ci: Update script to install for AL23

Update the build script to allow us to install the secret hidden kernels
onto Amazon Linux 2023 instances.

We have to as part of this include a script to download and install ena
drivers for the instance to allow us to boot.

Signed-off-by: Jack Thomson <[email protected]>

Author: JackThomson2

resources/hiding_ci/build_and_install_kernel.sh

@@ -13,12 +13,20 @@ check_root() {
   fi
 }
 
-check_ubuntu() {
-  # Currently this script only works on Ubuntu instances
-  if ! grep -qi 'ubuntu' /etc/os-release; then
-    echo "This script currently only works on Ubuntu."
-    exit 1
+check_userspace() {
+  # Currently this script only works on Ubuntu and AL2023
+  if grep -qi 'ubuntu' /etc/os-release; then
+    USERSPACE="UBUNTU"
+    return 0
+  fi
+
+  if grep -qi 'al2023' /etc/os-release; then
+    USERSPACE="AL2023"
+    return 0
   fi
+
+  echo "This script currently only works on Ubuntu and Amazon Linux 2023."
+  exit 1
 }
 
 tidy_up() {
@@ -96,6 +104,39 @@ check_override_presence() {
   echo "All overrides correctly applied.."
 }
 
+ubuntu_update_boot() {
+  echo "Update initramfs"
+  update-initramfs -c -k $KERNEL_VERSION
+  echo "Updating GRUB..."
+  update-grub
+}
+
+al2023_update_boot() {
+  echo "Installing ENA driver for AL2023"
+  $START_DIR/install_ena.sh $KERNEL_VERSION $START_DIR/dkms.conf
+
+  # Just ensure we are back in the build dir
+  cd $TMP_BUILD_DIR
+
+  echo "Creating the new ram disk"
+  dracut --kver $KERNEL_VERSION -f -v
+
+  echo "Updating GRUB..."
+  grubby --grub2 --add-kernel /boot/vmlinux-$KERNEL_VERSION --title="Secret Hiding" --initrd=/boot/initramfs-$KERNEL_VERSION.img --copy-default
+  grubby --set-default /boot/vmlinux-$KERNEL_VERSION
+}
+
+update_boot_config() {
+  case "$USERSPACE" in
+  UBUNTU) ubuntu_update_boot ;;
+  AL2023) al2023_update_boot ;;
+  *)
+    echo "Unknown userspace"
+    exit 1
+    ;;
+  esac
+}
+
 KERNEL_URL=$(cat kernel_url)
 KERNEL_COMMIT_HASH=$(cat kernel_commit_hash)
 KERNEL_PATCHES_DIR=$(pwd)/patches
@@ -155,16 +196,14 @@ echo "New kernel version:" $KERNEL_VERSION
 confirm "$@"
 
 check_root
-check_ubuntu
+check_userspace
 
 echo "Installing kernel modules..."
 make INSTALL_MOD_STRIP=1 modules_install
 echo "Installing kernel..."
 make INSTALL_MOD_STRIP=1 install
-echo "Update initramfs"
-update-initramfs -c -k $KERNEL_VERSION
-echo "Updating GRUB..."
-update-grub
+
+update_boot_config
 
 echo "Kernel built and installed successfully!"
 

resources/hiding_ci/dkms.conf

@@ -0,0 +1,10 @@
+PACKAGE_NAME="ena"
+PACKAGE_VERSION="1.0.0"
+CLEAN="make -C kernel/linux/ena clean"
+MAKE="make -C kernel/linux/ena/ BUILD_KERNEL=${kernelver}"
+BUILT_MODULE_NAME[0]="ena"
+BUILT_MODULE_LOCATION="kernel/linux/ena"
+DEST_MODULE_LOCATION[0]="/updates"
+DEST_MODULE_NAME[0]="ena"
+REMAKE_INITRD="yes"
+AUTOINSTALL="yes"

resources/hiding_ci/install_ena.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+# Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# # SPDX-License-Identifier: Apache-2.0
+
+# fail if we encounter an error, uninitialized variable or a pipe breaks
+set -eu -o pipefail
+
+AMZN_DRIVER_VERSION="2.13.3"
+KERNEL_VERSION=$1
+DKMS_CONF_LOCATION=$2
+START_DIR=$(pwd)
+
+cd /tmp/
+
+git clone --depth=1 https://github.com/amzn/amzn-drivers.git
+mv amzn-drivers /usr/src/amzn-drivers-${AMZN_DRIVER_VERSION}
+
+cp $DKMS_CONF_LOCATION /usr/src/amzn-drivers-${AMZN_DRIVER_VERSION}
+
+dkms add -m amzn-drivers -v ${AMZN_DRIVER_VERSION}
+dkms build -k ${KERNEL_VERSION} -m amzn-drivers -v ${AMZN_DRIVER_VERSION}
+dkms install -k ${KERNEL_VERSION} -m amzn-drivers -v ${AMZN_DRIVER_VERSION}
+
+cd $START_DIR