From c5570e256f7643a0056679b8b6a81d87e9a46679 Mon Sep 17 00:00:00 2001 From: Jack Thomson Date: Tue, 29 Apr 2025 12:00:37 +0000 Subject: [PATCH] ci: Use AL23 for secret hiding CI Move from Ubuntu to AL2023 for the secret hiding testing to bring it inline with the other kernels We had to add some more kernel config overrides. The amazon linux default kernel didn't have CRYPTO_HW enabled, this is required as a dependency for AMD_SEV. Signed-off-by: Jack Thomson --- .buildkite/common.py | 2 +- resources/hiding_ci/build_and_install_kernel.sh | 8 ++++---- resources/hiding_ci/kernel_config_overrides | 12 +++++++++++- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/.buildkite/common.py b/.buildkite/common.py index 7013406a0f0..8705554daaf 100644 --- a/.buildkite/common.py +++ b/.buildkite/common.py @@ -33,7 +33,7 @@ DEFAULT_PLATFORMS = [ ("al2", "linux_5.10"), ("al2023", "linux_6.1"), - ("ubuntu24", "secret_hiding"), + ("al2023", "secret_hiding"), ] diff --git a/resources/hiding_ci/build_and_install_kernel.sh b/resources/hiding_ci/build_and_install_kernel.sh index 74bbb979906..dc5095cabfe 100755 --- a/resources/hiding_ci/build_and_install_kernel.sh +++ b/resources/hiding_ci/build_and_install_kernel.sh @@ -177,15 +177,15 @@ make olddefconfig scripts/config --disable SYSTEM_TRUSTED_KEYS scripts/config --disable SYSTEM_REVOCATION_KEYS -# We run this again to default options now changed by -# the disabling of the ubuntu keys -make olddefconfig - # Apply our config overrides on top of the config scripts/kconfig/merge_config.sh -m .config $KERNEL_CONFIG_OVERRIDES check_override_presence +# We run this again to default options now changed by +# the disabling of the ubuntu keys +make olddefconfig + echo "Building kernel this may take a while" make -s -j $(nproc) echo "Building kernel modules" diff --git a/resources/hiding_ci/kernel_config_overrides b/resources/hiding_ci/kernel_config_overrides index e42464abb89..5746d788a05 100644 --- a/resources/hiding_ci/kernel_config_overrides +++ b/resources/hiding_ci/kernel_config_overrides @@ -1,6 +1,16 @@ CONFIG_EXPERT=y +CONFIG_CRYPTO_HW=y +CONFIG_CRYPTO_DEV_CCP=y +CONFIG_CRYPTO_DEV_CCP_DD=y +CONFIG_CRYPTO_DEV_SP_PSP=y CONFIG_KVM=y CONFIG_KVM_SW_PROTECTED_VM=y -CONFIG_KVM_PRIVATE_MEM=y +CONFIG_KVM_AMD=y +CONFIG_KVM_INTEL=y CONFIG_KVM_AMD_SEV=y +CONFIG_KVM_PRIVATE_MEM=y +CONFIG_KVM_GENERIC_MMU_NOTIFIER=y +CONFIG_KVM_GENERIC_HARDWARE_ENABLING=y +CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES=y +CONFIG_KVM_GENERIC_PRIVATE_MEM=y CONFIG_DEBUG_INFO=y