4aa730192e
- Revert "linux-user: Print tid not pid with strace" - gpex-acpi: Remove duplicate DSM #5 - smmuv3: Use default bus for arm-smmuv3-accel - smmuv3: Change arm-smmuv3-nested name to arm-smmuv3-accel - smmu-common: Return sysmem address space only for vfio-pci - smmuv3: realize get_pasid_cap and set ssidsize with pasid - vfio: Synthesize vPASID capability to VM - backend/iommufd: Report PASID capability - pci: Get pasid capability from vIOMMU - smmuv3: Add support for page fault handling - kvm: Translate MSI doorbell address only if it is valid - hw/arm/smmuv3: Enable sva/stall IDR features - iommufd.h: Updated to openeuler olk-6.6 kernel - tests/data/acpi/virt: Update IORT acpi table - hw/arm/virt-acpi-build: Add IORT RMR regions to handle MSI nested binding - tests/qtest: Allow IORT acpi table to change - hw/arm/virt-acpi-build: Build IORT with multiple SMMU nodes - hw/arm/smmuv3: Associate a pci bus with a SMMUv3 Nested device - hw/arm/smmuv3: Add initial support for SMMUv3 Nested device - hw/arm/virt: Add an SMMU_IO_LEN macro - hw/pci-host/gpex: [needs kernel fix] Allow to generate preserve boot config DSM #5 - tests/data/acpi: Update DSDT acpi tables - acpi/gpex: Fix PCI Express Slot Information function 0 returned value - tests/qtest: Allow DSDT acpi tables to change - hw/arm/smmuv3: Forward cache invalidate commands via iommufd - hw/arm/smmu-common: Replace smmu_iommu_mr with smmu_find_sdev - hw/arm/smmuv3: Add missing STE invalidation - hw/arm/smmuv3: Add smmu_dev_install_nested_ste() for CFGI_STE - hw/arm/smmuv3: Check idr registers for STE_S1CDMAX and STE_S1STALLD - hw/arm/smmuv3: Read host SMMU device info - hw/arm/smmuv3: Ignore IOMMU_NOTIFIER_MAP for nested-smmuv3 - hw/arm/smmu-common: Return sysmem if stage-1 is bypassed - hw/arm/smmu-common: Add iommufd helpers - hw/arm/smmu-common: Add set/unset_iommu_device callback - hw/arm/smmu-common: Extract smmu_get_sbus and smmu_get_sdev helpers - hw/arm/smmu-common: Bypass emulated IOTLB for a nested SMMU - hw/arm/smmu-common: Add a nested flag to SMMUState - backends/iommufd: Introduce iommufd_viommu_invalidate_cache - backends/iommufd: Introduce iommufd_vdev_alloc - backends/iommufd: Introduce iommufd_backend_alloc_viommu - vfio/iommufd: Implement [at|de]tach_hwpt handlers - vfio/iommufd: Implement HostIOMMUDeviceClass::realize_late() handler - HostIOMMUDevice: Introduce realize_late callback - vfio/iommufd: Add properties and handlers to TYPE_HOST_IOMMU_DEVICE_IOMMUFD - backends/iommufd: Add helpers for invalidating user-managed HWPT - Update iommufd.h header for vSVA - vfio/common: Allow disabling device dirty page tracking - vfio/migration: Don't block migration device dirty tracking is unsupported - vfio/iommufd: Implement VFIOIOMMUClass::query_dirty_bitmap support - vfio/iommufd: Implement VFIOIOMMUClass::set_dirty_tracking support - vfio/iommufd: Probe and request hwpt dirty tracking capability - vfio/{iommufd, container}: Invoke HostIOMMUDevice::realize() during attach_device() - vfio/iommufd: Add hw_caps field to HostIOMMUDeviceCaps - vfio/{iommufd,container}: Remove caps::aw_bits - HostIOMMUDevice: Store the VFIO/VDPA agent - vfio/iommufd: Introduce auto domain creation - vfio/ccw: Don't initialize HOST_IOMMU_DEVICE with mdev - vfio/ap: Don't initialize HOST_IOMMU_DEVICE with mdev - vfio/iommufd: Return errno