Build for measured rootfs improvements

[wainersm]

While helping to solve kata-containers/tests#5701 I looked more carefully at the kernel, image and shim-v2 build scripts, and I found some opportunities of improvements. Apart from that, we've got some plans for measured rootfs on main branch as #7415.

This PR has the goals:

• move the logic to build measured rootfs out of the kata-deploy. IMO the component's builders should handle the build paths for enabling measured rootfs
• ensure that when MEASURED_BOOTFS=yes then the expected files are found or the build process die. This is to ensure we don't silently produce bad components
• implements one test case for current implementation

[wainersm]

I set needs-backport in case @stevenhorsman prefers this out of the next merge PR. Of course, if those changes work and are approved :)

[stevenhorsman]

The code looks good to me, but we don't currently have a way to test it in main which makes me a little nervous, but then again we don't have a code path that activates it either, so it's probably ok to have code review only until it's merged into CCv0, though I will need to update it to handle TDX root hashes then too.

[wainersm]

The code looks good to me, but we don't currently have a way to test it in main which makes me a little nervous, but then again we don't have a code path that activates it either, so it's probably ok to have code review only until it's merged into CCv0, though I will need to update it to handle TDX root hashes then too.

Yeah, I was expecting it being partially tested by the new TDX job on GHB but it seems disabled?

This is how I tested it:

• Build the vanilla kernel with support to measured rootfs:

make MEASURED_ROOTFS=yes kernel-tarball

• Build the TDX kernel with support to measured rootfs (** MEASURED_ROOTFS=yes is exported in https://github.com/kata-containers/kata-containers/blob/main/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh#L318):

make kernel-tdx-experimental-tarball

• Build shim-v2 with support to measured rootfs:

cd tools/osbuilder
wget http://jenkins.katacontainers.io/job/kata-containers-2.0-rootfs-image-cc-x86_64/lastSuccessfulBuild/artifact/artifacts/root_hash_vanilla.txt
mv root_hash_vanilla.txt root_hash.txt
cd -
make MEASURED_ROOTFS=yes shim-v2-tarball
cat build/shim-v2/destdir/opt/kata/share/defaults/kata-containers/configuration.toml | grep hash

• Build shim-v2 with support to measured rootfs but force a fail:

rm -f tools/osbuilder/root_hash.txt
make MEASURED_ROOTFS=yes shim-v2-tarball

• Build the TDX kernel with support to measured rootfs but force a fail:

rm -rf tools/packaging/kernel/initramfs.cpio.gz
# Comment the line https://github.com/kata-containers/kata-containers/blob/b2b70e6d8a5880db4655ace6b981d5ce48acc07d/tools/packaging/static-build/kernel/build.sh#L25 so that initramfs is not built
make kernel-tdx-experimental-tarball

[wainersm]

hi @arronwy , could I have your review on this one?

[stevenhorsman]

Hey Wainer, based on a conversation we had earlier, we have the following extra suggestions for measured rootfs that could go into this PR (or spun out separately). We might want to run it past the AC before we merge though to ensure that people have awareness:

• At the moment measured rootfs being built into the image is triggered by setting MEASURED_ROOTFS=yes during the build, however on main there is no jobs that set it, so it's never enabled
• Instead of this we could always build the initramfs into the image so it's capable of enforcing the integrity checking, but only enable it selectively
• As it is very difficult to calculate the root hash after the event, we can follow the current pattern of calculating it and pulling it into the runtime, but inject it to the config tomls but commented out:
  • We could have a new parameter that results in the kernel_params getting set like debug_console_enabled=true adds agent.debug_console agent.debug_console_vport=1026 to the kernel_params and then a use would just have to uncomment that option to use it
  • Alternatively (and a bit cheaper, but not as nicer user experience), we could just add something like:

  # Add the following line to the kernel_params to enable integrity checking of the guest image 
  # rootfs_verity.scheme=dm-verity cc_rootfs_verity.hash=${root_hash}
  

  in the line above the kernel_params in the config

\cc @fidencio

[wainersm]

Rebased and fixed the conflicts. Apparently the logic is still working even with the new cache mechanism.

Leaving it WIP as I plan to address the last @stevenhorsman 's suggestions.

[wainersm]

A pod with following annotation should be failing the measurement as I am passing an incorrect hash, but it is not:

apiVersion: v1
kind: Pod
metadata:
   name: busybox-cc
   annotations:
     io.katacontainers.config.hypervisor.kernel_params: "rootfs_verity.scheme=dm-verity rootfs_verity.hash=5180b1568c2ba972e4e06ee0a55976acae8329f2a5d1d2004395635e1ec4a76e"
 spec:
   runtimeClassName:
   containers:
     - name: nginx
       image: nginx
       imagePullPolicy: Always
   imagePullSecrets:
     - name: cococred

Am I passing the right annotation @stevenhorsman ?

[wainersm]

A pod with following annotation should be failing the measurement as I am passing an incorrect hash, but it is not:

apiVersion: v1
kind: Pod
metadata:
   name: busybox-cc
   annotations:
     io.katacontainers.config.hypervisor.kernel_params: "rootfs_verity.scheme=dm-verity rootfs_verity.hash=5180b1568c2ba972e4e06ee0a55976acae8329f2a5d1d2004395635e1ec4a76e"
 spec:
   runtimeClassName:
   containers:
     - name: nginx
       image: nginx
       imagePullPolicy: Always
   imagePullSecrets:
     - name: cococred

Am I passing the right annotation @stevenhorsman ?

Just noticed that runtimeClassName is blank....

[stevenhorsman]

Am I passing the right annotation @stevenhorsman ?

Yes - that looks like it matches the kata-deploy method that adds it when measured_rootfs is enabled at the moment:

kata-containers/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh

Line 588 in 29d8633

root_measure_config="rootfs_verity.scheme=dm-verity rootfs_verity.hash=${root_hash}"

Just noticed that runtimeClassName is blank....

Yeah, that's worth looking at more 😄

[wainersm]

The test that I am adding on this PR passed (https://github.com/kata-containers/kata-containers/actions/runs/6670016832/job/18130811556?pr=7231):

ok 1 Test cannnot launch pod with measured boot enabled and incorrect hash
1..2

Removing the wip as it is ready to review.

[stevenhorsman]

Apart from a couple of minor issue this looks great. Thanks @wainersm!

[stevenhorsman]

nit: Should this be k:mp: to preserve the alphabetically ordering?

[wainersm]

Fixed!

[stevenhorsman]

nit: more that the -> more than the and apologies as I think that's my typo you've copied!

[wainersm]

Rebased this PR to solve a small conflict and addressed the last comments of @stevenhorsman

[wainersm]

Hi @arronwy @fidencio ! Can I ask you a special attention to this PR on the next days? I explain why.

@ChengyuZhu6 's #8484 is pre-req to a lot of upcoming "merge to main" code. @stevenhorsman plans to pull some tests from CCv0 to test that basic pull mechanism and he will need to migrate some (if not all!) of the common test methods that I have on this PR. Steve's work will be based on this PR ,therefore, it will be important to merge it asap to avoid blocking him (Free Steve!)

[fidencio]

/test

[fidencio]

lgtm, thanks @wainersm!

[fidencio]

/test-s390x

[fidencio]

/retest-s390x