Skip to content

Commit

Permalink
updated installtion procedure and snpguest tool compatibility
Browse files Browse the repository at this point in the history
  • Loading branch information
@ramagali24
ramagali24 committed Sep 19, 2024
1 parent 1ccfc77 commit 630b85c
Showing 1 changed file with 33 additions and 80 deletions.
113 changes: 33 additions & 80 deletions tools/snp.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ ATTESTATION_WORKING_DIR="${ATTESTATION_WORKING_DIR:-${WORKING_DIR}/attest}"
# Export environment variables
COMMAND="help"
UPM=true
SVSM=false
SKIP_IMAGE_CREATE=false
HOST_SSH_PORT="${HOST_SSH_PORT:-10022}"
GUEST_NAME="${GUEST_NAME:-snp-guest}"
Expand Down Expand Up @@ -278,6 +279,12 @@ install_dependencies() {
# Needed to build 6.11.0-rc3 SNP kernel on the host
pip install tomli

#Needed to build snpguest on Ubuntu 24.04 to ensure compatibility with Ubuntu 22.04
if "$SVSM"; then
sudo apt install musl musl-tools
rustup target add x86_64-unknown-linux-musl
fi

echo "true" > "${dependencies_installed_file}"
}

Expand Down Expand Up @@ -664,26 +671,20 @@ set_acl_for_sev_device() {
build_and_install_amdsev() {

local amdsev_branch="${1:-${AMDSEV_DEFAULT_BRANCH}}"

if "$SVSM"; then
AMDSEV_URL=${AMDSEV_SVSM_URL}
amdsev_branch="${1:-${AMDSEV_SVSM_BRANCH}}"
else
local amdsev_branch="${1:-${AMDSEV_DEFAULT_BRANCH}}"
fi
local amdsev_url="${2:-${AMDSEV_URL}}" # Accept the URL as the second argument
# Create directory
mkdir -p "${SETUP_WORKING_DIR}"

# Clone and switch branch
pushd "${SETUP_WORKING_DIR}" >/dev/null
if [ ! -d "AMDSEV" ]; then
git clone -b "${amdsev_branch}" "${AMDSEV_URL}" "AMDSEV"
git -C "AMDSEV" remote add current "${AMDSEV_URL}"
git clone -b "${amdsev_branch}" "${amdsev_url}" "AMDSEV"
git -C "AMDSEV" remote add current "${amdsev_url}"
fi

# Fetch, checkout, update
cd "AMDSEV"
git remote set-url current "${AMDSEV_URL}"
git remote set-url current "${amdsev_url}"
git fetch current "${amdsev_branch}"
git checkout "current/${amdsev_branch}"

Expand Down Expand Up @@ -817,11 +818,12 @@ setup_and_launch_guest() {

# ovmf, initrd, kernel and append options
if "$SVSM"; then
add_qemu_cmdline_opts "-initrd ${INITRD_BIN}"
add_qemu_cmdline_opts "-kernel ${KERNEL_BIN}"
add_qemu_cmdline_opts "-append \"${GUEST_KERNEL_APPEND}\""
else
add_qemu_cmdline_opts "-bios ${OVMF_BIN}"
fi
add_qemu_cmdline_opts "-initrd ${INITRD_BIN}"
add_qemu_cmdline_opts "-kernel ${KERNEL_BIN}"
add_qemu_cmdline_opts "-append \"${GUEST_KERNEL_APPEND}\""

# Launch qemu cmdline
"${QEMU_CMDLINE_FILE}"
Expand Down Expand Up @@ -939,9 +941,14 @@ setup_guest_attestation() {
else
git checkout "current/${SNPGUEST_BRANCH}"
fi

cargo build -r
scp_guest_command target/release/snpguest "${GUEST_USER}@localhost:/home/${GUEST_USER}"

if "$SVSM"; then
cargo build --release --target x86_64-unknown-linux-musl
scp_guest_command target/x86_64-unknown-linux-musl/release/snpguest "${GUEST_USER}@localhost:/home/${GUEST_USER}"
else
cargo build -r
scp_guest_command target/release/snpguest "${GUEST_USER}@localhost:/home/${GUEST_USER}"
fi
popd

# Update, upgrade and packages
Expand Down Expand Up @@ -1154,58 +1161,6 @@ attest_guest() {
fi
}

setup_svsm_guest_attestation() {
# Define the guest command to be executed
local guest_command=$(cat <<'EOF'
# Update and install necessary packages
echo 'Updating package list...'
sudo apt-get update
echo 'Installing necessary packages...'
sudo apt-get install -y git build-essential libtss2-dev tpm2-tools
# Install Rust
echo 'Installing Rust...'
source "$HOME/.cargo/env" 2>/dev/null || true
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
source "$HOME/.cargo/env" 2>/dev/null
# Create the 'tools' directory if it does not exist
if [ ! -d "tools" ]; then
echo 'Directory tools does not exist. Creating it...'
mkdir tools
else
echo 'Directory tools already exists.'
fi
# Change to 'tools' directory
cd tools || { echo 'Failed to change directory to tools'; exit 1; }
# Check if 'snpguest' directory exists and remove it if it does
if [ -d "snpguest" ]; then
echo 'Directory snpguest exists. Removing it...'
rm -rf snpguest
else
echo 'Directory snpguest does not exist.'
fi
# Clone the repository into the 'tools' directory
git clone https://github.com/virtee/snpguest.git
# Build the project inside the 'snpguest' directory
cd snpguest || { echo 'Failed to change directory to snpguest'; exit 1; }
source "$HOME/.cargo/env"
cargo build --release
# Copy the built binary to the home directory
cp target/release/snpguest "$HOME/"
EOF
)

# Pass the guest command to ssh_guest_command
ssh_guest_command "$guest_command"
}

generate_svsm_expected_measurement() {
# Change directory to where igvmmeasure is located
if ! cd "$SETUP_WORKING_DIR/AMDSEV/svsm/target/x86_64-unknown-linux-gnu/debug"; then
Expand Down Expand Up @@ -1320,12 +1275,15 @@ main() {
;;

setup-host)
install_dependencies
#install_dependencies

if $UPM; then
build_and_install_amdsev "${AMDSEV_DEFAULT_BRANCH}"
if $SVSM; then
# Run when SVSM is true
build_and_install_amdsev "${AMDSEV_SVSM_BRANCH}" "${AMDSEV_SVSM_URL}"
elif $UPM; then
build_and_install_amdsev "${AMDSEV_DEFAULT_BRANCH}" "${AMDSEV_URL}"
else
build_and_install_amdsev "${AMDSEV_NON_UPM_BRANCH}"
build_and_install_amdsev "${AMDSEV_NON_UPM_BRANCH}" "${AMDSEV_URL}"
fi

source "${SETUP_WORKING_DIR}/source-bins"
Expand All @@ -1343,7 +1301,7 @@ main() {
source "${LAUNCH_WORKING_DIR}/source-bins"

verify_snp_host
install_dependencies
#install_dependencies

# TEMPORARY until sev-snp-measure is updated to pass in TCB kernel modifier flags
# Changes in AMDESE/linux set debug_swap on by default and affect the measurement
Expand All @@ -1359,16 +1317,11 @@ main() {
;;

attest-guest)
if "$SVSM"; then
wait_and_retry_command verify_snp_guest
setup_svsm_guest_attestation
else
install_rust
install_sev_snp_measure
install_dependencies
#install_sev_snp_measure
#install_dependencies
wait_and_retry_command verify_snp_guest
setup_guest_attestation
fi
attest_guest
;;

Expand Down

0 comments on commit 630b85c

Please sign in to comment.