in iommufd_cdev_attach_ioas_hwpt() - backends/iommufd: Extend iommufd_backend_get_device_info() to fetch HW capabilities - vfio/iommufd: Don't initialize nor set a HOST_IOMMU_DEVICE with mdev - vfio/pci: Extract mdev check into an helper - intel_iommu: Check compatibility with host IOMMU capabilities - intel_iommu: Implement [set|unset]_iommu_device() callbacks - intel_iommu: Extract out vtd_cap_init() to initialize cap/ecap - vfio/pci: Pass HostIOMMUDevice to vIOMMU - hw/pci: Introduce pci_device_[set|unset]_iommu_device() - hw/pci: Introduce helper function pci_device_get_iommu_bus_devfn() - vfio: Create host IOMMU device instance - backends/iommufd: Implement HostIOMMUDeviceClass::get_cap() handler - vfio/container: Implement HostIOMMUDeviceClass::get_cap() handler - vfio/iommufd: Implement HostIOMMUDeviceClass::realize() handler - backends/iommufd: Introduce helper function iommufd_backend_get_device_info() - vfio/container: Implement HostIOMMUDeviceClass::realize() handler - range: Introduce range_get_last_bit() - backends/iommufd: Introduce TYPE_HOST_IOMMU_DEVICE_IOMMUFD[_VFIO] devices - vfio/container: Introduce TYPE_HOST_IOMMU_DEVICE_LEGACY_VFIO device - backends/host_iommu_device: Introduce HostIOMMUDeviceCaps - backends: Introduce HostIOMMUDevice abstract - vfio/iommufd: Remove CONFIG_IOMMUFD usage - vfio/spapr: Extend VFIOIOMMUOps with a release handler - vfio/spapr: Only compile sPAPR IOMMU support when needed - vfio/iommufd: Introduce a VFIOIOMMU iommufd QOM interface - vfio/spapr: Introduce a sPAPR VFIOIOMMU QOM interface - vfio/container: Intoduce a new VFIOIOMMUClass::setup handler - vfio/container: Introduce a VFIOIOMMU legacy QOM interface - vfio/container: Introduce a VFIOIOMMU QOM interface - vfio/container: Initialize VFIOIOMMUOps under vfio_init_container() - vfio/container: Introduce vfio_legacy_setup() for further cleanups - docs/devel: Add VFIO iommufd backend documentation - vfio: Introduce a helper function to initialize VFIODevice - vfio/ccw: Move VFIODevice initializations in vfio_ccw_instance_init - vfio/ap: Move VFIODevice initializations in vfio_ap_instance_init - vfio/platform: Move VFIODevice initializations in vfio_platform_instance_init - vfio/pci: Move VFIODevice initializations in vfio_instance_init - hw/i386: Activate IOMMUFD for q35 machines - kconfig: Activate IOMMUFD for s390x machines - hw/arm: Activate IOMMUFD for virt machines - vfio: Make VFIOContainerBase poiner parameter const in VFIOIOMMUOps callbacks - vfio/ccw: Make vfio cdev pre-openable by passing a file handle - vfio/ccw: Allow the selection of a given iommu backend - vfio/ap: Make vfio cdev pre-openable by passing a file handle - vfio/ap: Allow the selection of a given iommu backend - vfio/platform: Make vfio cdev pre-openable by passing a file handle - vfio/platform: Allow the selection of a given iommu backend - vfio/pci: Make vfio cdev pre-openable by passing a file handle - vfio/pci: Allow the selection of a given iommu backend - vfio/iommufd: Enable pci hot reset through iommufd cdev interface - vfio/pci: Introduce a vfio pci hot reset interface - vfio/pci: Extract out a helper vfio_pci_get_pci_hot_reset_info - vfio/iommufd: Add support for iova_ranges and pgsizes - vfio/iommufd: Relax assert check for iommufd backend - vfio/iommufd: Implement the iommufd backend - vfio/common: