diff --git a/justfile b/justfile index 643dd8c4137..94b30e10dc6 100644 --- a/justfile +++ b/justfile @@ -24,17 +24,29 @@ oak_restricted_kernel_bin: env --chdir=oak_restricted_kernel_bin cargo build --release --bin=oak_restricted_kernel_bin _wrap_kernel kernel_bin_prefix: - env --chdir=oak_restricted_kernel_wrapper OAK_RESTRICTED_KERNEL_FILE_NAME={{kernel_bin_prefix}}_bin cargo build --release - rust-objcopy --output-target=binary oak_restricted_kernel_wrapper/target/x86_64-unknown-none/release/oak_restricted_kernel_wrapper oak_restricted_kernel_wrapper/target/x86_64-unknown-none/release/{{kernel_bin_prefix}}_wrapper_bin - rm -rf oak_restricted_kernel_wrapper/target/released_bin_with_components_{{kernel_bin_prefix}} - mkdir -p oak_restricted_kernel_wrapper/target/released_bin_with_components_{{kernel_bin_prefix}} - cp \ - oak_restricted_kernel_wrapper/target/x86_64-unknown-none/release/{{kernel_bin_prefix}}_wrapper_bin \ - oak_restricted_kernel_wrapper/target/released_bin_with_components_{{kernel_bin_prefix}}/bzimage + #!/usr/bin/env bash + # This script builds and then wraps a kernel as a bzImage. It outputs the bzimage and its constituent parts for measurement. + KERNEL_BIN_PREFIX="{{kernel_bin_prefix}}" + OAK_WRAPPER_DIR="oak_restricted_kernel_wrapper" + BIN_DIR="${OAK_WRAPPER_DIR}/bin/${KERNEL_BIN_PREFIX}" + RUST_TARGET_DIR="${OAK_WRAPPER_DIR}/target/x86_64-unknown-none/release" + KERNEL_BIN_PATH="${RUST_TARGET_DIR}/oak_restricted_kernel_wrapper" + + # Ensure clean state for the binaries. All binaries in "${BIN_DIR}" will be included in any provenances. + rm -rf "${BIN_DIR}" + mkdir -p "${BIN_DIR}" + + # Wrap the kernel as a bzImage. + env --chdir="${OAK_WRAPPER_DIR}" OAK_RESTRICTED_KERNEL_FILE_NAME="${KERNEL_BIN_PREFIX}_bin" cargo build --release + + # Copy the kernel binary to the designated location. + rust-objcopy --output-target=binary "${KERNEL_BIN_PATH}" "${BIN_DIR}/${KERNEL_BIN_PREFIX}_wrapper_bin" + + # Process the kernel binary using oak_kernel_measurement. cargo run --package oak_kernel_measurement -- \ - --kernel=oak_restricted_kernel_wrapper/target/released_bin_with_components_{{kernel_bin_prefix}}/bzimage \ - --kernel-setup-data-output=oak_restricted_kernel_wrapper/target/released_bin_with_components_{{kernel_bin_prefix}}/kernel_setup_data \ - --kernel-image-output=oak_restricted_kernel_wrapper/target/released_bin_with_components_{{kernel_bin_prefix}}/kernel_image + --kernel="${BIN_DIR}/${KERNEL_BIN_PREFIX}_wrapper_bin" \ + --kernel-setup-data-output="${BIN_DIR}/${KERNEL_BIN_PREFIX}_setup_data" \ + --kernel-image-output="${BIN_DIR}/${KERNEL_BIN_PREFIX}_image" oak_restricted_kernel_wrapper: oak_restricted_kernel_bin just _wrap_kernel oak_restricted_kernel diff --git a/kokoro/build_binaries_rust.sh b/kokoro/build_binaries_rust.sh index c4c9b7cdc91..b437e2fc379 100755 --- a/kokoro/build_binaries_rust.sh +++ b/kokoro/build_binaries_rust.sh @@ -30,8 +30,8 @@ touch "${KOKORO_ARTIFACTS_DIR}/binaries/git_commit_${KOKORO_GIT_COMMIT_oak:?}" # Copy the generated binaries to Placer. The timestamps are used to convey # the creation time. readonly generated_binaries=( - ./oak_restricted_kernel_wrapper/target/x86_64-unknown-none/release/oak_restricted_kernel_simple_io_wrapper_bin - ./oak_restricted_kernel_wrapper/target/x86_64-unknown-none/release/oak_restricted_kernel_simple_io_init_rd_wrapper_bin + ./oak_restricted_kernel_wrapper/bin/oak_restricted_kernel_simple_io/oak_restricted_kernel_simple_io_wrapper_bin + ./oak_restricted_kernel_wrapper/bin/oak_restricted_kernel_simple_io_init_rd/oak_restricted_kernel_simple_io_init_rd_wrapper_bin ./oak_restricted_kernel_wrapper/cmd_line_regex.txt ./stage0_bin/target/x86_64-unknown-none/release/stage0_bin ./enclave_apps/target/x86_64-unknown-none/release/key_xor_test_app