diff --git a/config_files/tdx-base/README.md b/config_files/tdx-base/README.md new file mode 100644 index 0000000..788714f --- /dev/null +++ b/config_files/tdx-base/README.md @@ -0,0 +1,36 @@ +# TDX Base Profile + +This is the minimal TEE-enabled profile that serves as a foundation for other specialized images. It provides basic AMD SEV-SNP/TDX support with essential security features. + +## Features +- Basic AMD SEV-SNP/TDX support +- TPM2 integration +- Minimal system footprint + +## Included Layers +- meta-confidential-compute: Core confidential computing support +- meta-openembedded: Basic system utilities and libraries +- poky: Base Yocto distribution + +## Build Configuration +- Image Type: `cvm-image-azure` +- Package Format: IPK +- Supported Machine: tdx +- Distribution: cvm + +## Environment Variables +The following environment variables can be set to customize the build: +- `DEBUG_TWEAKS_ENABLED`: Enable debug features (default: 1) +- `DISK_ENCRYPTION_KEY_STORAGE`: Configure disk encryption key storage location (optional) + +## Usage +```bash +make image-base +``` + +For measurement generation: +```bash +make measurements-base +``` + +Build artifacts will be available in `reproducible-build/artifacts-base/`. diff --git a/config_files/tdx-bob/README.md b/config_files/tdx-bob/README.md new file mode 100644 index 0000000..6da93be --- /dev/null +++ b/config_files/tdx-bob/README.md @@ -0,0 +1,46 @@ +# TDX BOB (Builder/Searcher) Profile + +This profile creates a specialized image for running searcher nodes in confidential compute environments. It includes podman support and searcher-specific configurations. + +## Features +- AMD SEV-SNP/TDX support +- Secure container runtime isolation via podman +- SSH key-based authentication +- TPM2 measurements and attestation + +## Included Layers +- meta-confidential-compute: Core confidential computing support +- meta-openembedded: System utilities and libraries +- meta-secure-core: Security features +- meta-virtualization: Container support +- meta-custom-podman: Customized podman configuration +- meta-searcher: Searcher-specific features +- poky: Base Yocto distribution + +## Build Configuration +- Image Type: `cvm-image-azure` +- Package Format: IPK +- Supported Machine: tdx +- Distribution: cvm + +## Required Configuration +Before building, you must set the following in env_files/bob_yocto_build_config.env: +- `SEARCHER_SSH_KEY`: SSH public key for searcher access (required) + +## Usage +```bash +# First set SEARCHER_SSH_KEY in env_files/bob_yocto_build_config.env +make image-bob +``` + +For measurement generation: +```bash +make measurements-bob +``` + +Build artifacts will be available in `reproducible-build/artifacts-bob/`. + +## Notes +- Ensure SSH key is properly configured before building +- The image is optimized for searcher workloads +- Includes container management capabilities diff --git a/config_files/tdx-rbuilder/README.md b/config_files/tdx-rbuilder/README.md new file mode 100644 index 0000000..e701406 --- /dev/null +++ b/config_files/tdx-rbuilder/README.md @@ -0,0 +1,54 @@ +# TDX RBuilder Profile + +This profile creates an image optimized for running Ethereum validators and builders, including reth and lighthouse clients. It provides a comprehensive environment for blockchain node operation. + +## Features +- AMD SEV-SNP/TDX support +- Rust/Clang toolchain support +- EVM integration +- Observability tools +- Secure container runtime isolation via podman +- Builder/validator configuration + +## Included Layers +- meta-confidential-compute: Core confidential computing support +- meta-openembedded: System utilities and libraries +- meta-secure-core: Security features +- meta-virtualization: Container support +- meta-clang: LLVM/Clang compiler support +- meta-evm: Ethereum Virtual Machine support +- meta-rust-bin: Rust toolchain +- meta-observability: Monitoring tools +- meta-custom-podman: Container runtime +- poky: Base Yocto distribution + +## Build Configuration +- Image Type: `cvm-image-azure` +- Package Format: IPK +- Supported Machine: tdx +- Distribution: cvm + +## Environment Variables +The following environment variables can be set in env_files/rbuilder_yocto_build_config.env: +- `DEBUG_TWEAKS_ENABLED`: Enable debug features (default: 1) +- `INCLUDE_RCLONE`: Include rclone tool (default: 1) +- `INIT_CONFIG_URL`: Builder initialization config URL +- `DISK_ENCRYPTION_KEY_STORAGE`: Configure disk encryption key storage location (optional) +- `SSH_PUBKEY`: SSH public key for access (optional) + +## Usage +```bash +make image-rbuilder +``` + +For measurement generation: +```bash +make measurements-rbuilder +``` + +Build artifacts will be available in `reproducible-build/artifacts-rbuilder/`. + +## Notes +- Includes full development toolchain +- Enhanced monitoring capabilities +- Container support for service isolation