Merge pull request #9476 from zvonkok/nvidia-config-tomls

config: Add NVIDIA GPU SNP, TDX configuration files
kata-containers · May 2, 2024 · e5e0983 · e5e0983
2 parents f04a7a5 + eda3bfe
commit e5e0983
Show file tree

Hide file tree

Showing 4 changed files with 1,461 additions and 13 deletions.
diff --git a/src/runtime/Makefile b/src/runtime/Makefile
@@ -60,6 +60,11 @@ IMAGECONFIDENTIALNAME = $(PROJECT_TAG)-confidential.img
 INITRDNAME = $(PROJECT_TAG)-initrd.img
 INITRDCONFIDENTIALNAME = $(PROJECT_TAG)-initrd-confidential.img
 
+IMAGENAME_NV = $(PROJECT_TAG)-nvidia-gpu.img
+IMAGENAME_CONFIDENTIAL_NV = $(PROJECT_TAG)-nvidia-gpu-confidential.img
+INITRDNAME_NV = $(PROJECT_TAG)-initrd-nvidia-gpu.img
+INITRDNAME_CONFIDENTIAL_NV = $(PROJECT_TAG)-initrd-nvidia-gpu-confidential.img
+
 TARGET = $(BIN_PREFIX)-runtime
 RUNTIME_OUTPUT = $(CURDIR)/$(TARGET)
 RUNTIME_DIR = $(CLI_DIR)/$(TARGET)
@@ -100,6 +105,8 @@ GENERATED_VARS = \
 		CONFIG_QEMU_IN \
         CONFIG_QEMU_COCO_DEV_IN \
 		CONFIG_QEMU_NVIDIA_GPU_IN \
+		CONFIG_QEMU_NVIDIA_GPU_SNP_IN \
+		CONFIG_QEMU_NVIDIA_GPU_TDX_IN \
 		CONFIG_QEMU_SEV_IN \
 		CONFIG_QEMU_TDX_IN \
 		CONFIG_QEMU_SNP_IN \
@@ -126,6 +133,11 @@ IMAGECONFIDENTIALPATH := $(PKGDATADIR)/$(IMAGECONFIDENTIALNAME)
 INITRDPATH := $(PKGDATADIR)/$(INITRDNAME)
 INITRDCONFIDENTIALPATH := $(PKGDATADIR)/$(INITRDCONFIDENTIALNAME)
 
+IMAGEPATH_NV := $(PKGDATADIR)/$(IMAGENAME_NV)
+IMAGEPATH_CONFIDENTIAL_NV := $(PKGDATADIR)/$(IMAGENAME_CONFIDENTIAL_NV)
+INITRDPATH_NV := $(PKGDATADIR)/$(INITRDNAME_NV)
+INITRDPATH_CONFIDENTIAL_NV := $(PKGDATADIR)/$(INITRDNAME_CONFIDENTIAL_NV)
+
 ROOTFSTYPE_EXT4 := \"ext4\"
 ROOTFSTYPE_XFS := \"xfs\"
 ROOTFSTYPE_EROFS := \"erofs\"
@@ -359,6 +371,30 @@ ifneq (,$(QEMUCMD))
 
     CONFIGS += $(CONFIG_QEMU_NVIDIA_GPU)
 
+    CONFIG_FILE_QEMU_NVIDIA_GPU_SNP = configuration-qemu-nvidia-gpu-snp.toml
+    CONFIG_QEMU_NVIDIA_GPU_SNP = config/$(CONFIG_FILE_QEMU_NVIDIA_GPU_SNP)
+    CONFIG_QEMU_NVIDIA_GPU_SNP_IN = $(CONFIG_QEMU_NVIDIA_GPU_SNP).in
+
+    CONFIG_PATH_QEMU_NVIDIA_GPU_SNP = $(abspath $(CONFDIR)/$(CONFIG_FILE_QEMU_NVIDIA_GPU_SNP))
+    CONFIG_PATHS += $(CONFIG_PATH_QEMU_NVIDIA_GPU_SNP)
+
+    SYSCONFIG_QEMU_NVIDIA_GPU_SNP = $(abspath $(SYSCONFDIR)/$(CONFIG_FILE_QEMU_NVIDIA_GPU_SNP))
+    SYSCONFIG_PATHS_SNP += $(SYSCONFIG_QEMU_NVIDIA_GPU_SNP)
+
+    CONFIGS += $(CONFIG_QEMU_NVIDIA_GPU_SNP)
+
+    CONFIG_FILE_QEMU_NVIDIA_GPU_TDX = configuration-qemu-nvidia-gpu-tdx.toml
+    CONFIG_QEMU_NVIDIA_GPU_TDX = config/$(CONFIG_FILE_QEMU_NVIDIA_GPU_TDX)
+    CONFIG_QEMU_NVIDIA_GPU_TDX_IN = $(CONFIG_QEMU_NVIDIA_GPU_TDX).in
+
+    CONFIG_PATH_QEMU_NVIDIA_GPU_TDX = $(abspath $(CONFDIR)/$(CONFIG_FILE_QEMU_NVIDIA_GPU_TDX))
+    CONFIG_PATHS += $(CONFIG_PATH_QEMU_NVIDIA_GPU_TDX)
+
+    SYSCONFIG_QEMU_NVIDIA_GPU_TDX = $(abspath $(SYSCONFDIR)/$(CONFIG_FILE_QEMU_NVIDIA_GPU_TDX))
+    SYSCONFIG_PATHS += $(SYSCONFIG_QEMU_NVIDIA_GPU_TDX)
+
+    CONFIGS += $(CONFIG_QEMU_NVIDIA_GPU_TDX)
+
     CONFIG_FILE_REMOTE = configuration-remote.toml
     CONFIG_REMOTE = config/$(CONFIG_FILE_REMOTE)
     CONFIG_REMOTE_IN = $(CONFIG_REMOTE).in
@@ -398,6 +434,25 @@ ifneq (,$(QEMUCMD))
 
