We are happy to announce an early RFC version of the Arm Confidential
Compute Architecture (CCA) support for the Kvmtool guest firmware.
The intention is to seek early feedback in the following areas:
 * Integration of the Arm CCA in ArmVirtPkg
 * Generalise the operations wherever possible with other Confidential
   Compute solutions and Virtual Machine Managers (VMMs)
 * Guest firmware support for Realms.

Introduction
============

Arm Confidential Compute Architecture (CCA)
-------------------------------------------

Arm CCA is a reference software architecture and implementation that
builds on the Realm Management Extension (RME), enabling the execution
of Virtual machines (VMs), while preventing access by more privileged
software, such as hypervisor. Arm CCA allows the hypervisor to control
the VM, but removes the right for access to the code, register state or
data used by VM.

More information on the architecture is available here [0].

        Realm World     ||    Normal World   ||  Secure World  ||
                        ||        |          ||                ||
 EL0 x---------x        || x----x | x------x ||                ||
     | Realm   |        || |    | | |      | ||                ||
     |  VM*    |        || | VM | | |      | ||                ||
     |x-------x|        || |    | | |      | ||                ||
     ||       ||        || |    | | |  H   | ||                ||
     || Guest ||        || |    | | |      | ||                ||
 ----||  OS   ||--------||-|    |---|  o   |-||----------------||
     ||       ||        || |    | | |      | ||                ||
     |x-------x|        || |    | | |  s   | ||                ||
     |    ^    |        || |    | | |      | ||                ||
     |    |    |        || |    | | |  t   | ||                ||
     |+-------+|        || |    | | |      | ||                ||
     || REALM ||        || |    | | |      | ||                ||
     || GUEST ||        || |    | | |  O   | ||                ||
     || UEFI  ||        || |    | | |      | ||                ||
     |+-------+|        || |    | | |  S   | ||                ||
 EL1 x---------x        || x----x | |      | ||                ||
          ^             ||        | |      | ||                ||
          |             ||        | |      | ||                ||
 -------- R*------------||----------|      |-||----------------||
          S             ||          |      | ||                ||
          I             ||      x-->|      | ||                ||
          |             ||      |   |      | ||                ||
          |             ||      |   x------x ||                ||
          |             ||      |       ^    ||                ||
          v             ||     SMC      |    ||                ||
      x-------x         ||      |   x------x ||                ||
      |  RMM* |         ||      |   | HOST | ||                ||
      x-------x         ||      |   | UEFI | ||                ||
          ^             ||      |   x------x ||                ||
 EL2      |             ||      |            ||                ||
          |             ||      |            ||                ||
 =========|=====================|================================
          |                     |
          x------- *RMI* -------x

 EL3                   Root World
                       EL3 Firmware
 ===============================================================

Where:
 RMM - Realm Management Monitor
 RMI - Realm Management Interface
 RSI - Realm Service Interface
 SMC - Secure Monitor Call

RME introduces two added additional worlds, "Realm world" and "Root
World" in addition to the traditional Secure world and Normal world.
The Arm CCA defines a new component, Realm Management Monitor (RMM)
that runs at R-EL2. This is a standard piece of firmware, verified,
installed and loaded by the EL3 firmware (e.g., TF-A), at system boot.

The RMM provides a standard interface Realm Management Interface (RMI)
to the Normal world hypervisor to manage the VMs running in the Realm
world (also called Realms). These are exposed via SMC and are routed
through the EL3 firmware.

The RMM also provides certain services to the Realms via SMC, called
the Realm Service Interface (RSI). These include:
 - Realm Guest Configuration
 - Attestation & Measurement services
 - Managing the state of an Intermediate Physical Address (IPA aka GPA)
   page
 - Host Call service (Communication with the Normal world Hypervisor).

The specification for the RMM software is currently at *v1.0-eac0* and
the latest version is available here [1].

The Trusted Firmware foundation has an implementation of the RMM -
TF-RMM - available here [3].

Implementation
==============

This version of the Realm Guest UEFI firmware is intended to be
used with the Linux Kernel RFC stack[6][11] and is based on the
RMM specification v1.0-BET0[2].

We plan to update the Guest UEFI Firmware to support the latest
version of the RMMv1.0 spec in the coming revisions.