return early if space isn't empty - util/char_dev: Add open_cdev() - backends/iommufd: Introduce the iommufd object - vfio/spapr: Move hostwin_list into spapr container - vfio/spapr: Move prereg_listener into spapr container - vfio/spapr: switch to spapr IOMMU BE add/del_section_window - vfio/spapr: Introduce spapr backend and target interface - vfio/container: Implement attach/detach_device - vfio/container: Move iova_ranges to base container - vfio/container: Move dirty_pgsizes and max_dirty_bitmap_size to base container - vfio/container: Move listener to base container - vfio/container: Move vrdl_list to base container - vfio/container: Move pgsizes and dma_max_mappings to base container - vfio/container: Convert functions to base container - vfio/container: Move per container device list in base container - vfio/container: Switch to IOMMU BE set_dirty_page_tracking/query_dirty_bitmap API - vfio/container: Move space field to base container - vfio/common: Move giommu_list in base container - vfio/common: Introduce vfio_container_init/destroy helper - vfio/container: Switch to dma_map|unmap API - vfio/container: Introduce a empty VFIOIOMMUOps - vfio: Introduce base object for VFIOContainer and targeted interface - cryptodev: Fix error handling in cryptodev_lkcf_execute_task() - hw/xen: Fix xen_bus_realize() error handling - hw/misc/aspeed_hace: Fix buffer overflow in has_padding function - target/s390x: Fix a typo in s390_cpu_class_init() - hw/sd/sdhci: free irq on exit - hw/ufs: free irq on exit - hw/pci-host/designware: Fix ATU_UPPER_TARGET register access - target/i386: Make invtsc migratable when user sets tsc-khz explicitly - target/i386: Construct CPUID 2 as stateful iff times > 1 - target/i386: Enable fdp-excptn-only and zero-fcs-fds - target/i386: Don't construct a all-zero entry for CPUID[0xD 0x3f] - i386/cpuid: Remove subleaf constraint on CPUID leaf 1F - target/i386: pass X86CPU to x86_cpu_get_supported_feature_word - target/i386: Raise the highest index value used for any VMCS encoding - target/i386: Add VMX control bits for nested FRED support - target/i386: Delete duplicated macro definition CR4_FRED_MASK - target/i386: Add get/set/migrate support for FRED MSRs - target/i386: enumerate VMX nested-exception support - vmxcap: add support for VMX FRED controls - target/i386: mark CR4.FRED not reserved - target/i386: add support for FRED in CPUID enumeration - target/i386: fix feature dependency for WAITPKG - target/i386: Add more features enumerated by CPUID.7.2.EDX - net: fix build when libbpf is disabled, but libxdp is enabled - hw/nvme: fix invalid endian conversion - hw/nvme: fix invalid check on mcl - backends/cryptodev: Do not ignore throttle/backends Errors - backends/cryptodev: Do not abort for invalid session ID - virtcca: add kvm isolation when get tmi version. - qga: Don't daemonize before channel is initialized - qga: Add log to guest-fsfreeze-thaw command - backends: VirtCCA: cvm_gpa_start supports both 1GB and 3GB - BUGFIX: Enforce isolation for virtcca_shared_hugepage - arm: VirtCCA: qemu CoDA support UEFI boot - arm: VirtCCA: Compatibility with older versions of TMM and the kernel - arm: VirtCCA: qemu uefi boot support kae - arm: VirtCCA: CVM support UEFI boot Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit 85fd7a435d8203dde56fedc4c8f500e41faf132c)
