From 6d8aa693586e41cfbc5b27d04309963a9dc117ba Mon Sep 17 00:00:00 2001
From: Andrew Battat <andrew.battat@dfinity.org>
Date: Thu, 5 Feb 2026 03:06:17 +0000
Subject: [PATCH 1/2] Update dev launch measurement calculation

---
 ic-os/defs.bzl | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ic-os/defs.bzl b/ic-os/defs.bzl
index a7fe8099e89f..2fad2c5b54de 100644
--- a/ic-os/defs.bzl
+++ b/ic-os/defs.bzl
@@ -262,6 +262,10 @@ def icos_build(
             )
 
         if image_deps.get("generate_launch_measurements", False):
+            # The vCPU count in the launch measurement must match the GuestOS VM configuration:
+            # - Dev deployments use 16 vCPUs (per deployment.json.template dev_vm_resources.nr_of_vcpus)
+            # - Prod deployments use 64 vCPUs (per mainnet node configuration)
+            vcpus = "16" if "dev" in mode else "64"
             native.genrule(
                 name = "generate-" + launch_measurements,
                 outs = [launch_measurements],
@@ -273,7 +277,7 @@ def icos_build(
                     source $(execpath """ + boot_args + """)
                     # Create GuestLaunchMeasurements JSON
                     (for cmdline in "$$BOOT_ARGS_A" "$$BOOT_ARGS_B"; do
-                        hex=$$($(execpath //ic-os:sev-snp-measure) --mode snp --vcpus 64 --ovmf "$(execpath //ic-os/components/ovmf:ovmf_sev)" --vcpu-type=EPYC-v4 --append "$$cmdline" --initrd "$(location extracted_initrd.img)" --kernel "$(location extracted_vmlinuz)")
+                        hex=$$($(execpath //ic-os:sev-snp-measure) --mode snp --vcpus """ + vcpus + """ --ovmf "$(execpath //ic-os/components/ovmf:ovmf_sev)" --vcpu-type=EPYC-v4 --append "$$cmdline" --initrd "$(location extracted_initrd.img)" --kernel "$(location extracted_vmlinuz)")
                         # Convert hex string to decimal list, e.g. "abcd" ->  171\\n205
                         measurement=$$(echo -n "$$hex" | fold -w2 | sed "s/^/0x/" | xargs printf "%d\n")
                         jq -na --arg cmd "$$cmdline" --arg m "$$measurement" '{

From 8a07e913941412b89a35064e3bfc57d4cc2083d3 Mon Sep 17 00:00:00 2001
From: Andrew Battat <andrew.battat@dfinity.org>
Date: Thu, 5 Feb 2026 15:59:55 +0000
Subject: [PATCH 2/2] Support multiple vcpu measurements

---
 ic-os/defs.bzl | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

diff --git a/ic-os/defs.bzl b/ic-os/defs.bzl
index 2fad2c5b54de..263365bc5a71 100644
--- a/ic-os/defs.bzl
+++ b/ic-os/defs.bzl
@@ -262,10 +262,13 @@ def icos_build(
             )
 
         if image_deps.get("generate_launch_measurements", False):
-            # The vCPU count in the launch measurement must match the GuestOS VM configuration:
-            # - Dev deployments use 16 vCPUs (per deployment.json.template dev_vm_resources.nr_of_vcpus)
-            # - Prod deployments use 64 vCPUs (per mainnet node configuration)
-            vcpus = "16" if "dev" in mode else "64"
+            # The vCPU count in the launch measurement must match the GuestOS VM configuration.
+            #
+            # For dev images, we generate measurements for multiple vCPU configurations to support
+            # different common deployment scenarios:
+            # - 16 vCPUs: local dev testing (per deployment.json.template dev_vm_resources.nr_of_vcpus)
+            # - 64 vCPUs: production-like environments
+            vcpu_configs = "16 64" if "dev" in mode else "64"
             native.genrule(
                 name = "generate-" + launch_measurements,
                 outs = [launch_measurements],
@@ -276,14 +279,16 @@ def icos_build(
                 cmd = r"""
                     source $(execpath """ + boot_args + """)
                     # Create GuestLaunchMeasurements JSON
-                    (for cmdline in "$$BOOT_ARGS_A" "$$BOOT_ARGS_B"; do
-                        hex=$$($(execpath //ic-os:sev-snp-measure) --mode snp --vcpus """ + vcpus + """ --ovmf "$(execpath //ic-os/components/ovmf:ovmf_sev)" --vcpu-type=EPYC-v4 --append "$$cmdline" --initrd "$(location extracted_initrd.img)" --kernel "$(location extracted_vmlinuz)")
-                        # Convert hex string to decimal list, e.g. "abcd" ->  171\\n205
-                        measurement=$$(echo -n "$$hex" | fold -w2 | sed "s/^/0x/" | xargs printf "%d\n")
-                        jq -na --arg cmd "$$cmdline" --arg m "$$measurement" '{
-                          measurement: ($$m | split("\n") | map(tonumber)),
-                          metadata: {kernel_cmdline: $$cmd}
-                        }'
+                    (for vcpus in """ + vcpu_configs + """; do
+                        for cmdline in "$$BOOT_ARGS_A" "$$BOOT_ARGS_B"; do
+                            hex=$$($(execpath //ic-os:sev-snp-measure) --mode snp --vcpus $$vcpus --ovmf "$(execpath //ic-os/components/ovmf:ovmf_sev)" --vcpu-type=EPYC-v4 --append "$$cmdline" --initrd "$(location extracted_initrd.img)" --kernel "$(location extracted_vmlinuz)")
+                            # Convert hex string to decimal list, e.g. "abcd" ->  171\\n205
+                            measurement=$$(echo -n "$$hex" | fold -w2 | sed "s/^/0x/" | xargs printf "%d\n")
+                            jq -na --arg cmd "$$cmdline" --arg m "$$measurement" '{
+                              measurement: ($$m | split("\n") | map(tonumber)),
+                              metadata: {kernel_cmdline: $$cmd}
+                            }'
+                        done
                     done) | jq -sc "{guest_launch_measurements: .}" > $@
                 """,
             )