[PATCH v6 00/16] Introduce support for IGVM files

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v6 00/16] Introduce support for IGVM files

From:	Roy Hopkins
Subject:	[PATCH v6 00/16] Introduce support for IGVM files
Date:	Thu, 26 Sep 2024 12:41:49 +0100

Here is v6 of the set of patches to add support for IGVM files to QEMU. This is
based on commit a5dd9ee060 of qemu.

This version addresses all of the review comments from v5 [1]. As always, thanks
to those that have been following along, reviewing and testing this series. This
v6 patch series is also available on github: [2]

For testing IGVM support in QEMU you need to generate an IGVM file that is
configured for the platform you want to launch. You can use the `buildigvm`
test tool [3] to allow generation of IGVM files for all currently supported
platforms. Patch 11/17 contains information on how to generate an IGVM file
using this tool.

Changes in v6:

Based on Stefano's review:
* Change ConfidentialGuestSupport check_support() function to return a bool and
  add documentation.
* Ensure igvm_free() is called after successful or failed processing of igvm
  file.
* Add command-line documentation for which machine types support IGVM.
* Update target version from 9.1 to 9.2.

* Add Acked-by and Reviewed-by to relevant commits.

Patch summary:

1-11: Add support and documentation for processing IGVM files for SEV, SEV-ES,
SEV-SNP and native platforms. 

12-15: Processing of policy and SEV-SNP ID_BLOCK from IGVM file. 

16: Add pre-processing of IGVM file to support synchronization of 'SEV_FEATURES'
from IGVM VMSA to KVM.

[1] Link to v5:
https://lore.kernel.org/all/cover.1723560001.git.roy.hopkins@suse.com/

[2] v6 patches also available here:
https://github.com/roy-hopkins/qemu/tree/igvm_master_v6

[3] `buildigvm` tool v0.2.0
https://github.com/roy-hopkins/buildigvm/releases/tag/v0.2.0

Roy Hopkins (16):
  meson: Add optional dependency on IGVM library
  backends/confidential-guest-support: Add functions to support IGVM
  backends/igvm: Add IGVM loader and configuration
  hw/i386: Add igvm-cfg object and processing for IGVM files
  i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with
    IGVM
  sev: Update launch_update_data functions to use Error handling
  target/i386: Allow setting of R_LDTR and R_TR with
    cpu_x86_load_seg_cache()
  i386/sev: Refactor setting of reset vector and initial CPU state
  i386/sev: Implement ConfidentialGuestSupport functions for SEV
  docs/system: Add documentation on support for IGVM
  docs/interop/firmware.json: Add igvm to FirmwareDevice
  backends/confidential-guest-support: Add set_guest_policy() function
  backends/igvm: Process initialization sections in IGVM file
  backends/igvm: Handle policy for SEV guests
  i386/sev: Add implementation of CGS set_guest_policy()
  sev: Provide sev_features flags from IGVM VMSA to KVM_SEV_INIT2

 backends/confidential-guest-support.c      |  43 +
 backends/igvm-cfg.c                        |  52 ++
 backends/igvm.c                            | 967 +++++++++++++++++++++
 backends/igvm.h                            |  23 +
 backends/meson.build                       |   5 +
 docs/interop/firmware.json                 |  30 +-
 docs/system/i386/amd-memory-encryption.rst |   2 +
 docs/system/igvm.rst                       | 173 ++++
 docs/system/index.rst                      |   1 +
 hw/i386/pc.c                               |  12 +
 hw/i386/pc_piix.c                          |  10 +
 hw/i386/pc_q35.c                           |  10 +
 hw/i386/pc_sysfw.c                         |  31 +-
 include/exec/confidential-guest-support.h  |  88 ++
 include/hw/i386/x86.h                      |   3 +
 include/sysemu/igvm-cfg.h                  |  47 +
 meson.build                                |   8 +
 meson_options.txt                          |   2 +
 qapi/qom.json                              |  17 +
 qemu-options.hx                            |  28 +
 scripts/meson-buildoptions.sh              |   3 +
 target/i386/cpu.h                          |   9 +-
 target/i386/sev.c                          | 850 ++++++++++++++++--
 target/i386/sev.h                          | 124 +++
 24 files changed, 2454 insertions(+), 84 deletions(-)
 create mode 100644 backends/igvm-cfg.c
 create mode 100644 backends/igvm.c
 create mode 100644 backends/igvm.h
 create mode 100644 docs/system/igvm.rst
 create mode 100644 include/sysemu/igvm-cfg.h

-- 
2.43.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v6 00/16] Introduce support for IGVM files, Roy Hopkins <=
- [PATCH v6 02/16] backends/confidential-guest-support: Add functions to support IGVM, Roy Hopkins, 2024/09/26
- [PATCH v6 01/16] meson: Add optional dependency on IGVM library, Roy Hopkins, 2024/09/26
- [PATCH v6 03/16] backends/igvm: Add IGVM loader and configuration, Roy Hopkins, 2024/09/26
- [PATCH v6 10/16] docs/system: Add documentation on support for IGVM, Roy Hopkins, 2024/09/26
- [PATCH v6 12/16] backends/confidential-guest-support: Add set_guest_policy() function, Roy Hopkins, 2024/09/26
- [PATCH v6 06/16] sev: Update launch_update_data functions to use Error handling, Roy Hopkins, 2024/09/26
- [PATCH v6 15/16] i386/sev: Add implementation of CGS set_guest_policy(), Roy Hopkins, 2024/09/26
- [PATCH v6 16/16] sev: Provide sev_features flags from IGVM VMSA to KVM_SEV_INIT2, Roy Hopkins, 2024/09/26
- [PATCH v6 09/16] i386/sev: Implement ConfidentialGuestSupport functions for SEV, Roy Hopkins, 2024/09/26
- [PATCH v6 08/16] i386/sev: Refactor setting of reset vector and initial CPU state, Roy Hopkins, 2024/09/26

Prev by Date: Re: [PATCH] hw/audio/virtio-snd: Remove unnecessary "exec/tswap.h" header
Next by Date: [PATCH v6 02/16] backends/confidential-guest-support: Add functions to support IGVM
Previous by thread: [PATCH 0/5] Building PPTT with root node and identical implementation flag
Next by thread: [PATCH v6 02/16] backends/confidential-guest-support: Add functions to support IGVM
Index(es):
- Date
- Thread