aleph-im · olethanh · Jun 17, 2024
diff --git a/tools/ovmf/README.md b/tools/ovmf/README.md
@@ -1,19 +1,24 @@
 # OVMF build
 
-The files in this directory aim to build a version of OVMF able to store SEV secrets
+The files in this directory build a version of OVMF able to store SEV secrets
 in a physical memory region that will then be accessible by Grub. The final OVMF image
-will also include Grub in order to measure OVMF+Grub before loading secrets inside
+also include Grub in order to measure OVMF+Grub before loading secrets inside
 the VM.
 
 This process relies on the patch sets produced by James Bottomley:
 https://listman.redhat.com/archives/edk2-devel-archive/2020-November/msg01247.html
 
 ## Build instructions
 
-As this requires a patched version of Grub, we build both tools inside a Docker image.
+As this requires a patched version of Grub, it is advised to build both tools inside a container.
 
-Step:
-1. Outside of docker, download patched dep by running: `bash download_dependencies.sh`
-2. Launch docker container : `sudo docker run -it -v .:/opt ubuntu 22:04`
-3. Inside the docker, build the patched grub and OVMF with: `cd /opt; bash build_ovmf.sh`
-4. The OVMF.fd file will be in `downloads/edk2/Build/AmdSev/RELEASE_GCC5/FV/OVMF.fd`
+
+e.g using podman
+```
+# Clone grub and edk2, and apply the patches
+bash ./download_dependencies.sh
+podman run -v ./build_ovmf.sh:/opt/build_ovmf.sh  -v ./downloads:/opt/downloads\
+ ubuntu:22.04  bash /opt/download_dependencies.sh
+# The OVMF.fd file will be in `downloads/edk2/Build/AmdSev/RELEASE_GCC5/FV/OVMF.fd
+cp downloads/edk2/Build/AmdSev/RELEASE_GCC5/FV/OVMF.fd confidential-OVMF.fd
+```
diff --git a/tools/ovmf/build_ovmf.sh b/tools/ovmf/build_ovmf.sh
@@ -31,6 +31,5 @@ make
 make install
 
 # Build OVMF
-
 cd $EDK2_DIR
 OvmfPkg/build.sh -b RELEASE -p OvmfPkg/AmdSev/AmdSevX64.dsc
diff --git a/tools/ovmf/download_dependencies.sh b/tools/ovmf/download_dependencies.sh
@@ -15,20 +15,25 @@ EDK2_COMMIT="edk2-stable202205"
 EDK2_DIR="${DOWNLOAD_DIR}/edk2"
 
 # Download Grub
-git clone ${GRUB_GIT_REPOSITORY} "${GRUB_DIR}"
-
-# Apply patches
-pushd "${GRUB_DIR}" > /dev/null
-git checkout "${GRUB_COMMIT}"
-popd > /dev/null
+git clone  --depth 1 --branch "${GRUB_COMMIT}" ${GRUB_GIT_REPOSITORY} "${GRUB_DIR}"
 
 # Download EDK2 (=OVMF)
 git clone --recurse-submodules "${EDK2_GIT_REPOSITORY}" "${EDK2_DIR}"
 
+
+
+
 # Apply patches to EDK2
 EDK2_PATCH_DIR="${PATCH_DIR}/edk2"
 pushd "${EDK2_DIR}" > /dev/null
 git checkout "${EDK2_COMMIT}"
 git submodule update
+# Default user is needed by git am. only set it for the repo if not set already
+if ! git config user.name > /dev/null; then
+    git config --local user.name "Your Name"
+fi
+if ! git config user.email > /dev/null; then
+    git config  --local user.email "[email protected]"
+fi
 git am --ignore-space-change --ignore-whitespace "${EDK2_PATCH_DIR}/0001-Fix-invokation-of-cryptomount-s-for-AMD-SEV.patch"
 popd > /dev/null
diff --git a/tools/ovmf/ovmf.dockerfile b/tools/ovmf/ovmf.dockerfile
@@ -1,13 +1,12 @@
 FROM ubuntu:22.04
 
-ARG GRUB_PACKAGE
-ARG EDK2_PACKAGE
-
 # Install dependencies
 RUN apt-get update && apt-get install -y build-essential uuid-dev iasl git nasm python-is-python3
 RUN nasm --version
 
-COPY downloads/ /opt/
-COPY patches/grub-sev.patch .
+WORKDIR /opt/
+COPY patches /opt/
+COPY download_dependencies.sh/ /opt/
+#COPY build_ovmf.sh/ /opt/
 
-WORKDIR /opt/${GRUB_PACKAGE}
+RUN bash ./download_dependencies.sh