ci: Update script to install for AL23

JackThomson2 · roypat · commit 7caefb3537fa · 2025-04-25T14:19:25.000+01:00
Update the build script to allow us to install the secret hidden kernels
onto Amazon Linux 2023 instances.

We have to as part of this include a script to download and install ena
drivers for the instance to allow us to boot.

Signed-off-by: Jack Thomson &lt;jackabt@amazon.com&gt;
diff --git a/resources/hiding_ci/build_and_install_kernel.sh b/resources/hiding_ci/build_and_install_kernel.sh
@@ -13,12 +13,20 @@ check_root() {
   fi
 }
 
-check_ubuntu() {
-  # Currently this script only works on Ubuntu instances
-  if ! grep -qi 'ubuntu' /etc/os-release; then
-    echo "This script currently only works on Ubuntu."
-    exit 1
+check_userspace() {
+  # Currently this script only works on Ubuntu and AL2023
+  if grep -qi 'ubuntu' /etc/os-release; then
+    USERSPACE="UBUNTU"
+    return 0
+  fi
+
+  if grep -qi 'al2023' /etc/os-release; then
+    USERSPACE="AL2023"
+    return 0
   fi
+
+  echo "This script currently only works on Ubuntu and Amazon Linux 2023."
+  exit 1
 }
 
 tidy_up() {
@@ -96,6 +104,41 @@ check_override_presence() {
   echo "All overrides correctly applied.."
 }
 
+ubuntu_update_boot() {
+  echo "Update initramfs"
+  update-initramfs -c -k $KERNEL_VERSION
+  echo "Updating GRUB..."
+  update-grub
+}
+
+al2023_update_boot() {
+  echo "Installing ENA driver for AL2023"
+  $START_DIR/install_ena.sh $KERNEL_VERSION $START_DIR/dkms.conf
+
+  # Just ensure we are back in the build dir
+  cd $TMP_BUILD_DIR
+
+  echo "Creating the new ram disk"
+  dracut --kver $KERNEL_VERSION -f -v
+
+  echo "Updating GRUB..."
+  grubby --grub2 --add-kernel /boot/vmlinux-$KERNEL_VERSION \
+    --title="Secret Hiding" \
+    --initrd=/boot/initramfs-$KERNEL_VERSION.img --copy-default
+  grubby --set-default /boot/vmlinux-$KERNEL_VERSION
+}
+
+update_boot_config() {
+  case "$USERSPACE" in
+  UBUNTU) ubuntu_update_boot ;;
+  AL2023) al2023_update_boot ;;
+  *)
+    echo "Unknown userspace"
+    exit 1
+    ;;
+  esac
+}
+
 KERNEL_URL=$(cat kernel_url)
 KERNEL_COMMIT_HASH=$(cat kernel_commit_hash)
 KERNEL_PATCHES_DIR=$(pwd)/patches
@@ -155,16 +198,14 @@ echo "New kernel version:" $KERNEL_VERSION
 confirm "$@"
 
 check_root
-check_ubuntu
+check_userspace
 
 echo "Installing kernel modules..."
 make INSTALL_MOD_STRIP=1 modules_install
 echo "Installing kernel..."
 make INSTALL_MOD_STRIP=1 install
-echo "Update initramfs"
-update-initramfs -c -k $KERNEL_VERSION
-echo "Updating GRUB..."
-update-grub
+
+update_boot_config
 
 echo "Kernel built and installed successfully!"
 
diff --git a/resources/hiding_ci/dkms.conf b/resources/hiding_ci/dkms.conf
@@ -0,0 +1,10 @@
+PACKAGE_NAME="ena"
+PACKAGE_VERSION="1.0.0"
+CLEAN="make -C kernel/linux/ena clean"
+MAKE="make -C kernel/linux/ena/ BUILD_KERNEL=${kernelver}"
+BUILT_MODULE_NAME[0]="ena"
+BUILT_MODULE_LOCATION="kernel/linux/ena"
+DEST_MODULE_LOCATION[0]="/updates"
+DEST_MODULE_NAME[0]="ena"
+REMAKE_INITRD="yes"
+AUTOINSTALL="yes"
diff --git a/resources/hiding_ci/install_ena.sh b/resources/hiding_ci/install_ena.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+# Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# # SPDX-License-Identifier: Apache-2.0
+
+# fail if we encounter an error, uninitialized variable or a pipe breaks
+set -eu -o pipefail
+
+AMZN_DRIVER_VERSION="2.13.3"
+KERNEL_VERSION=$1
+DKMS_CONF_LOCATION=$2
+START_DIR=$(pwd)
+
+cd /tmp/
+
+git clone --depth=1 https://github.com/amzn/amzn-drivers.git
+mv amzn-drivers /usr/src/amzn-drivers-${AMZN_DRIVER_VERSION}
+
+cp $DKMS_CONF_LOCATION /usr/src/amzn-drivers-${AMZN_DRIVER_VERSION}
+
+dkms add -m amzn-drivers -v ${AMZN_DRIVER_VERSION}
+dkms build -k ${KERNEL_VERSION} -m amzn-drivers -v ${AMZN_DRIVER_VERSION}
+dkms install -k ${KERNEL_VERSION} -m amzn-drivers -v ${AMZN_DRIVER_VERSION}
+
+cd $START_DIR
