From nobody Sat Nov 23 22:48:33 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1730788680; cv=none; d=zohomail.com; s=zohoarc; b=REJY+oVDI+QBqgGqGXq08Vwk6/pJ/uzxeO0ugfXHXfJ1J9aBIg2DkGS6ADYjbVpQ1+jVxTg6k70wgfmxY67HfH17VqYQJ5oxhsTHjvXf+4KrdTAs/fTEJ3DotCG5Fanqz8RmM5/2v1Z0yESJ34YNbeqDMfvQRPIxqsSeocZrdW0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1730788680; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=cw73k2JclDw+UmDr1fEy/qfzR2w3IDMbnLQecJGJSmU=; b=eeulEPPTr4+kOevFEYbKbZlOdtqS0XpTbl7mcaHAPjJJR7DoBXxaNsk1BedfFMYvQ892KqHRV1bMmw4aPVvYnb9K/pO0AMt6iClOSP6yzBRSFr/36kIb4n4Y2tYK5ROEcwRIYeHNB/M7SqQVlCubR0Q13KW/NeEUboaKj5N5yqw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1730788680109210.46069668372866; Mon, 4 Nov 2024 22:38:00 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t8DCE-0005kl-V3; Tue, 05 Nov 2024 01:37:47 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t8DC9-0005Rl-4K for qemu-devel@nongnu.org; Tue, 05 Nov 2024 01:37:41 -0500 Received: from mgamail.intel.com ([198.175.65.18]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t8DC7-0001vJ-5L for qemu-devel@nongnu.org; Tue, 05 Nov 2024 01:37:40 -0500 Received: from fmviesa009.fm.intel.com ([10.60.135.149]) by orvoesa110.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Nov 2024 22:37:38 -0800 Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa009.fm.intel.com with ESMTP; 04 Nov 2024 22:37:30 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730788659; x=1762324659; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=eviZxt2uHCaBFHxS9OQDjWkbBKzkgFdGvefQVCQtPgg=; b=A1oG4MNKZRB6H0b7HYYv1iGqgeyi5f1ao5hDzCpt0itAXQ+5J/ctczL9 3p1ZVsxsir33nUS8RsNNNwxXcZhULA6pW4hbA2kGc3/5pmGV1WuG3JSya a/MtJPLXLTq8wzurnGlKgumWP68ZvRqLqexe3lDmfsyIAnyIvFSDMgvSZ bIQ/k2SYw/VnwCn4ze1rcr2nwMGH2ql85qWqAlKzPRN+SjdQw1HZ8bdPr v5nn6VGo4c9mPeBzMzO2gb5qzYSyt7npToK623GyzPaPtpIicP8YZ29nO 9EGs9xVx8lf2wcgN/HEuyRCuSoL71Q2YtlpPYBJY0FYezAqo4pwVbNf3E A==; X-CSE-ConnectionGUID: 5ivbuK6pSZmxtT0EBpWxLQ== X-CSE-MsgGUID: p9BFSTonQR+cc9x1QMMNlw== X-IronPort-AV: E=McAfee;i="6700,10204,11222"; a="30689480" X-IronPort-AV: E=Sophos;i="6.11,199,1725346800"; d="scan'208";a="30689480" X-CSE-ConnectionGUID: h4M+rUgqSuWhYI8H31oyhw== X-CSE-MsgGUID: rtUp98ElRPurPn+fT+1nsg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,259,1725346800"; d="scan'208";a="83988899" From: Xiaoyao Li To: Paolo Bonzini , Riku Voipio , Richard Henderson , Zhao Liu , "Michael S. Tsirkin" , Marcel Apfelbaum , Igor Mammedov , Ani Sinha Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Yanan Wang , Cornelia Huck , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Eric Blake , Markus Armbruster , Marcelo Tosatti , rick.p.edgecombe@intel.com, kvm@vger.kernel.org, qemu-devel@nongnu.org, xiaoyao.li@intel.com Subject: [PATCH v6 17/60] i386/tdx: load TDVF for TD guest Date: Tue, 5 Nov 2024 01:23:25 -0500 Message-Id: <20241105062408.3533704-18-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241105062408.3533704-1-xiaoyao.li@intel.com> References: <20241105062408.3533704-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=198.175.65.18; envelope-from=xiaoyao.li@intel.com; helo=mgamail.intel.com X-Spam_score_int: -39 X-Spam_score: -4.0 X-Spam_bar: ---- X-Spam_report: (-4.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.34, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.781, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @intel.com) X-ZM-MESSAGEID: 1730788681463116600 Content-Type: text/plain; charset="utf-8" From: Chao Peng TDVF(OVMF) needs to run at private memory for TD guest. TDX cannot support pflash device since it doesn't support read-only private memory. Thus load TDVF(OVMF) with -bios option for TDs. Use memory_region_init_ram_guest_memfd() to allocate the MemoryRegion for TDVF because it needs to be located at private memory. Also store the MemoryRegion pointer of TDVF since the shared ramblock of it can be discared after it gets copied to private ramblock. Signed-off-by: Chao Peng Co-developed-by: Xiaoyao Li Signed-off-by: Xiaoyao Li --- hw/i386/x86-common.c | 6 +++++- target/i386/kvm/tdx.c | 6 ++++++ target/i386/kvm/tdx.h | 3 +++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index b86c38212eab..1df496a15eff 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -44,6 +44,7 @@ #include "standard-headers/asm-x86/bootparam.h" #include CONFIG_DEVICES #include "kvm/kvm_i386.h" +#include "kvm/tdx.h" =20 #ifdef CONFIG_XEN_EMU #include "hw/xen/xen.h" @@ -1007,11 +1008,14 @@ void x86_bios_rom_init(X86MachineState *x86ms, cons= t char *default_firmware, if (machine_require_guest_memfd(MACHINE(x86ms))) { memory_region_init_ram_guest_memfd(&x86ms->bios, NULL, "pc.bios", bios_size, &error_fatal); + if (is_tdx_vm()) { + tdx_set_tdvf_region(&x86ms->bios); + } } else { memory_region_init_ram(&x86ms->bios, NULL, "pc.bios", bios_size, &error_fatal); } - if (sev_enabled()) { + if (sev_enabled() || is_tdx_vm()) { /* * The concept of a "reset" simply doesn't exist for * confidential computing guests, we have to destroy and diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 4193211c3190..d5ebc2430fd1 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -120,6 +120,12 @@ static int get_tdx_capabilities(Error **errp) return 0; } =20 +void tdx_set_tdvf_region(MemoryRegion *tdvf_mr) +{ + assert(!tdx_guest->tdvf_mr); + tdx_guest->tdvf_mr =3D tdvf_mr; +} + static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { TdxGuest *tdx =3D TDX_GUEST(cgs); diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index 0aebc7e3f6c9..e5d836805385 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -28,6 +28,8 @@ typedef struct TdxGuest { char *mrconfigid; /* base64 encoded sha348 digest */ char *mrowner; /* base64 encoded sha348 digest */ char *mrownerconfig; /* base64 encoded sha348 digest */ + + MemoryRegion *tdvf_mr; } TdxGuest; =20 #ifdef CONFIG_TDX @@ -37,5 +39,6 @@ bool is_tdx_vm(void); #endif /* CONFIG_TDX */ =20 int tdx_pre_create_vcpu(CPUState *cpu, Error **errp); +void tdx_set_tdvf_region(MemoryRegion *tdvf_mr); =20 #endif /* QEMU_I386_TDX_H */ --=20 2.34.1