This release includes the following:
 a) Boot a Linux Kernel in a Realm VM using the Realm Guest UEFI
    firmware
 b) Hardware description is provided using ACPI tables.
 c) Support for Virtio v1.0
 d) All I/O are treated as non-secure/shared
 e) Load the Linux Kernel and RootFS from a Virtio attached disk
    using the Virtio-1.0 PCIe transport
 f) Provide UEFI runtime variable support using Emulated Variable
    support.

Overview of updates for enabling Arm CCA
----------------------------------------

The Arm CCA implementation is spread across a number of libraries
that provide required functionality during various phases of the
firmware boot.

The following libraries have been provided:
  i. ArmCcaInitPeiLib - A library that implements the hook functions
     in the PEI phase
 ii. ArmCcaLib - A library that implements common functions like
     checking if RME extension is implemented and to configure the
     Protection attribute for the memory regions
iii. ArmCcaRsiLib - A library that implements the Realm Service
     Interface functions.

A NULL implementation of the ArmCcaInitPeiLib and ArmCcaLib is also
provided for platforms that do not implement the RME extensions.

Additionally, the following DXE modules have been provided to implement
the required functionality in the DXE phase.
  i. ArmCcaDxe - An APRIORI DXE that is responsible for configuring
     the Monitor Conduit to SMC for a Realm
 ii. RealmApertureManagementProtocolDxe - A DXE that implements the
     Realm Aperture Management Protocol, used to manage the sharing
     of buffers in a Realm with the Host
iii. ArmCcaIoMmuDxe - A driver which implements the EDKII_IOMMU_PROTOCOL
     that provides the necessary hooks so that DMA operations can be
     performed by bouncing buffers using pages shared with the Host.

Arm CCA updates in PEI phase
----------------------------

For supporting Arm CCA two hooks have been added in the PrePi module:
  i. An early hook to configure the System Memory as Protected RAM
 ii. A second hook after the MMU is initialised to perform the
     remaining CCA initialisations like reading the Realm Config
     to determine the IPA width of the realm, configuring the
     Protection attribute for the MMIO regions, etc.

These hook functions are implemented in ArmCcaInitPeiLib. A NULL
version of the library has also been provided for implementations
that do not have the RME extensions.

Additionally, the ArmVirtMemInfoLib has been updated to implement
a platform specific hook function ArmCcaConfigureMmio() that can
configure the protection attribute for the MMIO regions for the
platform.

   +=====+
   |PrePi|
   +=====+
      |
      _ModuleEntryPoint()
      ===================
              |
              DiscoverDramFromDt()
              |
              +--> ArmCcaInitPeiLib|ArmCcaConfigureSystemMemory()
                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                             |      // configure System Memory
              ----------------      // as Protected RAM.
              |
             ...
              |
      --------
      |
      CEntryPoint()
      |
      PrePiMain()
      ===========
          |
         ...
          |
          ProcessLibraryConstructorList()
          |
          MemoryPeim()
          |
          ArmCcaInitPeiLib|ArmCcaInitialize()  // Perform Arm CCA
          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  // initialisations,
                   |                           // like reading the
                   |                           // Realm Config, etc.
                   |
                   ArmVirtMemInfoLib|ArmCcaConfigureMmio()
                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                          |   // Configure Protection attribute
                   --------   // for the MMIO region.
                   |
          ----------
          |
         ...
          |
        +===+
        |DXE|
        +===+

Building the UEFI firmware
============================

a. Set up the development environment
  Follow the steps as described in
  https://developer.arm.com/documentation/102571/0100
  Note: The EDK2 build system requires Python 3.7 or later.

b. The source code for the Host and Realm Guest firmware can
  be downloaded from [12].

c. Building the Host UEFI firmware for FVP Base RevC AEM Model
  Follow the instructions in
  https://developer.arm.com/documentation/102571/0100
  to "Build the firmware for Arm FVP Base AEMv8A-AEMv8A model
  platform" based on your development environment configuration.

