ci: Use AL23 for secret hiding CI

Move from Ubuntu to AL2023 for the secret hiding testing to bring it
inline with the other kernels

We had to add some more kernel config overrides. The amazon linux
default kernel didn't have CRYPTO_HW enabled, this is required as a
dependency for AMD_SEV.

Signed-off-by: Jack Thomson <jackabt@amazon.com>

Author: JackThomson2

.buildkite/common.py

@@ -33,7 +33,7 @@
 DEFAULT_PLATFORMS = [
     ("al2", "linux_5.10"),
     ("al2023", "linux_6.1"),
-    ("ubuntu24", "secret_hiding"),
+    ("al2023", "secret_hiding"),
 ]
 
 

resources/hiding_ci/build_and_install_kernel.sh

@@ -177,15 +177,15 @@ make olddefconfig
 scripts/config --disable SYSTEM_TRUSTED_KEYS
 scripts/config --disable SYSTEM_REVOCATION_KEYS
 
-# We run this again to default options now changed by
-# the disabling of the ubuntu keys
-make olddefconfig
-
 # Apply our config overrides on top of the config
 scripts/kconfig/merge_config.sh -m .config $KERNEL_CONFIG_OVERRIDES
 
 check_override_presence
 
+# We run this again to default options now changed by
+# the disabling of the ubuntu keys
+make olddefconfig
+
 echo "Building kernel this may take a while"
 make -s -j $(nproc)
 echo "Building kernel modules"

resources/hiding_ci/kernel_config_overrides

@@ -1,6 +1,16 @@
 CONFIG_EXPERT=y
+CONFIG_CRYPTO_HW=y
+CONFIG_CRYPTO_DEV_CCP=y
+CONFIG_CRYPTO_DEV_CCP_DD=y
+CONFIG_CRYPTO_DEV_SP_PSP=y
 CONFIG_KVM=y
 CONFIG_KVM_SW_PROTECTED_VM=y
-CONFIG_KVM_PRIVATE_MEM=y
+CONFIG_KVM_AMD=y
+CONFIG_KVM_INTEL=y
 CONFIG_KVM_AMD_SEV=y
+CONFIG_KVM_PRIVATE_MEM=y
+CONFIG_KVM_GENERIC_MMU_NOTIFIER=y
+CONFIG_KVM_GENERIC_HARDWARE_ENABLING=y
+CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES=y
+CONFIG_KVM_GENERIC_PRIVATE_MEM=y
 CONFIG_DEBUG_INFO=y