Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podvm-mkosi: Add option in mkosi build for AA_KBC #1576

Merged
merged 1 commit into from
Nov 15, 2023
Merged

podvm-mkosi: Add option in mkosi build for AA_KBC #1576

merged 1 commit into from
Nov 15, 2023

Conversation

mkulke
Copy link
Contributor

@mkulke mkulke commented Nov 13, 2023

Without providing this option the image will not contain an attestation-agent with cc_kbc support.

@mkulke
podvm-mkosi: Add option in mkosi build for AA_KBC
4a221e0 
Without providing this option the image will not contain an
attestation-agent with cc_kbc support.

Signed-off-by: Magnus Kulke <magnuskulke@microsoft.com>
@mkulke mkulke added the podvm Related to podvm images label Nov 13, 2023
@katexochen
Copy link
Contributor 

489.2 error: failed to run custom build command for `tdx-attest-sys v0.1.0 (https://github.com/intel/SGXDataCenterAttestationPrimitives?tag=DCAP_1.16#71557c7d)`
489.2
489.2 Caused by:
489.2   process didn't exit successfully: `/guest-components/target/release/build/tdx-attest-sys-5af8ca8a89d377d8/build-script-build` (exit status: 101)
489.2   --- stdout
489.2   cargo:rustc-link-lib=tdx_attest
489.2   cargo:rerun-if-changed=bindings.h
489.2
489.2   --- stderr
489.2   bindings.h:32:10: fatal error: 'tdx_attest.h' file not found

I think we need to install additional packages in the builder for this to work?

@mkulke mkulke force-pushed the mkulke/aa-kbc-param-in-mkosi-bins branch from 66d569a to 77ed47f Compare November 14, 2023 13:20
@mkulke
Copy link
Contributor Author

mkulke commented Nov 14, 2023 

489.2 error: failed to run custom build command for `tdx-attest-sys v0.1.0 (https://github.com/intel/SGXDataCenterAttestationPrimitives?tag=DCAP_1.16#71557c7d)`
489.2
489.2 Caused by:
489.2   process didn't exit successfully: `/guest-components/target/release/build/tdx-attest-sys-5af8ca8a89d377d8/build-script-build` (exit status: 101)
489.2   --- stdout
489.2   cargo:rustc-link-lib=tdx_attest
489.2   cargo:rerun-if-changed=bindings.h
489.2
489.2   --- stderr
489.2   bindings.h:32:10: fatal error: 'tdx_attest.h' file not found

I think we need to install additional packages in the builder for this to work?

hmm, we shouldn't need this if we pick the attesters individually. let me add a gh action workflow to check

@katexochen
Copy link
Contributor

hmm, we shouldn't need this if we pick the attesters individually. let me add a gh action workflow to check

This is with AA_KBC=cc_kbc_all_attesters

@mkulke
Copy link
Contributor Author

mkulke commented Nov 14, 2023

hmm, we shouldn't need this if we pick the attesters individually. let me add a gh action workflow to check

This is with AA_KBC=cc_kbc_all_attesters

Ah, yes. this won't work atm. Do we have a podvm configuration that would work with a TDX attester? (the upcoming Azure impl will most likely not depend on the tdx attester libs) If not, we can maybe avoid dealing with that dependency for the time being and address it once the use case comes up.

I just checked building w/ cc_kbc_az_snp_vtpm and that seems to work.

@mkulke mkulke force-pushed the mkulke/aa-kbc-param-in-mkosi-bins branch from 77ed47f to 4a221e0 Compare November 14, 2023 13:53
bpradipt
bpradipt approved these changes Nov 15, 2023
View reviewed changes
Copy link
Member

@bpradipt bpradipt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@mkulke mkulke merged commit 67f6b89 into confidential-containers:main Nov 15, 2023
42 checks passed
@mkulke mkulke deleted the mkulke/aa-kbc-param-in-mkosi-bins branch November 15, 2023 15:50
@wobito wobito mentioned this pull request May 17, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bpradipt bpradipt bpradipt approved these changes

@katexochen katexochen katexochen approved these changes

@iaguis iaguis Awaiting requested review from iaguis

@surajssd surajssd Awaiting requested review from surajssd

@kartikjoshi21 kartikjoshi21 Awaiting requested review from kartikjoshi21

Assignees
No one assigned
Labels
podvm Related to podvm images
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mkulke @katexochen @bpradipt