Add support for docker-compose volumes

Author: iKapitonau

meta-secret-vm/recipes-core/images/secret-vm-initramfs-files/init

@@ -26,6 +26,13 @@ echo "ROOTFS_HASH=$ROOTFS_HASH"
 
 attest-tool extendrt 3 $DOCKER_COMPOSE_HASH
 attest-tool extendrt 3 $ROOTFS_HASH
+
+if [ -f mnt/docker-files.tar ]; then
+    DOCKER_FILES_HASH=$(sha256sum mnt/docker-files.tar | cut -f 1 -d ' ')
+    echo "DOCKER_FILES_HASH=$DOCKER_FILES_HASH"
+    attest-tool extendrt 3 $DOCKER_FILES_HASH
+fi
+
 attest-tool report
 
 mkdir -p /cdrom

meta-secret-vm/recipes-core/secret-vm-scripts/files/secret-vm-docker-start.service

@@ -5,7 +5,7 @@ After=secret-vm-startup.service
 
 [Service]
 ExecStart=/usr/bin/docker compose up
-WorkingDirectory=/mnt/config
+WorkingDirectory=/mnt/secure/docker_wd
 Restart=no
 
 [Install]

meta-secret-vm/recipes-core/secret-vm-scripts/files/secret-vm-start.sh

@@ -27,6 +27,15 @@ fi
 
 startup.sh finalize $CERT_PATH
 
+mkdir -p /mnt/secure/docker_wd
+cp /mnt/config/docker-compose.yaml /mnt/secure/docker_wd
+
+pushd .
+cd /mnt/secure/docker_wd
+# this file is optional
+cp /mnt/config/docker-files.tar . && tar xvf ./docker-files.tar || true 
+popd
+
 if [ -n "$GPU_MODE" ]; then 
     nvidia-ctk runtime configure --runtime=docker
     nvidia-ctk config --set nvidia-container-cli.no-cgroups --in-place