tests/functional/test_aarch64_virt.py | 62 +++++++++++++++++++++++++++ 1 file changed, 62 insertions(+)
This boot an OP-TEE environment, and launch a nested guest VM inside it
using the Realms feature.
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
---
tests/functional/test_aarch64_virt.py | 62 +++++++++++++++++++++++++++
1 file changed, 62 insertions(+)
diff --git a/tests/functional/test_aarch64_virt.py b/tests/functional/test_aarch64_virt.py
index 30bab5a677c..3e8f9372132 100755
--- a/tests/functional/test_aarch64_virt.py
+++ b/tests/functional/test_aarch64_virt.py
@@ -18,6 +18,7 @@
from qemu_test import QemuSystemTest, Asset
from qemu_test import exec_command, wait_for_console_pattern
from qemu_test import get_qemu_img, run_cmd
+from qemu_test.utils import archive_extract
class Aarch64VirtMachine(QemuSystemTest):
@@ -129,6 +130,67 @@ def test_aarch64_virt_gicv2(self):
return
self.common_aarch64_virt("virt,gic-version=2")
+ # Stack is built with OP-TEE build environment from those instructions:
+ # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/
+ # https://github.com/pbo-linaro/qemu-rme-stack
+ ASSET_RME_STACK = Asset(
+ ('https://fileserver.linaro.org/s/JX7oNgfDeGXSxcY/'
+ 'download/rme-stack-op-tee-4.2.0.tar.gz'),
+ '1f240f55e8a7a66489c2b7db5d40391e5dcfdd54c82600bd0d4b2145b9a0fbfb')
+
+ # This tests the FEAT_RME cpu implementation, by booting a VM supporting it,
+ # and launching a nested VM using it.
+ def test_aarch64_virt_rme(self):
+ stack_path_tar_gz = self.ASSET_RME_STACK.fetch()
+ archive_extract(stack_path_tar_gz, self.workdir)
+
+ self.set_machine('virt')
+ self.vm.set_console()
+ self.require_accelerator('tcg')
+
+ rme_stack = os.path.join(self.workdir, 'rme-stack')
+ kernel = os.path.join(rme_stack, 'out', 'bin', 'Image')
+ bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin')
+ drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4')
+
+ self.vm.add_args('-accel', 'tcg')
+ self.vm.add_args('-cpu', 'max,x-rme=on')
+ self.vm.add_args('-m', '2048')
+ self.vm.add_args('-M', 'virt,acpi=off,'
+ 'virtualization=on,'
+ 'secure=on,'
+ 'gic-version=3')
+ self.vm.add_args('-bios', bios)
+ self.vm.add_args('-kernel', kernel)
+ self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0')
+ self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0')
+ self.vm.add_args('-device', 'virtio-9p-device,fsdev=shr0,mount_tag=shr0')
+ self.vm.add_args('-fsdev', f'local,security_model=none,path={rme_stack},id=shr0')
+ self.vm.add_args('-device', 'virtio-net-pci,netdev=net0')
+ self.vm.add_args('-netdev', 'user,id=net0')
+ self.vm.add_args('-append', 'root=/dev/vda')
+
+ self.vm.launch()
+ self.wait_for_console_pattern('Welcome to Buildroot')
+ time.sleep(0.1)
+ exec_command(self, 'root')
+ time.sleep(0.1)
+
+ # We now boot the (nested) guest VM
+ exec_command(self,
+ 'qemu-system-aarch64 -M virt,gic-version=3 '
+ '-cpu host -enable-kvm -m 512M '
+ '-M confidential-guest-support=rme0 '
+ '-object rme-guest,id=rme0,measurement-algo=sha512 '
+ '-device virtio-net-pci,netdev=net0,romfile= '
+ '-netdev user,id=net0 '
+ '-kernel /mnt/out/bin/Image '
+ '-initrd /mnt/out-br/images/rootfs.cpio '
+ '-serial stdio')
+ # Detect Realm activation during boot.
+ self.wait_for_console_pattern('SMC_RMI_REALM_ACTIVATE')
+ # Wait for boot to complete.
+ self.wait_for_console_pattern('Welcome to Buildroot')
if __name__ == '__main__':
QemuSystemTest.main()
--
2.39.5Pierrick Bouvier <pierrick.bouvier@linaro.org> writes:
> This boot an OP-TEE environment, and launch a nested guest VM inside it
> using the Realms feature.
