From dfc843c62c56abb466b04a1268283ee99ac8822d Mon Sep 17 00:00:00 2001
From: Eero Kelly <eero.kelly@dfinity.org>
Date: Thu, 7 Nov 2024 20:08:07 +0000
Subject: [PATCH] Use Ubuntu packaged kernels for ICOS

---
 ic-os/guestos/context/Dockerfile.base | 23 -----------------------
 ic-os/guestos/context/packages.common |  1 +
 ic-os/setupos/context/Dockerfile.base | 20 --------------------
 3 files changed, 1 insertion(+), 43 deletions(-)

diff --git a/ic-os/guestos/context/Dockerfile.base b/ic-os/guestos/context/Dockerfile.base
index a7a33da7917..f5bad8dc31a 100644
--- a/ic-os/guestos/context/Dockerfile.base
+++ b/ic-os/guestos/context/Dockerfile.base
@@ -41,16 +41,6 @@ RUN cd /tmp/ && \
     echo "fbadb376afa7c883f87f70795700a8a200f7fd45412532cc1938a24d41078011  node_exporter-1.8.1.linux-amd64.tar.gz" > node_exporter.sha256 && \
     shasum -c node_exporter.sha256
 
-# Download >=6.11 kernel and modules
-RUN cd /tmp/ && \
-    curl -L -O http://mirrors.kernel.org/ubuntu/pool/main/l/linux/linux-modules-6.11.0-8-generic_6.11.0-8.8_amd64.deb && \
-    curl -L -O http://mirrors.kernel.org/ubuntu/pool/main/l/linux-signed/linux-image-6.11.0-8-generic_6.11.0-8.8_amd64.deb && \
-    curl -L -O http://mirrors.kernel.org/ubuntu/pool/main/l/linux-meta/linux-image-virtual-hwe-24.04_6.11.0-8.8_amd64.deb && \
-    echo "d4cd2d97fcca81b57bec947b0e8ca004d556afce1d13f5cebe5d677c0445c6a2  linux-modules-6.11.0-8-generic_6.11.0-8.8_amd64.deb" >> kernel.sha256 && \
-    echo "241811191691c68e0874519ee71bda9de39e23510dee5e5512150db874f5b285  linux-image-6.11.0-8-generic_6.11.0-8.8_amd64.deb" >> kernel.sha256 && \
-    echo "5c31c7e0d996ebc0928c5e1ad3b80fea047b56dfbbdaa759f7e7a70b1c42f10e  linux-image-virtual-hwe-24.04_6.11.0-8.8_amd64.deb" >> kernel.sha256 && \
-    shasum -c kernel.sha256
-
 #
 # Second build stage:
 # - Download and cache minimal Ubuntu Server 20.04 LTS Docker image
@@ -90,16 +80,3 @@ RUN cd /tmp/ && \
     mkdir -p /etc/node_exporter && \
     tar --strip-components=1 -C /usr/local/bin/ -zvxf node_exporter-1.8.1.linux-amd64.tar.gz node_exporter-1.8.1.linux-amd64/node_exporter && \
     rm /tmp/node_exporter-1.8.1.linux-amd64.tar.gz
-
-# Install >=6.11 kernel
-COPY --from=download /tmp/linux-modules-6.11.0-8-generic_6.11.0-8.8_amd64.deb /tmp/linux-modules-6.11.0-8-generic_6.11.0-8.8_amd64.deb
-COPY --from=download /tmp/linux-image-6.11.0-8-generic_6.11.0-8.8_amd64.deb /tmp/linux-image-6.11.0-8-generic_6.11.0-8.8_amd64.deb
-COPY --from=download /tmp/linux-image-virtual-hwe-24.04_6.11.0-8.8_amd64.deb /tmp/linux-image-virtual-hwe-24.04_6.11.0-8.8_amd64.deb
-
-RUN apt-get install -y --no-install-recommends \
-    /tmp/linux-modules-6.11.0-8-generic_6.11.0-8.8_amd64.deb \
-    /tmp/linux-image-6.11.0-8-generic_6.11.0-8.8_amd64.deb \
-    /tmp/linux-image-virtual-hwe-24.04_6.11.0-8.8_amd64.deb && \
-    rm /tmp/linux-modules-6.11.0-8-generic_6.11.0-8.8_amd64.deb && \
-    rm /tmp/linux-image-6.11.0-8-generic_6.11.0-8.8_amd64.deb && \
-    rm /tmp/linux-image-virtual-hwe-24.04_6.11.0-8.8_amd64.deb
diff --git a/ic-os/guestos/context/packages.common b/ic-os/guestos/context/packages.common
index 8a76eee42ce..97e54c0e46f 100644
--- a/ic-os/guestos/context/packages.common
+++ b/ic-os/guestos/context/packages.common
@@ -5,6 +5,7 @@
 # image only.
 
 # Need kernel to boot anything
+linux-image-extra-virtual-hwe-24.04
 initramfs-tools
 
 # Need systemd for boot process
diff --git a/ic-os/setupos/context/Dockerfile.base b/ic-os/setupos/context/Dockerfile.base
index 5d7cb6c46bb..bc131aa4130 100644
--- a/ic-os/setupos/context/Dockerfile.base
+++ b/ic-os/setupos/context/Dockerfile.base
@@ -34,23 +34,3 @@ RUN apt-get -y update && \
     apt-get -y upgrade && \
     apt-get -y --no-install-recommends install $(for P in ${PACKAGE_FILES}; do cat /tmp/$P | sed -e "s/#.*//" ; done) && \
     rm /tmp/packages.*
-
-# Install kernel modified to support sev-snp. Link the resulting kernel as the default.
-# Then clean up old kernel to save space
-# In the future this will change. Either:
-# - the mainline kernel will get SEV-SNP or
-# - AMDSEV repo might get built as part of this dockerfile
-# This sev-snp kernel is only used to check hardware capability.
-ARG MODIFIED_KERNEL_DEB="linux-image-6.1.0-rc4-snp-host-93fa8c5918a4_6.1.0-rc4-snp-host-93fa8c5918a4-1_amd64.deb"
-RUN curl -LsSf --remote-name https://github.com/dfinity/AMDSEV/releases/download/snp-release-2023-05-24/${MODIFIED_KERNEL_DEB} \
-    && dpkg -i ${MODIFIED_KERNEL_DEB} \
-    && rm ${MODIFIED_KERNEL_DEB} \
-    && ln -sf vmlinuz-6.1.0-rc4-snp-host-93fa8c5918a4 /boot/vmlinuz \
-    && ln -sf initrd.img-6.1.0-rc4-snp-host-93fa8c5918a4 /boot/initrd.img \
-    && find /boot -name "*.old" | xargs -L 1 unlink \
-    && find /boot -name "initrd*generic" \
-    -o -name "vmlinuz*generic" \
-    -o -name "config*generic" \
-    -o -name "System*generic" \
-    | xargs rm \
-    && find /usr/lib/modules -maxdepth 1 -type d -name "*generic" | xargs rm -rf