     KERNELSENAME = kata-containers-se.img
     KERNELSEPATH = $(KERNELDIR)/$(KERNELSENAME)
+
+    # NVIDIA GPU specific options (all should be suffixed by _NV)
+    KERNELNAME_NV = $(call MAKE_KERNEL_NAME_NV,$(KERNELTYPE))
+    KERNELPATH_NV = $(KERNELDIR)/$(KERNELNAME_NV)
+
+    KERNELNAME_CONFIDENTIAL_NV = $(call MAKE_KERNEL_CONFIDENTIAL_NAME_NV,$(KERNELCONFIDENTIALTYPE))
+    KERNELPATH_CONFIDENTIAL_NV = $(KERNELDIR)/$(KERNELNAME_CONFIDENTIAL_NV)
+
+    DEFAULTVCPUS_NV = 16
+    DEFAULTMEMORY_NV = 65536
+    DEFAULTTIMEOUT_NV = 320
+    DEFAULTVFIOPORT_NV = root-port
+    DEFAULTPCIEROOTPORT_NV = 8
+
+    KERNELPARAMS_NV =  "agent.hotplug_timeout=20"
+    KERNELPARAMS_NV += $(KERNELPARAMS)
+
+    KERNELTDXPARAMS_NV = "authorize_allow_devs=pci:ALL"
+    KERNELTDXPARAMS_NV += $(KERNELTDXPARAMS)
 endif
 
 ifneq (,$(CLHCMD))
@@ -582,6 +637,25 @@ USER_VARS += INITRDNAME
 USER_VARS += INITRDCONFIDENTIALNAME
 USER_VARS += INITRDPATH
 USER_VARS += INITRDCONFIDENTIALPATH
+USER_VARS += IMAGENAME_NV
+USER_VARS += IMAGENAME_CONFIDENTIAL_NV
+USER_VARS += IMAGEPATH_NV
+USER_VARS += IMAGEPATH_CONFIDENTIAL_NV
+USER_VARS += INITRDNAME_NV
+USER_VARS += INITRDNAME_CONFIDENTIAL_NV
+USER_VARS += INITRDPATH_NV
+USER_VARS += INITRDPATH_CONFIDENTIAL_NV
+USER_VARS += KERNELNAME_NV
+USER_VARS += KERNELPATH_NV
+USER_VARS += KERNELNAME_CONFIDENTIAL_NV
+USER_VARS += KERNELPATH_CONFIDENTIAL_NV
+USER_VARS += DEFAULTVCPUS_NV
+USER_VARS += DEFAULTMEMORY_NV
+USER_VARS += DEFAULTVFIOPORT_NV
+USER_VARS += DEFAULTPCIEROOTPORT_NV
+USER_VARS += KERNELPARAMS_NV
+USER_VARS += KERNELTDXPARAMS_NV
+USER_VARS += DEFAULTTIMEOUT_NV
 USER_VARS += DEFROOTFSTYPE
 USER_VARS += MACHINETYPE
 USER_VARS += KERNELDIR
@@ -782,6 +856,15 @@ define MAKE_KERNEL_CONFIDENTIAL_NAME
 $(if $(findstring uncompressed,$1),vmlinux-confidential.container,vmlinuz-confidential.container)
 endef
 
+define MAKE_KERNEL_NAME_NV
+$(if $(findstring uncompressed,$1),vmlinux-nvidia-gpu.container,vmlinuz-nvidia-gpu.container)
+endef
+
+define MAKE_KERNEL_CONFIDENTIAL_NAME_NV
+$(if $(findstring uncompressed,$1),vmlinux-nvidia-gpu-confidential.container,vmlinuz-nvidia-gpu-confidential.container)
+endef
+
+
 GENERATED_FILES += pkg/katautils/config-settings.go
 
 $(RUNTIME_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) | show-summary