  Note: The same firmware binary can be used for both the Arm FVP
  Base AEMv8A-AEMv8A and the FVP Base RevC AEM Model.

d. Building the Realm Guest UEFI firmware for kvmtool:
  To build the kvmtool guest firmware, run the following commands:
  $build -a AARCH64 -t GCC5 -p ArmVirtPkg/ArmVirtKvmTool.dsc -b DEBUG
  $build -a AARCH64 -t GCC5 -p ArmVirtPkg/ArmVirtKvmTool.dsc -b RELEASE

  The Kvmtool guest firmware binaries are at the following location:
  $WORKSPACE/Build/ArmVirtKvmTool-AARCH64/<DEBUG|RELEASE>_GCC5/
    FV/KVMTOOL_EFI.fd

Running the stack
====================

To run/test the stack, you would need the following components:

  i. FVP Base AEM RevC model with FEAT_RME support [4]
 ii. TF-A firmware for EL3 [5]
iii. TF-A RMM for R-EL2 [3]
 iv. Linux Kernel [6]
  v. kvmtool [7]
 vi. UEFI Firmware for Arm CCA [12].

Instructions for building the remaining firmware components and
running the model are available here [9]. Once, the host kernel
has finished booting, a Realm can be launched by invoking the
`lkvm` command as follows:

 $ lkvm run --realm \
   --measurement-algo=["sha256", "sha512"] \
   --disable-sve \
   --firmware KVMTOOL_EFI.fd \
   -m 512 \
   --irqchip=gicv3-its \
   --force-pci \
   --disk <Disk image containing the Guest Kernel & RootFS>
   <normal-vm-options>

Where:
 * --measurement-algo (Optional) specifies the algorithm selected for
   creating the initial measurements by the RMM for this Realm (defaults
   to sha256)
 * GICv3 is mandatory for the Realms
 * SVE is not yet supported in the TF-RMM, and thus must be disabled
   using --disable-sve
 * --force-pci is required as only Virtio-v1.0 PCIe transport is
   supported.

An alternative is to use the Shrinkwrap tool [13] which provides a
complete solution to build and run the Arm CCA software stack.

Links
============

[0] Arm CCA Landing page (See Key Resources section for various documentations)
    https://www.arm.com/armcca

[1] RMM Specification Latest
    https://developer.arm.com/documentation/den0137/latest

[2] RMM v1.0-BET0 specification
    https://developer.arm.com/documentation/den0137/1-0bet0/

[3] Trusted Firmware RMM - TF-RMM
    https://www.trustedfirmware.org/projects/tf-rmm/
    GIT: https://git.trustedfirmware.org/TF-RMM/tf-rmm.git

[4] FVP Base RevC AEM Model (available on x86_64 / Arm64 Linux)
    https://developer.arm.com/Tools%20and%20Software/Fixed%20Virtual%20Platforms

[5] Trusted Firmware for A class
    https://www.trustedfirmware.org/projects/tf-a/

[6] Linux kernel support for Arm-CCA
    https://gitlab.arm.com/linux-arm/linux-cca
    Host Support branch:  cca-host/rfc-v1
    Guest Support branch: cca-guest/rfc-v1

[7] kvmtool support for Arm CCA
    https://gitlab.arm.com/linux-arm/kvmtool-cca cca/rfc-v1

[8] kvm-unit-tests support for Arm CCA
    https://gitlab.arm.com/linux-arm/kvm-unit-tests-cca  cca/rfc-v1

[9] Instructions for Building Firmware components and running the model, see
    section 4.19.2 "Building and running TF-A with RME"
    https://trustedfirmware-a.readthedocs.io/en/latest/components/realm-management-extension.html#building-and-running-tf-a-with-rme

[10] fd based Guest Private memory for KVM
   https://lkml.kernel.org/r/20221202061347.1070246-1-chao.p.peng@linux.intel.com

[11] [RFC] Support for Arm CCA VMs on Linux
   https://lore.kernel.org/linux-arm-kernel/20230127112248.136810-1-suzuki.poulose@arm.com/

[12] UEFI Firmware support for Arm CCA
      Host Support:
      - Repo: https://github.com/tianocore/edk2-platforms
      - Branch: master
      Guest Support:
      - Repo: https://gitlab.arm.com/linux-arm/edk2-cca
      - Branch: 2595_arm_cca_0abet0_rfc_v1
      - URL: https://gitlab.arm.com/linux-arm/edk2-cca/-/tree/2595_arm_cca_0abet0_rfc_v1

