* [PATCH v2 00/10] Introduce support for IGVM files
@ 2024-04-03 11:11 Roy Hopkins
0 siblings, 0 replies; only message in thread
From: Roy Hopkins @ 2024-04-03 11:11 UTC (permalink / raw)
To: qemu-devel
Cc: Roy Hopkins, Paolo Bonzini, Daniel P . Berrangé,
Stefano Garzarella, Marcelo Tosatti, Michael S . Tsirkin,
Cornelia Huck, Marcel Apfelbaum, Sergio Lopez, Eduardo Habkost,
Alistair Francis, Peter Xu, David Hildenbrand, Igor Mammedov,
Tom Lendacky, Michael Roth, Ani Sinha, Jörg Roedel
Here is v2 of the set of patches to add support for IGVM files to QEMU. These
address all of the comments on v1 [1]. These patches are also available
to view on github: [2].
Changes in v2:
* Fixed various spelling and documentation errors from Stefano.
* Addressed readability and other suggested code changes from Daniel.
* igvm.c: Fix issue in prepare_memory() which resulted in the wrong start index
being used at the start of a page range if the next or last directive did
not follow the previous one.
* igvmc: Fix usage of IGVM compatibility mask.
* igvm.c: Fix issue in page_attrs_equal() which treated zero and normal pages
as equal. This could affect the SEV measurement.
* Improve and clarify handling of IGVM to VMSA to KVM CPU state conversion.
The specific registers that are synchronized are now documented and a check
is performed during IGVM file parsing to determine if any registers outside
the supported set are non-zero making it easier to determine the cause of
any mismatch of launch measurement.
* Significant rework of error handling in ConfidentialGuestSupport and the
IGVM parser.
* confidential-guest-support: Remove TDX and other non-currently-supported
platforms.
* Exit with error if any unknown IGVM directives are encountered.
* Rework handling of firmware so if an IGVM file is provided in addition to
a firmware file then an error is generated.
* Update firmware.json to add an 'igvm' firmware device.
Thanks to Daniel, Stefano, Ani and everyone else that has taken time to review
this so far.
[1] Link to v1:
https://lore.kernel.org/qemu-devel/cover.1709044754.git.roy.hopkins@suse.com/
[2] v2 patches also available here:
https://github.com/roy-hopkins/qemu/tree/igvm_master_v2
Roy Hopkins (10):
meson: Add optional dependency on IGVM library
backends/confidential-guest-support: Add IGVM file parameter
backends/confidential-guest-support: Add functions to support IGVM
backends/igvm: Implement parsing and processing of IGVM files
i386/pc: Process IGVM file during PC initialization if present
i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with
IGVM
i386/sev: Refactor setting of reset vector and initial CPU state
i386/sev: Implement ConfidentialGuestSupport functions for SEV
docs/system: Add documentation on support for IGVM
docs/interop/firmware.json: Add igvm to FirmwareDevice
backends/confidential-guest-support.c | 75 +++
backends/igvm.c | 744 +++++++++++++++++++++
backends/meson.build | 4 +
docs/interop/firmware.json | 9 +-
docs/system/i386/amd-memory-encryption.rst | 2 +
docs/system/igvm.rst | 129 ++++
docs/system/index.rst | 1 +
hw/i386/pc_piix.c | 4 +
hw/i386/pc_q35.c | 4 +
hw/i386/pc_sysfw.c | 22 +-
include/exec/confidential-guest-support.h | 105 +++
include/exec/igvm.h | 36 +
meson.build | 8 +
meson_options.txt | 2 +
qapi/qom.json | 13 +
qemu-options.hx | 8 +-
scripts/meson-buildoptions.sh | 3 +
target/i386/sev.c | 425 +++++++++++-
target/i386/sev.h | 110 +++
19 files changed, 1671 insertions(+), 33 deletions(-)
create mode 100644 backends/igvm.c
create mode 100644 docs/system/igvm.rst
create mode 100644 include/exec/igvm.h
--
2.43.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-04-03 11:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-03 11:11 [PATCH v2 00/10] Introduce support for IGVM files Roy Hopkins
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).