feat(cmd/rofl): Add support for persistent storage

cmd/rofl/build/container.go

@@ -13,9 +13,9 @@ const (
 	artifactContainerRuntime = "rofl-container runtime"
 	artifactContainerCompose = "compose.yaml"
 
-	defaultContainerStage2TemplateURI = "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.3.0/stage2-podman.tar.bz2#d84e0ca961fb0913b73a50ed90eb743af24b3d0acecdbe2594650e2801b41171"
+	defaultContainerStage2TemplateURI = "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.3.0/stage2-podman.tar.bz2#4239991c742c189f9f6949e597276e9ae5972768c4bfb5108190565e2addf47e"
 
-	defaultContainerRuntimeURI = "https://github.com/oasisprotocol/oasis-sdk/releases/download/rofl-containers%2Fv0.1.0/rofl-containers#89d533f8c2c0a8015fdc269ae350ab5b6a271c3aa6b17dd2c1ea49b3ffff2e06"
+	defaultContainerRuntimeURI = "https://github.com/oasisprotocol/oasis-sdk/releases/download/rofl-containers%2Fv0.2.0/rofl-containers#d6f60ce41a33e8240396596037094816cdcd40abd1813d6dc26988d557bceccd"
 
 	defaultContainerComposeURI = "compose.yaml"
 )

cmd/rofl/build/tdx.go

@@ -22,9 +22,9 @@ const (
 	artifactKernel   = "kernel"
 	artifactStage2   = "stage 2 template"
 
-	defaultFirmwareURI       = "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.3.0/ovmf.tdx.fd#db47100a7d6a0c1f6983be224137c3f8d7cb09b63bb1c7a5ee7829d8e994a42f"
-	defaultKernelURI         = "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.3.0/stage1.bin#029255ff97cd0e6e3be04372578e7c980a8b8c0138b8153afc047cca98fe6008"
-	defaultStage2TemplateURI = "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.3.0/stage2-basic.tar.bz2#2dfbc01d62744052afa95feb737d5a0d6a68e2b58d71743751c4e3fc5faf4d36"
+	defaultFirmwareURI       = "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.3.1/ovmf.tdx.fd#db47100a7d6a0c1f6983be224137c3f8d7cb09b63bb1c7a5ee7829d8e994a42f"
+	defaultKernelURI         = "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.3.1/stage1.bin#b2a7e4b92b6d41c5ac21b3291d740a3fc07551af96faba64439f6628101e2096"
+	defaultStage2TemplateURI = "https://github.com/oasisprotocol/oasis-boot/releases/download/v0.3.1/stage2-basic.tar.bz2#f0f2fab9747584258ed9292417bea4e4df75fb8d5e0ecd1653269d65914d1e8a"
 )
 
 var (
@@ -231,12 +231,12 @@ func tdxBundleComponent(
 		},
 	}
 
-	tmpStorageKind := buildRofl.StorageKindNone
+	storageKind := buildRofl.StorageKindNone
 	if manifest.Resources.Storage != nil {
-		tmpStorageKind = manifest.Resources.Storage.Kind
+		storageKind = manifest.Resources.Storage.Kind
 	}
 
-	switch tmpStorageKind {
+	switch storageKind {
 	case buildRofl.StorageKindNone:
 	case buildRofl.StorageKindRAM:
 		comp.TDX.ExtraKernelOptions = append(comp.TDX.ExtraKernelOptions,
@@ -252,18 +252,25 @@ func tdxBundleComponent(
 			return err
 		}
 
-		if tmpStorageKind == buildRofl.StorageKindDiskPersistent {
-			// TODO: For persistent disk, configure Stage2Persist flag and storage mode.
-			return fmt.Errorf("persistent disk not yet supported, use 'disk-ephemeral'")
+		var storageMode string
+		switch storageKind {
+		case buildRofl.StorageKindDiskPersistent:
+			// Persistent storage needs to be set up by stage 2.
+			storageMode = "custom"
+
+			// TODO: (Oasis Core 25.0+) Set comp.TDX.Stage2Persist = true
+		case buildRofl.StorageKindDiskEphemeral:
+			// Ephemeral storage can be set up by stage 1 directly.
+			storageMode = "disk"
 		}
 
 		comp.TDX.ExtraKernelOptions = append(comp.TDX.ExtraKernelOptions,
-			"oasis.stage2.storage_mode=disk",
+			fmt.Sprintf("oasis.stage2.storage_mode=%s", storageMode),
 			fmt.Sprintf("oasis.stage2.storage_size=%d", storageSize/sectorSize),
 			fmt.Sprintf("oasis.stage2.storage_offset=%d", storageOffset/sectorSize),
 		)
 	default:
-		return fmt.Errorf("unsupported storage mode: %s", tmpStorageKind)
+		return fmt.Errorf("unsupported storage mode: %s", storageKind)
 	}
 
 	// TODO: (Oasis Core 25.0+) Use qcow2 image format to support sparse files.