[13] Building Arm CCA software stack using Shrinkwrap
  https://shrinkwrap.docs.arm.com/en/latest/userguide/configstore/cca-3world.html

Sami Mujawar (30):
  ArmVirtPkg: kvmtool: Add Emulated Runtime variable support
  ArmPkg: Add helper function to detect RME
  ArmPkg: Export SetMemoryRegionAttribute in ArmMmuLib
  ArmPkg: Extend number of parameter registers in SMC call
  ArmPkg & ArmVirtPkg: Make PcdMonitorConduitHvc a dynamic PCD
  ArmVirtPkg: Add Arm CCA Realm Service Interface Library
  ArmVirtPkg: ArmCcaRsiLib: Add interfaces to manage the Realm IPA state
  ArmVirtPkg: ArmCcaRsiLib: Add an interface to get an attestation token
  ArmVirtPkg: ArmCcaRsiLib: Add interfaces to get/extend REMs
  ArmVirtPkg: ArmCcaRsiLib: Add an interface to make a RSI Host Call
  ArmVirtPkg: Define a GUID HOB for IPA width of a Realm
  ArmVirtPkg: Add library for Arm CCA initialisation in PEI
  ArmVirtPkg: Add NULL instance of ArmCcaInitPeiLib
  ArmVirtPkg: Add library for Arm CCA helper functions
  ArmVirtPkg: Add Null instance of ArmCcaLib
  ArmVirtPkg: Define an interface to configure MMIO regions for Arm CCA
  ArmVirtPkg: CloudHv: Add a NULL implementation of ArmCcaConfigureMmio
  ArmVirtPkg: Qemu: Add a NULL implementation of ArmCcaConfigureMmio
  ArmVirtPkg: Xen: Add a NULL implementation of ArmCcaConfigureMmio
  ArmVirtPkg: Configure the MMIO regions for Arm CCA
  ArmVirtPkg: Kvmtool: Use Null version of DebugLib in PrePi
  ArmVirtPkg: Add Arm CCA libraries for Kvmtool guest firmware
  ArmVirtPkg: Arm CCA configure system memory in early Pei
  ArmVirtPkg: Perform Arm CCA initialisation in the Pei phase
  ArmVirtPkg: Add ArmCcaDxe for early DXE phase initialisation
  ArmVirtPkg: Introduce Realm Aperture Management Protocol
  ArmVirtPkg: IoMMU driver to DMA from Realms
  ArmVirtPkg: Enable Virtio communication for Arm CCA
  MdePkg: Warn if AArch64 RNDR instruction is not supported
  ArmVirtPkg: Kvmtool: Switch to use BaseRng for AArch64

