From 5efb9d7810bf92e95488d291f8aa0e9b5adf5b30 Mon Sep 17 00:00:00 2001
From: Kevin Wang <wy721@qq.com>
Date: Tue, 16 Jun 2026 18:44:08 -0700
Subject: [PATCH] mkimage: add bios-sev field to metadata.json for the SEV
 firmware

When the AMD SEV firmware (ovmf-sev.fd) is present, emit a "bios-sev"
field in metadata.json alongside the existing TDX "bios": "ovmf.fd". This
lets a VMM pick the right firmware per platform (ovmf.fd on TDX, ovmf-sev.fd
on AMD SEV-SNP) instead of hardcoding the TDX firmware.

The field is only emitted when the SEV firmware was built/shipped, so
non-SEV builds keep the original metadata.json. metadata.json is part of
sha256sum.txt, so digest.txt now reflects the bios-sev reference; this does
not change any TDX hardware measurement (MRTD comes from ovmf.fd, RTMRs from
kernel/cmdline/rootfs), only dstack's image-bundle digest.

Verified: metadata.json is valid JSON with .['bios-sev'] = 'ovmf-sev.fd';
the field is omitted (still valid JSON) when no SEV firmware is present.
---
 mkimage.sh | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/mkimage.sh b/mkimage.sh
index 453cbc4..b83c5c1 100755
--- a/mkimage.sh
+++ b/mkimage.sh
@@ -238,14 +238,20 @@ $Q cp $KERNEL_IMAGE ${OUTPUT_DIR}/
 $Q cp $OVMF_FIRMWARE ${OUTPUT_DIR}/
 
 # AMD SEV firmware (additive). Shipped alongside the TDX firmware so a SEV-SNP
-# launch can select it, but deliberately kept OUT of the image digest below:
-# sha256sum.txt / digest.txt / metadata.json stay TDX-only so the measured
-# image is byte-for-byte unchanged. SEV measurement is a separate concern.
+# launch can select it via the metadata.json "bios-sev" field below. The SEV
+# firmware blob itself is NOT added to sha256sum.txt, but metadata.json (which
+# references it) is, so digest.txt does reflect its presence. That does not
+# change any TDX hardware measurement (MRTD comes from ovmf.fd, RTMRs from
+# kernel/cmdline/rootfs) -- it only changes dstack's image-bundle digest.
 OVMF_SEV_FIRMWARE=${COMMON_IMG_DIR}/ovmf-sev.fd
 HAVE_OVMF_SEV=0
+BIOS_SEV_JSON=""
 if [ -f "$OVMF_SEV_FIRMWARE" ]; then
     $Q cp $OVMF_SEV_FIRMWARE ${OUTPUT_DIR}/
     HAVE_OVMF_SEV=1
+    # Inserted after the "bios" line in metadata.json (see below).
+    BIOS_SEV_JSON='
+    "bios-sev": "ovmf-sev.fd",'
 fi
 
 echo "Creating partitioned rootfs image at ${OUTPUT_DIR}/rootfs.img.parted.verity"
@@ -275,7 +281,7 @@ KARG2="dstack.rootfs_hash=$ROOT_HASH dstack.rootfs_size=$DATA_SIZE"
 
 cat <<EOF > ${OUTPUT_DIR}/metadata.json
 {
-    "bios": "ovmf.fd",
+    "bios": "ovmf.fd",${BIOS_SEV_JSON}
     "kernel": "bzImage",
     "cmdline": "$KARG0 $KARG1 $KARG2",
     "initrd": "initramfs.cpio.gz",