190 lines
7.1 KiB
Diff
190 lines
7.1 KiB
Diff
From 9eacd1a6df6861b76663e98133adb15059bf65cc Mon Sep 17 00:00:00 2001
|
|
From: gongchangsui <gongchangsui@outlook.com>
|
|
Date: Mon, 17 Mar 2025 02:40:50 -0400
|
|
Subject: [PATCH] arm: VirtCCA: CVM support UEFI boot
|
|
|
|
1. Add UEFI boot support for Confidential VMs.
|
|
2. Modify the base memory address of Confidential VMs from 3GB to 1GB.
|
|
3. Disable pflash boot support for Confidential VMs; use the`-bios`option to specify`QEMU_EFI.fd`during launch.
|
|
|
|
Signed-off-by: gongchangsui <gongchangsui@outlook.com>
|
|
---
|
|
hw/arm/boot.c | 38 ++++++++++++++++++++++++++++++++++++--
|
|
hw/arm/virt.c | 33 ++++++++++++++++++++++++++++++++-
|
|
include/hw/arm/boot.h | 3 +++
|
|
3 files changed, 71 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/hw/arm/boot.c b/hw/arm/boot.c
|
|
index 42110b0f18..6b2f46af4d 100644
|
|
--- a/hw/arm/boot.c
|
|
+++ b/hw/arm/boot.c
|
|
@@ -43,6 +43,9 @@
|
|
|
|
#define BOOTLOADER_MAX_SIZE (4 * KiB)
|
|
|
|
+#define UEFI_MAX_SIZE 0x8000000
|
|
+#define UEFI_LOADER_START 0x0
|
|
+#define DTB_MAX 0x200000
|
|
AddressSpace *arm_boot_address_space(ARMCPU *cpu,
|
|
const struct arm_boot_info *info)
|
|
{
|
|
@@ -1155,7 +1158,31 @@ static void arm_setup_direct_kernel_boot(ARMCPU *cpu,
|
|
}
|
|
}
|
|
|
|
-static void arm_setup_firmware_boot(ARMCPU *cpu, struct arm_boot_info *info)
|
|
+static void arm_setup_confidential_firmware_boot(ARMCPU *cpu,
|
|
+ struct arm_boot_info *info,
|
|
+ const char *firmware_filename)
|
|
+{
|
|
+ ssize_t fw_size;
|
|
+ const char *fname;
|
|
+ AddressSpace *as = arm_boot_address_space(cpu, info);
|
|
+
|
|
+ fname = qemu_find_file(QEMU_FILE_TYPE_BIOS, firmware_filename);
|
|
+ if (!fname) {
|
|
+ error_report("Could not find firmware image '%s'", firmware_filename);
|
|
+ exit(EXIT_FAILURE);
|
|
+ }
|
|
+
|
|
+ fw_size = load_image_targphys_as(firmware_filename,
|
|
+ info->firmware_base,
|
|
+ info->firmware_max_size, as);
|
|
+
|
|
+ if (fw_size <= 0) {
|
|
+ error_report("could not load firmware '%s'", firmware_filename);
|
|
+ exit(EXIT_FAILURE);
|
|
+ }
|
|
+}
|
|
+
|
|
+static void arm_setup_firmware_boot(ARMCPU *cpu, struct arm_boot_info *info, const char *firmware_filename)
|
|
{
|
|
/* Set up for booting firmware (which might load a kernel via fw_cfg) */
|
|
|
|
@@ -1166,6 +1193,8 @@ static void arm_setup_firmware_boot(ARMCPU *cpu, struct arm_boot_info *info)
|
|
* DTB to the base of RAM for the bootloader to pick up.
|
|
*/
|
|
info->dtb_start = info->loader_start;
|
|
+ if (info->confidential)
|
|
+ tmm_add_ram_region(UEFI_LOADER_START, UEFI_MAX_SIZE, info->dtb_start, DTB_MAX , true);
|
|
}
|
|
|
|
if (info->kernel_filename) {
|
|
@@ -1206,6 +1235,11 @@ static void arm_setup_firmware_boot(ARMCPU *cpu, struct arm_boot_info *info)
|
|
}
|
|
}
|
|
|
|
+ if (info->confidential) {
|
|
+ arm_setup_confidential_firmware_boot(cpu, info, firmware_filename);
|
|
+ kvm_load_user_data(UEFI_LOADER_START, UEFI_MAX_SIZE, info->loader_start, info->loader_start + DTB_MAX, info->ram_size,
|
|
+ (struct kvm_numa_info *)info->numa_info);
|
|
+ }
|
|
/*
|
|
* We will start from address 0 (typically a boot ROM image) in the
|
|
* same way as hardware. Leave env->boot_info NULL, so that
|
|
@@ -1282,7 +1316,7 @@ void arm_load_kernel(ARMCPU *cpu, MachineState *ms, struct arm_boot_info *info)
|
|
|
|
/* Load the kernel. */
|
|
if (!info->kernel_filename || info->firmware_loaded) {
|
|
- arm_setup_firmware_boot(cpu, info);
|
|
+ arm_setup_firmware_boot(cpu, info, ms->firmware);