>
> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
> ---
> tests/functional/test_aarch64_virt.py | 62 +++++++++++++++++++++++++++
> 1 file changed, 62 insertions(+)
>
> diff --git a/tests/functional/test_aarch64_virt.py b/tests/functional/test_aarch64_virt.py
> index 30bab5a677c..3e8f9372132 100755
> --- a/tests/functional/test_aarch64_virt.py
> +++ b/tests/functional/test_aarch64_virt.py
> @@ -18,6 +18,7 @@
> from qemu_test import QemuSystemTest, Asset
> from qemu_test import exec_command, wait_for_console_pattern
> from qemu_test import get_qemu_img, run_cmd
> +from qemu_test.utils import archive_extract
>
>
> class Aarch64VirtMachine(QemuSystemTest):
> @@ -129,6 +130,67 @@ def test_aarch64_virt_gicv2(self):
> return
> self.common_aarch64_virt("virt,gic-version=2")
>
> + # Stack is built with OP-TEE build environment from those instructions:
> + # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/
> + # https://github.com/pbo-linaro/qemu-rme-stack
> + ASSET_RME_STACK = Asset(
> + ('https://fileserver.linaro.org/s/JX7oNgfDeGXSxcY/'
> + 'download/rme-stack-op-tee-4.2.0.tar.gz'),
> + '1f240f55e8a7a66489c2b7db5d40391e5dcfdd54c82600bd0d4b2145b9a0fbfb')
> +
> + # This tests the FEAT_RME cpu implementation, by booting a VM supporting it,
> + # and launching a nested VM using it.
> + def test_aarch64_virt_rme(self):
> + stack_path_tar_gz = self.ASSET_RME_STACK.fetch()
> + archive_extract(stack_path_tar_gz, self.workdir)
> +
> + self.set_machine('virt')
> + self.vm.set_console()
> + self.require_accelerator('tcg')
> +
> + rme_stack = os.path.join(self.workdir, 'rme-stack')
> + kernel = os.path.join(rme_stack, 'out', 'bin', 'Image')
> + bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin')
> + drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4')
> +
> + self.vm.add_args('-accel', 'tcg')
> + self.vm.add_args('-cpu', 'max,x-rme=on')
> + self.vm.add_args('-m', '2048')
> + self.vm.add_args('-M', 'virt,acpi=off,'
> + 'virtualization=on,'
> + 'secure=on,'
> + 'gic-version=3')
> + self.vm.add_args('-bios', bios)
> + self.vm.add_args('-kernel', kernel)
> + self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0')
> + self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0')
> + self.vm.add_args('-device', 'virtio-9p-device,fsdev=shr0,mount_tag=shr0')
> + self.vm.add_args('-fsdev', f'local,security_model=none,path={rme_stack},id=shr0')
> + self.vm.add_args('-device', 'virtio-net-pci,netdev=net0')
> + self.vm.add_args('-netdev', 'user,id=net0')
> + self.vm.add_args('-append', 'root=/dev/vda')
> +
> + self.vm.launch()
> + self.wait_for_console_pattern('Welcome to Buildroot')
> + time.sleep(0.1)
> + exec_command(self, 'root')
> + time.sleep(0.1)
> +
> + # We now boot the (nested) guest VM
> + exec_command(self,
> + 'qemu-system-aarch64 -M virt,gic-version=3 '
> + '-cpu host -enable-kvm -m 512M '
> + '-M confidential-guest-support=rme0 '
> + '-object rme-guest,id=rme0,measurement-algo=sha512 '
> + '-device virtio-net-pci,netdev=net0,romfile= '
> + '-netdev user,id=net0 '
> + '-kernel /mnt/out/bin/Image '
> + '-initrd /mnt/out-br/images/rootfs.cpio '
> + '-serial stdio')
> + # Detect Realm activation during boot.
> + self.wait_for_console_pattern('SMC_RMI_REALM_ACTIVATE')
> + # Wait for boot to complete.
> + self.wait_for_console_pattern('Welcome to Buildroot')
This is the same as above? Or the console of the guest?
Could we also check the output of the other serial posts?
>
> if __name__ == '__main__':
> QemuSystemTest.main()
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
On 11/25/24 10:00, Alex Bennée wrote:
> Pierrick Bouvier <pierrick.bouvier@linaro.org> writes:
>
>> This boot an OP-TEE environment, and launch a nested guest VM inside it
>> using the Realms feature.
>>
>> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
>> ---
>> tests/functional/test_aarch64_virt.py | 62 +++++++++++++++++++++++++++
>> 1 file changed, 62 insertions(+)
>>
>> diff --git a/tests/functional/test_aarch64_virt.py b/tests/functional/test_aarch64_virt.py
>> index 30bab5a677c..3e8f9372132 100755
>> --- a/tests/functional/test_aarch64_virt.py
>> +++ b/tests/functional/test_aarch64_virt.py
>> @@ -18,6 +18,7 @@
>> from qemu_test import QemuSystemTest, Asset
>> from qemu_test import exec_command, wait_for_console_pattern
>> from qemu_test import get_qemu_img, run_cmd
>> +from qemu_test.utils import archive_extract
>>
>>
>> class Aarch64VirtMachine(QemuSystemTest):
>> @@ -129,6 +130,67 @@ def test_aarch64_virt_gicv2(self):
>> return
>> self.common_aarch64_virt("virt,gic-version=2")
>>
>> + # Stack is built with OP-TEE build environment from those instructions:
>> + # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/
>> + # https://github.com/pbo-linaro/qemu-rme-stack
>> + ASSET_RME_STACK = Asset(
>> + ('https://fileserver.linaro.org/s/JX7oNgfDeGXSxcY/'
>> + 'download/rme-stack-op-tee-4.2.0.tar.gz'),
>> + '1f240f55e8a7a66489c2b7db5d40391e5dcfdd54c82600bd0d4b2145b9a0fbfb')
>> +
>> + # This tests the FEAT_RME cpu implementation, by booting a VM supporting it,
>> + # and launching a nested VM using it.
