-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
7d433c7
commit 58f5736
Showing
3 changed files
with
136 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| # TDX Base Profile | ||
|
|
||
| This is the minimal TEE-enabled profile that serves as a foundation for other specialized images. It provides basic AMD SEV-SNP/TDX support with essential security features. | ||
|
|
||
| ## Features | ||
| - Basic AMD SEV-SNP/TDX support | ||
| - TPM2 integration | ||
| - Minimal system footprint | ||
|
|
||
| ## Included Layers | ||
| - meta-confidential-compute: Core confidential computing support | ||
| - meta-openembedded: Basic system utilities and libraries | ||
| - poky: Base Yocto distribution | ||
|
|
||
| ## Build Configuration | ||
| - Image Type: `cvm-image-azure` | ||
| - Package Format: IPK | ||
| - Supported Machine: tdx | ||
| - Distribution: cvm | ||
|
|
||
| ## Environment Variables | ||
| The following environment variables can be set to customize the build: | ||
| - `DEBUG_TWEAKS_ENABLED`: Enable debug features (default: 1) | ||
| - `DISK_ENCRYPTION_KEY_STORAGE`: Configure disk encryption key storage location (optional) | ||
|
|
||
| ## Usage | ||
| ```bash | ||
| make image-base | ||
| ``` | ||
|
|
||
| For measurement generation: | ||
| ```bash | ||
| make measurements-base | ||
| ``` | ||
|
|
||
| Build artifacts will be available in `reproducible-build/artifacts-base/`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| # TDX BOB (Builder/Searcher) Profile | ||
|
|
||
| This profile creates a specialized image for running searcher nodes in confidential compute environments. It includes podman support and searcher-specific configurations. | ||
|
|
||
| ## Features | ||
| - AMD SEV-SNP/TDX support | ||
| - Secure container runtime isolation via podman | ||
| - SSH key-based authentication | ||
| - TPM2 measurements and attestation | ||
|
|
||
| ## Included Layers | ||
| - meta-confidential-compute: Core confidential computing support | ||
| - meta-openembedded: System utilities and libraries | ||
| - meta-secure-core: Security features | ||
| - meta-virtualization: Container support | ||
| - meta-custom-podman: Customized podman configuration | ||
| - meta-searcher: Searcher-specific features | ||
| - poky: Base Yocto distribution | ||
|
|
||
| ## Build Configuration | ||
| - Image Type: `cvm-image-azure` | ||
| - Package Format: IPK | ||
| - Supported Machine: tdx | ||
| - Distribution: cvm | ||
|
|
||
| ## Required Configuration | ||
| Before building, you must set the following in env_files/bob_yocto_build_config.env: | ||
| - `SEARCHER_SSH_KEY`: SSH public key for searcher access (required) | ||
|
|
||
| ## Usage | ||
| ```bash | ||
| # First set SEARCHER_SSH_KEY in env_files/bob_yocto_build_config.env | ||
| make image-bob | ||
| ``` | ||
|
|
||
| For measurement generation: | ||
| ```bash | ||
| make measurements-bob | ||
| ``` | ||
|
|
||
| Build artifacts will be available in `reproducible-build/artifacts-bob/`. | ||
|
|
||
| ## Notes | ||
| - Ensure SSH key is properly configured before building | ||
| - The image is optimized for searcher workloads | ||
| - Includes container management capabilities |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| # TDX RBuilder Profile | ||
|
|
||
| This profile creates an image optimized for running Ethereum validators and builders, including reth and lighthouse clients. It provides a comprehensive environment for blockchain node operation. | ||
|
|
||
| ## Features | ||
| - AMD SEV-SNP/TDX support | ||
| - Rust/Clang toolchain support | ||
| - EVM integration | ||
| - Observability tools | ||
| - Secure container runtime isolation via podman | ||
| - Builder/validator configuration | ||
|
|
||
| ## Included Layers | ||
| - meta-confidential-compute: Core confidential computing support | ||
| - meta-openembedded: System utilities and libraries | ||
| - meta-secure-core: Security features | ||
| - meta-virtualization: Container support | ||
| - meta-clang: LLVM/Clang compiler support | ||
| - meta-evm: Ethereum Virtual Machine support | ||
| - meta-rust-bin: Rust toolchain | ||
| - meta-observability: Monitoring tools | ||
| - meta-custom-podman: Container runtime | ||
| - poky: Base Yocto distribution | ||
|
|
||
| ## Build Configuration | ||
| - Image Type: `cvm-image-azure` | ||
| - Package Format: IPK | ||
| - Supported Machine: tdx | ||
| - Distribution: cvm | ||
|
|
||
| ## Environment Variables | ||
| The following environment variables can be set in env_files/rbuilder_yocto_build_config.env: | ||
| - `DEBUG_TWEAKS_ENABLED`: Enable debug features (default: 1) | ||
| - `INCLUDE_RCLONE`: Include rclone tool (default: 1) | ||
| - `INIT_CONFIG_URL`: Builder initialization config URL | ||
| - `DISK_ENCRYPTION_KEY_STORAGE`: Configure disk encryption key storage location (optional) | ||
| - `SSH_PUBKEY`: SSH public key for access (optional) | ||
|
|
||
| ## Usage | ||
| ```bash | ||
| make image-rbuilder | ||
| ``` | ||
|
|
||
| For measurement generation: | ||
| ```bash | ||
| make measurements-rbuilder | ||
| ``` | ||
|
|
||
| Build artifacts will be available in `reproducible-build/artifacts-rbuilder/`. | ||
|
|
||
| ## Notes | ||
| - Includes full development toolchain | ||
| - Enhanced monitoring capabilities | ||
| - Container support for service isolation |