https://github.com/mkulke/mkosi-playground
Building azure images with mkosi
https://github.com/mkulke/mkosi-playground
azure confidential-computing mkosi secureboot
Last synced: 4 months ago
JSON representation
Building azure images with mkosi
- Host: GitHub
- URL: https://github.com/mkulke/mkosi-playground
- Owner: mkulke
- License: mit
- Created: 2024-03-11T16:41:39.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-01-14T17:47:22.000Z (over 1 year ago)
- Last Synced: 2025-09-05T01:43:02.090Z (9 months ago)
- Topics: azure, confidential-computing, mkosi, secureboot
- Language: Go
- Homepage:
- Size: 25.4 KB
- Stars: 2
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# mkosi playground
Building azure images with mkosi
## Requirements
nix w/ flakes support (https://nixos.org/nix/)
## Build
### Enter development environment
```bash
nix develop
```
### Create secure boot key
```bash
mkosi genkey
```
### Build raw image
```bash
mkosi -C ./initrd build
mkosi build
```
### Test in qemu
Use root for KVM acceleration
```bash
sudo $(which mkosi) qemu
```
## Publish to Azure
### Convert secure boot certificate
```bash
openssl x509 -in mkosi.crt -out additionalsignature.der -outform DER
base64 -w0 additionalsignature.der
```
### Edit uplosi.conf
Populate the `uplosi.conf` values according to the image gallery and image definition. Put the base64 encoded certificate string into the `additionalSignatures` list.
Note: The image definition has to support trusted launch.
### Publish
```bash
uplosi upload image.raw
```
## Deploy
```bash
cd launch-vm
go mod tidy
go build
./launch-vm -h
```