|
|
} else {
|
|
arm_setup_direct_kernel_boot(cpu, info);
|
|
}
|
|
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
|
|
index 8823f2ed1c..6ffb26e7e6 100644
|
|
--- a/hw/arm/virt.c
|
|
+++ b/hw/arm/virt.c
|
|
@@ -1398,6 +1398,9 @@ static void virt_flash_map1(PFlashCFI01 *flash,
|
|
qdev_prop_set_uint32(dev, "num-blocks", size / VIRT_FLASH_SECTOR_SIZE);
|
|
sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);
|
|
|
|
+ if (virtcca_cvm_enabled()) {
|
|
+ return;
|
|
+ }
|
|
memory_region_add_subregion(sysmem, base,
|
|
sysbus_mmio_get_region(SYS_BUS_DEVICE(dev),
|
|
0));
|
|
@@ -1433,6 +1436,10 @@ static void virt_flash_fdt(VirtMachineState *vms,
|
|
MachineState *ms = MACHINE(vms);
|
|
char *nodename;
|
|
|
|
+ if (virtcca_cvm_enabled()) {
|
|
+ return;
|
|
+ }
|
|
+
|
|
if (sysmem == secure_sysmem) {
|
|
/* Report both flash devices as a single node in the DT */
|
|
nodename = g_strdup_printf("/flash@%" PRIx64, flashbase);
|
|
@@ -1468,6 +1475,23 @@ static void virt_flash_fdt(VirtMachineState *vms,
|
|
}
|
|
}
|
|
|
|
+static bool virt_confidential_firmware_init(VirtMachineState *vms,
|
|
+ MemoryRegion *sysmem)
|
|
+{
|
|
+ MemoryRegion *fw_ram;
|
|
+ hwaddr fw_base = vms->memmap[VIRT_FLASH].base;
|
|
+ hwaddr fw_size = vms->memmap[VIRT_FLASH].size;
|
|
+
|
|
+ if (!MACHINE(vms)->firmware) {
|
|
+ return false;
|
|
+ }
|
|
+
|
|
+ fw_ram = g_new(MemoryRegion, 1);
|
|
+ memory_region_init_ram(fw_ram, NULL, "fw_ram", fw_size, NULL);
|
|
+ memory_region_add_subregion(sysmem, fw_base, fw_ram);
|
|
+ return true;
|
|
+}
|
|
+
|
|
static bool virt_firmware_init(VirtMachineState *vms,
|
|
MemoryRegion *sysmem,
|
|
MemoryRegion *secure_sysmem)
|
|
@@ -1486,6 +1510,10 @@ static bool virt_firmware_init(VirtMachineState *vms,
|
|
|
|
pflash_blk0 = pflash_cfi01_get_blk(vms->flash[0]);
|
|
|
|
+ if (virtcca_cvm_enabled()) {
|
|
+ return virt_confidential_firmware_init(vms, sysmem);
|
|
+ }
|
|
+
|
|
bios_name = MACHINE(vms)->firmware;
|
|
if (bios_name) {
|
|
char *fname;
|
|
@@ -2023,7 +2051,7 @@ static void virt_set_memmap(VirtMachineState *vms, int pa_bits)
|
|
vms->memmap[VIRT_PCIE_MMIO] = (MemMapEntry) { 0x10000000, 0x2edf0000 };
|
|
vms->memmap[VIRT_KAE_DEVICE] = (MemMapEntry) { 0x3edf0000, 0x00200000 };
|
|
|
|
- vms->memmap[VIRT_MEM].base = 3 * GiB;
|
|
+ vms->memmap[VIRT_MEM].base = 1 * GiB;
|
|
vms->memmap[VIRT_MEM].size = ms->ram_size;
|
|
info_report("[qemu] fix VIRT_MEM range 0x%llx - 0x%llx\n", (unsigned long long)(vms->memmap[VIRT_MEM].base),
|
|
(unsigned long long)(vms->memmap[VIRT_MEM].base + ms->ram_size));
|
|
@@ -2822,6 +2850,9 @@ static void machvirt_init(MachineState *machine)
|
|
vms->bootinfo.get_dtb = machvirt_dtb;
|
|
vms->bootinfo.skip_dtb_autoload = true;
|
|
vms->bootinfo.firmware_loaded = firmware_loaded;
|
|
+ vms->bootinfo.firmware_base = vms->memmap[VIRT_FLASH].base;
|
|
+ vms->bootinfo.firmware_max_size = vms->memmap[VIRT_FLASH].size;
|
|
+ vms->bootinfo.confidential = virtcca_cvm_enabled();
|
|
vms->bootinfo.psci_conduit = vms->psci_conduit;
|
|
arm_load_kernel(ARM_CPU(first_cpu), machine, &vms->bootinfo);
|
|
|
|
diff --git a/include/hw/arm/boot.h b/include/hw/arm/boot.h
|
|
index 4491b1f85b..06ca1d90b2 100644
|
|
--- a/include/hw/arm/boot.h
|
|
+++ b/include/hw/arm/boot.h
|
|
@@ -133,6 +133,9 @@ struct arm_boot_info {
|
|
bool secure_board_setup;
|
|
|
|
arm_endianness endianness;
|
|
+ hwaddr firmware_base;
|
|
+ hwaddr firmware_max_size;
|
|
+ bool confidential;
|
|
};
|
|
|
|
/**
|
|
--
|
|
2.41.0.windows.1
|
|
|