Add tee-sev-snp target and Katana build confirmation (#436)

* Adds a new `make tee-sev-snp` target that builds AMD SEV-SNP VM components via `misc/AMDSEV/build.sh`.
* Updates `build.sh` so missing `--katana` now asks for confirmation before building the Katana binary from source.

Author: kariy

Makefile

@@ -23,6 +23,7 @@ SIMPLE_DB := $(DB_FIXTURES_DIR)/simple
 CONTRACTS_CRATE := crates/contracts
 CONTRACTS_DIR := $(CONTRACTS_CRATE)/contracts
 CONTRACTS_BUILD_DIR := $(CONTRACTS_CRATE)/build
+AMDSEV_DIR := misc/AMDSEV
 
 VRF_DIR := $(CONTRACTS_DIR)/vrf
 AVNU_DIR := $(CONTRACTS_DIR)/avnu/contracts
@@ -41,14 +42,15 @@ SCARB_REQUIRED_VERSIONS := $(sort $(SCARB_VERSION) $(AVNU_SCARB_VERSION) $(VRF_S
 
 .DEFAULT_GOAL := usage
 .SILENT: clean
-.PHONY: usage help check-llvm native-deps native-deps-macos native-deps-linux native-deps-windows build-explorer contracts clean deps install-scarb fixtures snos-artifacts db-compat-artifacts generate-db-fixtures install-pyenv
+.PHONY: usage help check-llvm native-deps native-deps-macos native-deps-linux native-deps-windows build-explorer contracts tee-sev-snp clean deps install-scarb fixtures snos-artifacts db-compat-artifacts generate-db-fixtures install-pyenv
 
 usage help:
 	@echo "Usage:"
 	@echo "    deps:                      Install all required dependencies for building Katana with all features (incl. tests)."
 	@echo "    snos-deps:                 Install SNOS test dependencies (pyenv, Python 3.9.15)."
 	@echo "    build-explorer:            Build the explorer."
 	@echo "    contracts:                 Build the contracts."
+	@echo "    tee-sev-snp:               Build AMD SEV-SNP TEE VM components (prompts y/N to build katana unless KATANA_BINARY is set)."
 	@echo "    fixtures:            	  Prepare tests artifacts (including test database)."
 	@echo "    snos-artifacts:            Prepare SNOS tests artifacts."
 	@echo "    db-compat-artifacts:       Prepare database compatibility test artifacts."
@@ -94,6 +96,19 @@ build-explorer:
 
 contracts: install-scarb $(CONTRACTS_BUILD_DIR)
 
+tee-sev-snp:
+	@echo "Building AMD SEV-SNP TEE VM components..."
+	@if [ -n "$(KATANA_BINARY)" ]; then \
+		echo "Using katana binary: $(KATANA_BINARY)"; \
+		$(AMDSEV_DIR)/build.sh --katana "$(KATANA_BINARY)"; \
+	elif [ ! -t 0 ]; then \
+		echo "Error: non-interactive run requires KATANA_BINARY."; \
+		echo "Example: make tee-sev-snp KATANA_BINARY=/path/to/katana"; \
+		exit 1; \
+	else \
+		$(AMDSEV_DIR)/build.sh; \
+	fi
+
 # Generate the list of sources dynamically to make sure Make can track all files in all nested subdirs
 $(CONTRACTS_BUILD_DIR): $(shell find $(CONTRACTS_DIR) -type f)
 	@mkdir -p $@

misc/AMDSEV/README.md

@@ -26,7 +26,7 @@ Output is written to `misc/AMDSEV/output/qemu/`.
 
 ### Katana Binary
 
-If `--katana` is not provided, `build.sh` automatically builds a statically linked katana binary using musl libc via `scripts/build-musl.sh`.
+If `--katana` is not provided, `build.sh` prompts for confirmation (`y/N`) before building a statically linked katana binary using musl libc via `scripts/build-musl.sh`.
 
 **Important:** The initrd is minimal and contains no libc or shared libraries. Only statically linked binaries will work. If providing a custom binary with `--katana`, ensure it is statically linked (e.g., built with musl).
 

misc/AMDSEV/build.sh

@@ -101,7 +101,24 @@ fi
 
 # Build katana if needed for initrd and not provided
 if [ $BUILD_INITRD -eq 1 ] && [ -z "$KATANA_BINARY" ]; then
-	echo "No --katana provided, building katana with musl..."
+	echo "No --katana provided."
+	if [ ! -t 0 ]; then
+		echo "ERROR: Cannot prompt without an interactive terminal."
+		echo "Pass --katana /path/to/katana to use a pre-built binary."
+		exit 1
+	fi
+
+	read -r -p "Build katana from source with musl now? [y/N] " CONFIRM_BUILD_KATANA
+	case "$CONFIRM_BUILD_KATANA" in
+		[yY]|[yY][eE][sS])
+			echo "Building katana with musl..."
+			;;
+		*)
+			echo "Aborting. Provide --katana /path/to/katana to use a pre-built binary."
+			exit 1
+			;;
+	esac
+
 	PROJECT_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
 	"${PROJECT_ROOT}/scripts/build-musl.sh"
 	if [ $? -ne 0 ]; then