi.output.aws
 [Content]
 Packages=kernel
         kernel-core
--- a/image/mkosi.conf.d/mkosi.azure.conf
+++ b/image/mkosi.conf.d/mkosi.azure.conf
@ -1,10 +1,6 @@
 [Match]
 PathExists=../.csp/azure
 [Output]
 KernelCommandLine=constel.csp=azure constel.attestation-variant=azure-sev-snp
 OutputDirectory=mkosi.output.azure
 # replace kernel
 [Content]
 Packages=prebuilt/rpms/azure/kernel-6.1.18-200.fc37.x86_64.rpm
--- a/image/mkosi.conf.d/mkosi.gcp.conf
+++ b/image/mkosi.conf.d/mkosi.gcp.conf
@ -1,10 +1,6 @@
 [Match]
 PathExists=../.csp/gcp
 [Output]
 KernelCommandLine=constel.csp=gcp constel.attestation-variant=gcp-sev-es
 OutputDirectory=mkosi.output.gcp
 # replace kernel
 [Content]
 Packages=prebuilt/rpms/gcp/kernel-6.1.18-200.fc37.x86_64.rpm
--- a/image/mkosi.conf.d/mkosi.openstack.conf
+++ b/image/mkosi.conf.d/mkosi.openstack.conf
@ -2,8 +2,7 @@
 PathExists=../.csp/openstack
 [Output]
-KernelCommandLine=constel.csp=openstack constel.attestation-variant=qemu-vtpm mem_encrypt=on kvm_amd.sev=1 module_blacklist=qemu_fw_cfg console=tty0 console=ttyS0
+KernelCommandLine=mem_encrypt=on kvm_amd.sev=1 module_blacklist=qemu_fw_cfg console=tty0 console=ttyS0
 OutputDirectory=mkosi.output.openstack
 [Content]
 Autologin=yes
--- a/image/mkosi.conf.d/mkosi.qemu.conf
+++ b/image/mkosi.conf.d/mkosi.qemu.conf
@ -1,10 +1,6 @@
 [Match]
 PathExists=../.csp/qemu
 [Output]
 KernelCommandLine=constel.csp=qemu constel.attestation-variant=qemu-vtpm
 OutputDirectory=mkosi.output.qemu
 [Content]
 Autologin=yes
 Environment=CONSOLE_MOTD=true