 ArmPkg/ArmPkg.dec                                                                    |  10 +-
 ArmPkg/Include/Chipset/AArch64.h                                                     |   3 +-
 ArmPkg/Include/Library/ArmLib.h                                                      |  15 +-
 ArmPkg/Include/Library/ArmMmuLib.h                                                   |  22 +
 ArmPkg/Include/Library/ArmSmcLib.h                                                   |  50 +-
 ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c                                           |  16 +-
 ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c                                     |  16 +-
 ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c                                         |   4 +-
 ArmPkg/Library/ArmSmcLib/AArch64/ArmSmc.S                                            |  22 +-
 ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.c                                                     |  50 ++
 ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.inf                                                   |  39 +
 ArmVirtPkg/ArmCcaIoMmuDxe/ArmCcaIoMmu.c                                              | 813 ++++++++++++++++++++
 ArmVirtPkg/ArmCcaIoMmuDxe/ArmCcaIoMmu.h                                              |  66 ++
 ArmVirtPkg/ArmCcaIoMmuDxe/ArmCcaIoMmuDxe.c                                           |  59 ++
 ArmVirtPkg/ArmCcaIoMmuDxe/ArmCcaIoMmuDxe.inf                                         |  45 ++
 ArmVirtPkg/ArmVirt.dsc.inc                                                           |   6 +-
 ArmVirtPkg/ArmVirtKvmTool.dsc                                                        |  54 +-
 ArmVirtPkg/ArmVirtKvmTool.fdf                                                        |  24 +-
 ArmVirtPkg/ArmVirtPkg.dec                                                            |   7 +
 ArmVirtPkg/Include/Library/ArmCcaInitPeiLib.h                                        |  49 ++
 ArmVirtPkg/Include/Library/ArmCcaLib.h                                               | 114 +++
 ArmVirtPkg/Include/Library/ArmCcaRsiLib.h                                            | 253 ++++++
 ArmVirtPkg/Include/Library/ArmVirtMemInfoLib.h                                       |  19 +-
 ArmVirtPkg/Include/Protocol/RealmApertureManagementProtocol.h                        | 103 +++
 ArmVirtPkg/Library/ArmCcaInitPeiLib/ArmCcaInitPeiLib.c                               | 116 +++
 ArmVirtPkg/Library/ArmCcaInitPeiLib/ArmCcaInitPeiLib.inf                             |  39 +
 ArmVirtPkg/Library/ArmCcaInitPeiLibNull/ArmCcaInitPeiLibNull.c                       |  59 ++
 ArmVirtPkg/Library/ArmCcaInitPeiLibNull/ArmCcaInitPeiLibNull.inf                     |  27 +
 ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.c                                             | 190 +++++
 ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.inf                                           |  34 +
 ArmVirtPkg/Library/ArmCcaLibNull/ArmCcaLibNull.c                                     | 117 +++
 ArmVirtPkg/Library/ArmCcaLibNull/ArmCcaLibNull.inf                                   |  28 +
 ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsi.h                                          |  48 ++
 ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.c                                       | 561 ++++++++++++++
 ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.inf                                     |  29 +
 ArmVirtPkg/Library/CloudHvVirtMemInfoLib/CloudHvVirtMemInfoLib.c                     |  22 +-
 ArmVirtPkg/Library/KvmtoolVirtMemInfoLib/KvmtoolVirtMemInfoLib.c                     |  39 +-
 ArmVirtPkg/Library/KvmtoolVirtMemInfoLib/KvmtoolVirtMemInfoLib.inf                   |   3 +-
 ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.c                           |  21 +
 ArmVirtPkg/Library/XenVirtMemInfoLib/XenVirtMemInfoLib.c                             |  21 +
 ArmVirtPkg/PrePi/AArch64/ModuleEntryPoint.S                                          |   6 +-
 ArmVirtPkg/PrePi/ArmVirtPrePiUniCoreRelocatable.inf                                  |   3 +-
 ArmVirtPkg/PrePi/PrePi.c                                                             |  10 +-
 ArmVirtPkg/RealmApertureManagementProtocolDxe/RealmApertureManagementProtocolDxe.c   | 656 ++++++++++++++++
 ArmVirtPkg/RealmApertureManagementProtocolDxe/RealmApertureManagementProtocolDxe.inf |  48 ++
 MdePkg/Library/BaseRngLib/AArch64/Rndr.c                                             |   8 +-
 46 files changed, 3906 insertions(+), 38 deletions(-)
 create mode 100644 ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.c
 create mode 100644 ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.inf
 create mode 100644 ArmVirtPkg/ArmCcaIoMmuDxe/ArmCcaIoMmu.c
 create mode 100644 ArmVirtPkg/ArmCcaIoMmuDxe/ArmCcaIoMmu.h
 create mode 100644 ArmVirtPkg/ArmCcaIoMmuDxe/ArmCcaIoMmuDxe.c
 create mode 100644 ArmVirtPkg/ArmCcaIoMmuDxe/ArmCcaIoMmuDxe.inf
 create mode 100644 ArmVirtPkg/Include/Library/ArmCcaInitPeiLib.h
 create mode 100644 ArmVirtPkg/Include/Library/ArmCcaLib.h
 create mode 100644 ArmVirtPkg/Include/Library/ArmCcaRsiLib.h
 create mode 100644 ArmVirtPkg/Include/Protocol/RealmApertureManagementProtocol.h
 create mode 100644 ArmVirtPkg/Library/ArmCcaInitPeiLib/ArmCcaInitPeiLib.c
 create mode 100644 ArmVirtPkg/Library/ArmCcaInitPeiLib/ArmCcaInitPeiLib.inf
 create mode 100644 ArmVirtPkg/Library/ArmCcaInitPeiLibNull/ArmCcaInitPeiLibNull.c
 create mode 100644 ArmVirtPkg/Library/ArmCcaInitPeiLibNull/ArmCcaInitPeiLibNull.inf
 create mode 100644 ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.c
 create mode 100644 ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.inf
 create mode 100644 ArmVirtPkg/Library/ArmCcaLibNull/ArmCcaLibNull.c
 create mode 100644 ArmVirtPkg/Library/ArmCcaLibNull/ArmCcaLibNull.inf
 create mode 100644 ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsi.h
 create mode 100644 ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.c
 create mode 100644 ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.inf
 create mode 100644 ArmVirtPkg/RealmApertureManagementProtocolDxe/RealmApertureManagementProtocolDxe.c
 create mode 100644 ArmVirtPkg/RealmApertureManagementProtocolDxe/RealmApertureManagementProtocolDxe.inf

