# Coconut SVSM Spec ExclusiveArch: x86_64 %define date 20250806 %define commit e1fd63d8 %define OVMF /usr/share/edk2/ovmf/OVMF.amdsev.fd %define OPENSSL_VER 3.5.1 %define OPENSSL_HASH 28538f622dfd3c60d2fcf4795f8e09068e7b0631 Name: coconut-svsm Version: 2025.09.devel Release: 0%{?dist}.osteffen202510200634 Summary: The Coconut Secure VM Service Module for AMD SEV-SNP License: MIT URL: https://github.com/coconut-svsm/coconut Source0: file://./coconut-svsm-%{commit}.tar.xz Source1: openssl-rhel-%{OPENSSL_HASH}.tar.xz Patch1: 0001-libcrt-implement-getrandom-and-add-missing-stubs-RHE.patch Patch2: 0002-openssl-Use-RHEL-3.5-w-RHEL_NO_SYMVER-fix-RHEL-only.patch BuildRequires: rust-toolset BuildRequires: rust-toolset-srpm-macros #BuildRequires: cargo-rpm-macros >= 24 BuildRequires: autoconf BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: clang-libs BuildRequires: binutils BuildRequires: curl BuildRequires: gcc BuildRequires: glibc-static BuildRequires: pkg-config BuildRequires: git BuildRequires: make BuildRequires: openssl-devel BuildRequires: perl BuildRequires: rust BuildRequires: rust-std-static-x86_64-unknown-none #BuildRequires: bindgen-cli BuildRequires: cargo BuildRequires: edk2-ovmf %description Secure Virtual machine Service Module for use in confidenial VMs based on AMD SEV-SNP memory encryption. This is the Coconut SVSM implementation, which provides a virtual TPM device via the Guest Communicatiom Protocl to the guest. Qemu with IGVM support is required to run. The provided firmware file includes SVSM and OVMF. %global debug_package %{nil} %prep %autosetup -n coconut-svsm -D -p1 # Unpack OpenSSL tarball and apply SVSM specific patch tar -C libtcgtpm/deps/ -a -f %{SOURCE1} -x # patch -d libtcgtpm/deps/openssl -p1 <%{SOURCE2} # Point cargo to the vendoered sources instead of the online registry. cat << EOF >> .cargo/config.toml [source.crates-io] replace-with = "vendored-sources" [source."git+https://github.com/mystor/synstructure.git?rev=1079497eb2bea252433dac53afe41291d8779641"] git = "https://github.com/mystor/synstructure.git" rev = "1079497eb2bea252433dac53afe41291d8779641" replace-with = "vendored-sources" [source."git+https://github.com/verus-lang/verus?rev=6c66898"] git = "https://github.com/verus-lang/verus" rev = "6c66898" replace-with = "vendored-sources" [source.vendored-sources] directory = "vendor" EOF # Automatic BuildRequires for Coconut %generate_buildrequires %build # Default flags interfere with svsm build unset CFLAGS unset CCFLAGS unset LDFLAGS unset RUSTFLAGS stat %{OVMF} echo "----------------------------------------------------------" cat .cargo/config.toml echo "----------------------------------------------------------" FW_FILE=%{OVMF} ./build --offline --verbose configs/qemu-target.json %install mkdir -p %{buildroot}%{_datadir}/%{name} install \ -m 444 \ bin/coconut-qemu.igvm \ %{buildroot}%{_datadir}/%{name}/coconut-qemu.igvm %files %dir %{_datadir}/%{name}/ %{_datadir}/%{name}/coconut-qemu.igvm %changelog * Tue May 7 2024 Oliver Steffen - 0^20240503g13acb6a-3 - Updated to latest upstream - Enable offline RPM build * Wed Apr 24 2024 Cole Robinson - 0^20240408gdec6072-2 - Re-add coconut-svsm.bin output * Mon Apr 08 2024 Oliver Steffen - 0.0.5 - Update to upstream commint dec6072, with vTPM - Back to online builds - offline is WIP * Tue Oct 10 2023 Oliver Steffen - 0.0.4 - Update to upstream commit c1aa81b - Use only rust components provided by Fedora. Include the packit crate in the source tarball. Patch out gdb support, since gdbstub is not available in Fedora. * Mon Sep 25 2023 Oliver Steffen - 0.0.3 - Update to upstream commit b8a5474 * Wed Sep 13 2023 Oliver Steffen - 0.0.2 - Update to upstream commit 9b7d797 * Wed Aug 9 2023 Oliver Steffen - 0.0.1 - Initial version of the package