a70c65d97e
Adds support for a TDX flavor. Additionally adjusts the qboot binary locations such that SEV has a different binary than TDX. Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me> |
||
|---|---|---|
| .github/workflows | ||
| initrd | ||
| patches | ||
| patches-tee | ||
| qboot | ||
| utils | ||
| .gitignore | ||
| CODEOWNERS | ||
| LICENSE-GPL-2.0-only | ||
| LICENSE-LGPL-2.1-only | ||
| Makefile | ||
| README.md | ||
| bin2cbundle.py | ||
| build_on_krunvm.sh | ||
| build_on_krunvm_debian.sh | ||
| build_on_krunvm_fedora.sh | ||
| config-libkrunfw-sev_x86_64 | ||
| config-libkrunfw-tdx_x86_64 | ||
| config-libkrunfw_aarch64 | ||
| config-libkrunfw_x86_64 | ||
README.md
libkrunfw
libkrunfw is a library bundling a Linux kernel in a dynamic library in a way that can be easily consumed by libkrun.
By having the kernel bundled in a dynamic library, libkrun can leave to the linker the work of mapping the sections into the process, and then directly inject those mappings into the guest without any kind of additional work nor processing.
Building
Linux (generic variant)
Requirements
- The toolchain your distribution needs to build a Linux kernel.
- Python 3
pyelftools(packagepython3-pyelftoolsin Fedora and Ubuntu)
Building and installing the library
make
sudo make install
Linux (SEV variant)
Requirements
- The toolchain your distribution needs to build a Linux kernel.
- Python 3
pyelftools(packagepython3-pyelftoolsin Fedora and Ubuntu)
Building and installing the library
make SEV=1
sudo make SEV=1 install
macOS
Requirements
Compiling a Linux kernel natively on macOS is not an easy feat. For this reason, the recommended way for building libkrunfw in this platform is by already having installed a binary version of krunvm and its dependencies (libkrun, and libkrunfw itself), such as the one available in the krunvm Homebrew repo, and then executing the build_on_krunvm.sh script found in this repository.
This will create a lightweight Linux VM using krunvm with the current working directory mapped inside it, and build the kernel on it.
Building the library using krunvm
./build_on_krunvm.sh
make
By default, the build environment is based on a Fedora image. There is also a Debian variant which can be selected by setting the BUILDER environment variable.
BUILDER=debian ./build_on_krunvm.sh
In general, ./build_on_krunvm.sh will always delegate to ./build_on_krunvm_${BUILDER}.sh so additional environments can be added like this if needed.
Known limitations
- To save memory, the embedded kernel is configured with
CONFIG_NR_CPUS=8, which limits the maximum number of supported CPUs to 8. If this kernel runs in a VM with more CPUs, only the first 8 will be initialized and used.
License
This library bundles a Linux kernel but does not execute any code from it, acting as a mere storage format. As a consequence, this library does not constitute a derivative work of the Linux kernel. Thus, the following licenses apply:
-
Linux kernel: GPL-2.0-only
-
Files contained in the
patchesdirectory: GPL-2.0-only -
Library code, including automatically-generated code: LGPL-2.1-only
Therefore, distributions of this library in binary form are required to be accompanied by the source code of the Linux kernel bundled in the binary along with the code of the library itself, but other programs linking against this library are not required to be licensed under the GPL-2.0-only nor the LGPL-2.1-only licenses.