From: Igor Mammedov <imammedo@redhat.com>
To: Gerd Hoffman <kraxel@redhat.com>
Cc: "Ani Sinha" <anisinha@redhat.com>, "Alex Graf" <graf@amazon.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Eduardo Habkost" <eduardo@habkost.net>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Yanan Wang" <wangyanan55@huawei.com>,
"Zhao Liu" <zhao1.liu@intel.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Fabiano Rosas" <farosas@suse.de>,
"Laurent Vivier" <lvivier@redhat.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
qemu-devel@nongnu.org
Subject: Re: [PATCH v6] hw/misc/vmfwupdate: Introduce hypervisor fw-cfg interface support
Date: Tue, 25 Feb 2025 11:28:19 +0100 [thread overview]
Message-ID: <20250225112819.7cb8b32d@imammedo.users.ipa.redhat.com> (raw)
In-Reply-To: <xhprkjs2yj5yli65opi7md7gfylqxgdkiwap76stcxcx7jdpub@fauqiqm5giyi>
On Mon, 24 Feb 2025 16:47:31 +0100
Gerd Hoffman <kraxel@redhat.com> wrote:
> On Fri, Feb 14, 2025 at 09:04:07PM +0530, Ani Sinha wrote:
> > VM firmware update is a mechanism where the virtual machines can use their
> > preferred and trusted firmware image in their execution environment without
> > having to depend on a untrusted party to provide the firmware bundle. This is
> > particularly useful for confidential virtual machines that are deployed in the
> > cloud where the tenant and the cloud provider are two different entities. In
> > this scenario, virtual machines can bring their own trusted firmware image
> > bundled as a part of their filesystem (using UKIs for example[1]) and then use
> > this hypervisor interface to update to their trusted firmware image. This also
> > allows the guests to have a consistent measurements on the firmware image.
>
> Works nicely for me. Test case:
> https://kraxel.gitlab.io/uefi-tools-rs/seabios.efi
>
> > +Fw-cfg Files
> > +************
> > +
> > +Guests drive vmfwupdate through special ``fw-cfg`` files that control its flow
> > +followed by a standard system reset operation. When vmfwupdate is available,
> > +it provides the following ``fw-cfg`` files:
> > +
> > +* ``vmfwupdate/cap`` (``u64``) - Read-only Little Endian encoded bitmap of additional
> > +* ``vmfwupdate/bios-size`` (``u64``) - Little Endian encoded size of the BIOS region.
> > +* ``vmfwupdate/opaque`` (``4096 bytes``) - A 4 KiB buffer that survives the BIOS replacement
> > +* ``vmfwupdate/disable`` (``u8``) - Indicates whether the interface is disabled.
> > +* ``vmfwupdate/bios-addr`` (``u64``) - A 64bit Little Endian encoded guest physical address
>
> This is out of sync with the actual code (vmfwupdate/bios-addr does not
> exist there).
>
> Also this adds five fw_cfg files. Given that the number of fw_cfg files
> we can have is limited I'm not convinced this is the best idea to move
> forward.
>
> Alternatives I see:
>
> (1) Place everything in a single fw_cfg file. ramfb does this for
> example, the guest writes a struct with a bunch of values.
>
> (2) Go for a mmio register interface. The EFI variable store I'm
> working on does this. fw_cfg is used for hardware discovery,
> via etc/hardware-info file (which can carry entries for multiple
> devices).
>
> See https://lore.kernel.org/qemu-devel/20250219071431.50626-2-kraxel@redhat.com/
After looking at it, it seems to me that data will be in host byte order
and guest has no idea what that is.
Probably it should advertise byteorder as part of the structure,
and guest side should then do conversion if necessary.
> and https://lore.kernel.org/qemu-devel/20250219071431.50626-21-kraxel@redhat.com/
> (v4 has a double-free bug in patch #1 which will be fixed in v5 of the
> series).
