From: Roy Hopkins <roy.hopkins@suse.com>
To: qemu-devel@nongnu.org
Cc: "Roy Hopkins" <roy.hopkins@suse.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Daniel P . Berrangé" <berrange@redhat.com>,
"Stefano Garzarella" <sgarzare@redhat.com>,
"Marcelo Tosatti" <mtosatti@redhat.com>,
"Michael S . Tsirkin" <mst@redhat.com>,
"Cornelia Huck" <cohuck@redhat.com>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Sergio Lopez" <slp@redhat.com>,
"Eduardo Habkost" <eduardo@habkost.net>,
"Alistair Francis" <alistair@alistair23.me>,
"Peter Xu" <peterx@redhat.com>,
"David Hildenbrand" <david@redhat.com>,
"Igor Mammedov" <imammedo@redhat.com>,
"Tom Lendacky" <thomas.lendacky@amd.com>,
"Michael Roth" <michael.roth@amd.com>,
"Ani Sinha" <anisinha@redhat.com>,
"Jörg Roedel" <jroedel@suse.com>
Subject: [PATCH v2 00/10] Introduce support for IGVM files
Date: Wed, 3 Apr 2024 12:11:31 +0100 [thread overview]
Message-ID: <cover.1712138654.git.roy.hopkins@suse.com> (raw)
Here is v2 of the set of patches to add support for IGVM files to QEMU. These
address all of the comments on v1 [1]. These patches are also available
to view on github: [2].
Changes in v2:
* Fixed various spelling and documentation errors from Stefano.
* Addressed readability and other suggested code changes from Daniel.
* igvm.c: Fix issue in prepare_memory() which resulted in the wrong start index
being used at the start of a page range if the next or last directive did
not follow the previous one.
* igvmc: Fix usage of IGVM compatibility mask.
* igvm.c: Fix issue in page_attrs_equal() which treated zero and normal pages
as equal. This could affect the SEV measurement.
* Improve and clarify handling of IGVM to VMSA to KVM CPU state conversion.
The specific registers that are synchronized are now documented and a check
is performed during IGVM file parsing to determine if any registers outside
the supported set are non-zero making it easier to determine the cause of
any mismatch of launch measurement.
* Significant rework of error handling in ConfidentialGuestSupport and the
IGVM parser.
* confidential-guest-support: Remove TDX and other non-currently-supported
platforms.
* Exit with error if any unknown IGVM directives are encountered.
* Rework handling of firmware so if an IGVM file is provided in addition to
a firmware file then an error is generated.
* Update firmware.json to add an 'igvm' firmware device.
Thanks to Daniel, Stefano, Ani and everyone else that has taken time to review
this so far.
[1] Link to v1:
https://lore.kernel.org/qemu-devel/cover.1709044754.git.roy.hopkins@suse.com/
[2] v2 patches also available here:
https://github.com/roy-hopkins/qemu/tree/igvm_master_v2
Roy Hopkins (10):
meson: Add optional dependency on IGVM library
backends/confidential-guest-support: Add IGVM file parameter
backends/confidential-guest-support: Add functions to support IGVM
backends/igvm: Implement parsing and processing of IGVM files
i386/pc: Process IGVM file during PC initialization if present
i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with
IGVM
i386/sev: Refactor setting of reset vector and initial CPU state
i386/sev: Implement ConfidentialGuestSupport functions for SEV
docs/system: Add documentation on support for IGVM
docs/interop/firmware.json: Add igvm to FirmwareDevice
backends/confidential-guest-support.c | 75 +++
backends/igvm.c | 744 +++++++++++++++++++++
backends/meson.build | 4 +
docs/interop/firmware.json | 9 +-
docs/system/i386/amd-memory-encryption.rst | 2 +
docs/system/igvm.rst | 129 ++++
docs/system/index.rst | 1 +
hw/i386/pc_piix.c | 4 +
hw/i386/pc_q35.c | 4 +
hw/i386/pc_sysfw.c | 22 +-
include/exec/confidential-guest-support.h | 105 +++
include/exec/igvm.h | 36 +
meson.build | 8 +
meson_options.txt | 2 +
qapi/qom.json | 13 +
qemu-options.hx | 8 +-
scripts/meson-buildoptions.sh | 3 +
target/i386/sev.c | 425 +++++++++++-
target/i386/sev.h | 110 +++
19 files changed, 1671 insertions(+), 33 deletions(-)
create mode 100644 backends/igvm.c
create mode 100644 docs/system/igvm.rst
create mode 100644 include/exec/igvm.h
--
2.43.0
reply other threads:[~2024-04-03 11:16 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1712138654.git.roy.hopkins@suse.com \
--to=roy.hopkins@suse.com \
--cc=alistair@alistair23.me \
--cc=anisinha@redhat.com \
--cc=berrange@redhat.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=eduardo@habkost.net \
--cc=imammedo@redhat.com \
--cc=jroedel@suse.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=michael.roth@amd.com \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=sgarzare@redhat.com \
--cc=slp@redhat.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.