mkimage: emit digest.sev.txt (AMD SEV-SNP os_image_hash)

mkimage.sh

@@ -300,6 +300,31 @@ sha256sum ovmf.fd bzImage initramfs.cpio.gz metadata.json > sha256sum.txt
 sha256sum sha256sum.txt | awk '{print $1}' > digest.txt
 popd
 
+# digest.sev.txt: the AMD SEV-SNP os_image_hash. Unlike the TDX digest.txt
+# (a content hash that includes the TDX firmware), this is computed by the
+# `dstack-mr` tool from the SEV firmware (ovmf-sev.fd) + kernel/initrd/cmdline/
+# rootfs and matches the os_image_hash the KMS verifier derives from a launch
+# measurement. The VMM reads this file at deploy time instead of recomputing it,
+# so it is required (not best-effort): if `dstack-mr` is not prebuilt, build it.
+HAVE_DIGEST_SEV=0
+if [ "$HAVE_OVMF_SEV" = "1" ]; then
+    DSTACK_SRC="${DSTACK_SRC:-$SCRIPT_DIR/dstack}"
+    if [ -z "${DSTACK_MR_BIN:-}" ]; then
+        for c in "$SCRIPT_DIR/dstack-mr" "$SCRIPT_DIR/rust-target/release/dstack-mr" \
+                 "$DSTACK_SRC/target/release/dstack-mr"; do
+            [ -x "$c" ] && DSTACK_MR_BIN="$c" && break
+        done
+    fi
+    if [ -z "${DSTACK_MR_BIN:-}" ]; then
+        echo "Building dstack-mr to compute digest.sev.txt"
+        ( cd "$DSTACK_SRC" && cargo build --release -p dstack-mr )
+        DSTACK_MR_BIN="$DSTACK_SRC/target/release/dstack-mr"
+    fi
+    echo "Generating digest.sev.txt via ${DSTACK_MR_BIN}"
+    "${DSTACK_MR_BIN}" sev-os-image-hash "${OUTPUT_DIR}" > "${OUTPUT_DIR}/digest.sev.txt"
+    HAVE_DIGEST_SEV=1
+fi
+
 # Create UKI artifacts (disk.raw and auth_hash.txt) in OUTPUT_DIR
 UKI_CREATED=0
 if [ "$ENABLE_UKI_IMAGE" = "1" ]; then
@@ -331,6 +356,9 @@ if [ x$DSTACK_TAR_RELEASE = x1 ]; then
     if [ "$HAVE_OVMF_SEV" = "1" ]; then
         BARE_METAL_FILES="$BARE_METAL_FILES ovmf-sev.fd"
     fi
+    if [ "$HAVE_DIGEST_SEV" = "1" ]; then
+        BARE_METAL_FILES="$BARE_METAL_FILES digest.sev.txt"
+    fi
     (cd "$PARENT_DIR" && tar -czvf ${IMAGE_TAR} $(for f in $BARE_METAL_FILES; do echo "$TAR_DIR_NAME/$f"; done))
     echo