-- 
'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#103581): https://edk2.groups.io/g/devel/message/103581
Mute This Topic: https://groups.io/mt/98496036/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Hello,

On Tue, Apr 25, 2023 at 05:03:58PM +0100, Sami Mujawar wrote:
> We are happy to announce an early RFC version of the Arm Confidential
> Compute Architecture (CCA) support for the Kvmtool guest firmware.
> The intention is to seek early feedback in the following areas:
>  * Integration of the Arm CCA in ArmVirtPkg
>  * Generalise the operations wherever possible with other Confidential
>    Compute solutions and Virtual Machine Managers (VMMs)

Experimental support for ArmVirtQemu is available at [1]. Most of it
simply includes Sami's libraries into ArmVirtQemu, but there are a few
things specific to QEMU, one of which I still haven't figured out.

The early debug support in PEI is problematic. A realm must access the
emulated serial port through unprotected Intermediate Physical Address
(IPA aka GPA) which is the upper half of the IPA space. The IPA address
must have the most significant bit set. Once the MMU is enabled and
ArmCcaConfigureMmio() runs, the page tables point to the right IPA so
there is no problem. Before that however, EarlyFdtPL011SerialPortLib would
need to access the device using the unprotected IPA address. So far I
haven't managed to implement this, so the early serial debug is just
disabled.

Another QEMU-specific: in direct kernel boot (-kernel on the
command-line), the FwCfg device provides kernel, initrd and other blobs to
the guest firmware. Since these are not in guest RAM before VM boot, they
are not part of the Realm Initial Measurement, which provides image
attestation. In order for the Realm owner to authenticate these images,
I added a BlobVerifier that adds the hash of these blobs to the Realm
Extended Measurement.

I haven't looked at supporting ArmVirtQemuKernel yet. The latest QEMU VMM
support for Arm CCA is at [2], and a typical invocation would be:

qemu-system-aarch64 -M confidential-guest-support=rme0 -object rme-guest,id=rme0
  -M virt -enable-kvm -M gic-version=3 -cpu host,sve=off -smp 2 -m 256M
  -bios QEMU_EFI.fd -kernel Image -initrd rootfs.cpio
  -overcommit mem-lock=on -no-acpi -nographic -append 'earlycon console=ttyAMA0'

Thanks,
Jean

[1] https://jpbrucker.net/git/edk2/ branch cca/qemu
[2] https://jpbrucker.net/git/qemu/ branch cca/rfc-v2


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#104032): https://edk2.groups.io/g/devel/message/104032
Mute This Topic: https://groups.io/mt/98496036/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

On Thu, 4 May 2023 at 17:13, Jean-Philippe Brucker
<jean-philippe@linaro.org> wrote:
>
> Hello,
>
> On Tue, Apr 25, 2023 at 05:03:58PM +0100, Sami Mujawar wrote:
> > We are happy to announce an early RFC version of the Arm Confidential
> > Compute Architecture (CCA) support for the Kvmtool guest firmware.
> > The intention is to seek early feedback in the following areas:
> >  * Integration of the Arm CCA in ArmVirtPkg
> >  * Generalise the operations wherever possible with other Confidential
> >    Compute solutions and Virtual Machine Managers (VMMs)
>
> Experimental support for ArmVirtQemu is available at [1]. Most of it
> simply includes Sami's libraries into ArmVirtQemu, but there are a few
> things specific to QEMU, one of which I still haven't figured out.
>
> The early debug support in PEI is problematic. A realm must access the
> emulated serial port through unprotected Intermediate Physical Address
> (IPA aka GPA) which is the upper half of the IPA space. The IPA address
> must have the most significant bit set. Once the MMU is enabled and
> ArmCcaConfigureMmio() runs, the page tables point to the right IPA so
> there is no problem. Before that however, EarlyFdtPL011SerialPortLib would
> need to access the device using the unprotected IPA address. So far I
> haven't managed to implement this, so the early serial debug is just
> disabled.
>