>
> take care,
> Gerd
>
next prev parent reply other threads:[~2025-02-25 10:29 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-14 15:34 [PATCH v6] hw/misc/vmfwupdate: Introduce hypervisor fw-cfg interface support Ani Sinha
2025-02-24 15:47 ` Gerd Hoffman
2025-02-25 5:21 ` Ani Sinha
2025-02-25 8:39 ` Gerd Hoffman
2025-02-25 9:54 ` Ani Sinha
2025-02-25 10:23 ` Gerd Hoffman
2025-02-25 10:28 ` Igor Mammedov [this message]
2025-02-25 11:00 ` Gerd Hoffman
2025-02-25 11:33 ` Igor Mammedov
2025-03-13 9:02 ` Jörg Rödel
2025-03-13 9:37 ` Ani Sinha
2025-03-13 10:10 ` Jörg Rödel
2025-03-13 10:32 ` Ani Sinha
2025-03-13 10:59 ` Jörg Rödel
2025-03-13 11:09 ` Ani Sinha
2025-03-13 11:27 ` Jörg Rödel
2025-03-13 11:28 ` Jörg Rödel
2025-03-13 11:56 ` Ani Sinha
2025-03-13 14:53 ` Ani Sinha
2025-03-13 15:39 ` Jörg Rödel
2025-03-13 16:30 ` Alexander Graf
2025-03-13 17:38 ` Jörg Rödel
2025-03-13 17:49 ` Daniel P. Berrangé
-- strict thread matches above, loose matches on Subject: below --
2025-03-13 12:05 Gerd Hoffman
2025-03-13 13:31 ` Jörg Rödel
2025-03-13 14:06 ` Ani Sinha
2025-03-14 11:27 ` Gerd Hoffman
2025-03-14 12:47 ` Alexander Graf
2025-03-14 14:08 ` Gerd Hoffman
2025-03-14 14:50 ` Alexander Graf
2025-03-17 9:56 ` Gerd Hoffman
2025-03-17 17:29 ` Alexander Graf
2025-03-18 7:00 ` Gerd Hoffman
2025-03-18 11:11 ` Gerd Hoffman
2025-03-20 8:34 ` Jörg Rödel
2025-03-21 8:22 ` Gerd Hoffman
2025-03-24 16:08 ` Daniel P. Berrangé
2025-03-20 13:53 ` Alexander Graf
2025-03-21 3:36 ` Ani Sinha
2025-03-21 8:09 ` Alexander Graf
2025-03-21 9:14 ` Gerd Hoffman
2025-03-20 8:31 ` Jörg Rödel
2025-03-21 10:08 ` Gerd Hoffman
2025-03-21 12:44 ` Ani Sinha
2025-03-24 7:43 ` Gerd Hoffman
2025-03-24 11:12 ` Ani Sinha
2025-03-24 15:48 ` Gerd Hoffman
2025-03-24 16:31 ` Alexander Graf
2025-03-24 17:53 ` Gerd Hoffman
2025-03-24 18:07 ` Daniel P. Berrangé
2025-03-25 8:04 ` Alexander Graf
2025-03-26 12:27 ` Gerd Hoffman
2025-03-26 15:22 ` Alexander Graf
2025-03-26 21:51 ` Gerd Hoffman
2025-04-07 16:21 ` Dionna Amalie Glaze
2025-04-08 8:33 ` Gerd Hoffman
2025-04-08 21:42 ` Dionna Amalie Glaze
2025-04-09 6:21 ` Gerd Hoffman
2025-04-10 6:31 ` Ani Sinha
2025-04-10 10:44 ` Gerd Hoffmann
2025-04-16 11:40 ` Ani Sinha
2025-04-09 11:59 ` Ani Sinha
2025-03-27 12:12 ` Ani Sinha
2025-04-08 8:11 ` Gerd Hoffman
2025-05-21 7:50 ` Ani Sinha
2025-03-21 12:45 ` Daniel P. Berrangé
2025-03-14 15:16 ` Jörg Rödel
2025-03-15 6:08 ` Ani Sinha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250225112819.7cb8b32d@imammedo.users.ipa.redhat.com \
--to=imammedo@redhat.com \
--cc=anisinha@redhat.com \
--cc=eduardo@habkost.net \
--cc=farosas@suse.de \
--cc=graf@amazon.com \
--cc=kraxel@redhat.com \
--cc=lvivier@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=vkuznets@redhat.com \
--cc=wangyanan55@huawei.com \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).