Did you spot the changes I made recently for booting at EL1 with hard
coded [initial] page tables in flash? It seems to me that mapping the
serial port in there shouldn't be that hard.

> Another QEMU-specific: in direct kernel boot (-kernel on the
> command-line), the FwCfg device provides kernel, initrd and other blobs to
> the guest firmware. Since these are not in guest RAM before VM boot, they
> are not part of the Realm Initial Measurement, which provides image
> attestation. In order for the Realm owner to authenticate these images,
> I added a BlobVerifier that adds the hash of these blobs to the Realm
> Extended Measurement.
>
> I haven't looked at supporting ArmVirtQemuKernel yet. The latest QEMU VMM
> support for Arm CCA is at [2], and a typical invocation would be:
>
> qemu-system-aarch64 -M confidential-guest-support=rme0 -object rme-guest,id=rme0
>   -M virt -enable-kvm -M gic-version=3 -cpu host,sve=off -smp 2 -m 256M
>   -bios QEMU_EFI.fd -kernel Image -initrd rootfs.cpio
>   -overcommit mem-lock=on -no-acpi -nographic -append 'earlycon console=ttyAMA0'
>
> Thanks,
> Jean
>
> [1] https://jpbrucker.net/git/edk2/ branch cca/qemu
> [2] https://jpbrucker.net/git/qemu/ branch cca/rfc-v2

Thanks, this looks very interesting.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#104033): https://edk2.groups.io/g/devel/message/104033
Mute This Topic: https://groups.io/mt/98496036/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

On Thu, May 04, 2023 at 05:36:32PM +0200, Ard Biesheuvel wrote:
> On Thu, 4 May 2023 at 17:13, Jean-Philippe Brucker
> <jean-philippe@linaro.org> wrote:
> >
> > Hello,
> >
> > On Tue, Apr 25, 2023 at 05:03:58PM +0100, Sami Mujawar wrote:
> > > We are happy to announce an early RFC version of the Arm Confidential
> > > Compute Architecture (CCA) support for the Kvmtool guest firmware.
> > > The intention is to seek early feedback in the following areas:
> > >  * Integration of the Arm CCA in ArmVirtPkg
> > >  * Generalise the operations wherever possible with other Confidential
> > >    Compute solutions and Virtual Machine Managers (VMMs)
> >
> > Experimental support for ArmVirtQemu is available at [1]. Most of it
> > simply includes Sami's libraries into ArmVirtQemu, but there are a few
> > things specific to QEMU, one of which I still haven't figured out.
> >
> > The early debug support in PEI is problematic. A realm must access the
> > emulated serial port through unprotected Intermediate Physical Address
> > (IPA aka GPA) which is the upper half of the IPA space. The IPA address
> > must have the most significant bit set. Once the MMU is enabled and
> > ArmCcaConfigureMmio() runs, the page tables point to the right IPA so
> > there is no problem. Before that however, EarlyFdtPL011SerialPortLib would
> > need to access the device using the unprotected IPA address. So far I
> > haven't managed to implement this, so the early serial debug is just
> > disabled.
> >
> 
> Did you spot the changes I made recently for booting at EL1 with hard
> coded [initial] page tables in flash? It seems to me that mapping the
> serial port in there shouldn't be that hard.

Ah I did but I had misunderstood your change, it does set a TTBR right at
the beginning in ArmPlatformPeiBootAction. Although we can't hardcode the
serial port mapping (because its address in a Realm depends on the IPA
width which varies across VM configurations), I can probably patch it
early enough.

Thanks,
Jean


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#104109): https://edk2.groups.io/g/devel/message/104109
Mute This Topic: https://groups.io/mt/98496036/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-