>> + def test_aarch64_virt_rme(self):
>> + stack_path_tar_gz = self.ASSET_RME_STACK.fetch()
>> + archive_extract(stack_path_tar_gz, self.workdir)
>> +
>> + self.set_machine('virt')
>> + self.vm.set_console()
>> + self.require_accelerator('tcg')
>> +
>> + rme_stack = os.path.join(self.workdir, 'rme-stack')
>> + kernel = os.path.join(rme_stack, 'out', 'bin', 'Image')
>> + bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin')
>> + drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4')
>> +
>> + self.vm.add_args('-accel', 'tcg')
>> + self.vm.add_args('-cpu', 'max,x-rme=on')
>> + self.vm.add_args('-m', '2048')
>> + self.vm.add_args('-M', 'virt,acpi=off,'
>> + 'virtualization=on,'
>> + 'secure=on,'
>> + 'gic-version=3')
>> + self.vm.add_args('-bios', bios)
>> + self.vm.add_args('-kernel', kernel)
>> + self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0')
>> + self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0')
>> + self.vm.add_args('-device', 'virtio-9p-device,fsdev=shr0,mount_tag=shr0')
>> + self.vm.add_args('-fsdev', f'local,security_model=none,path={rme_stack},id=shr0')
>> + self.vm.add_args('-device', 'virtio-net-pci,netdev=net0')
>> + self.vm.add_args('-netdev', 'user,id=net0')
>> + self.vm.add_args('-append', 'root=/dev/vda')
>> +
>> + self.vm.launch()
>> + self.wait_for_console_pattern('Welcome to Buildroot')
>> + time.sleep(0.1)
>> + exec_command(self, 'root')
>> + time.sleep(0.1)
>> +
>> + # We now boot the (nested) guest VM
>> + exec_command(self,
>> + 'qemu-system-aarch64 -M virt,gic-version=3 '
>> + '-cpu host -enable-kvm -m 512M '
>> + '-M confidential-guest-support=rme0 '
>> + '-object rme-guest,id=rme0,measurement-algo=sha512 '
>> + '-device virtio-net-pci,netdev=net0,romfile= '
>> + '-netdev user,id=net0 '
>> + '-kernel /mnt/out/bin/Image '
>> + '-initrd /mnt/out-br/images/rootfs.cpio '
>> + '-serial stdio')
>> + # Detect Realm activation during boot.
>> + self.wait_for_console_pattern('SMC_RMI_REALM_ACTIVATE')
>> + # Wait for boot to complete.
>> + self.wait_for_console_pattern('Welcome to Buildroot')
>
> This is the same as above? Or the console of the guest?
>
It's the guest yes, as the comment try to explain.
I chose to implement it this way, instead of going with a separate
socket, because it would make the test code much more complicated with
no real benefit.
> Could we also check the output of the other serial posts?
>
Host does not print anything.
We already check guest.
Message 'SMC_RMI_REALM_ACTIVATE' comes from the firmware.
Secure terminal is completely silent.
Were you thinking to something else?
Feel free to try [1], you can build and launch the vm in two commands
without having to install anything on your machine.
[1] https://github.com/pbo-linaro/qemu-rme-stack
>>
>> if __name__ == '__main__':
>> QemuSystemTest.main()
>
Pierrick Bouvier <pierrick.bouvier@linaro.org> writes:
> On 11/25/24 10:00, Alex Bennée wrote:
>> Pierrick Bouvier <pierrick.bouvier@linaro.org> writes:
>>
>>> This boot an OP-TEE environment, and launch a nested guest VM inside it
>>> using the Realms feature.
>>>
>>> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
>>> ---
>>> tests/functional/test_aarch64_virt.py | 62 +++++++++++++++++++++++++++
>>> 1 file changed, 62 insertions(+)
>>>
>>> diff --git a/tests/functional/test_aarch64_virt.py b/tests/functional/test_aarch64_virt.py
>>> index 30bab5a677c..3e8f9372132 100755
>>> --- a/tests/functional/test_aarch64_virt.py
>>> +++ b/tests/functional/test_aarch64_virt.py
>>> @@ -18,6 +18,7 @@
>>> from qemu_test import QemuSystemTest, Asset
>>> from qemu_test import exec_command, wait_for_console_pattern
>>> from qemu_test import get_qemu_img, run_cmd
>>> +from qemu_test.utils import archive_extract
>>> class Aarch64VirtMachine(QemuSystemTest):
>>> @@ -129,6 +130,67 @@ def test_aarch64_virt_gicv2(self):
>>> return
>>> self.common_aarch64_virt("virt,gic-version=2")
>>> + # Stack is built with OP-TEE build environment from those
>>> instructions:
>>> + # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/
>>> + # https://github.com/pbo-linaro/qemu-rme-stack
>>> + ASSET_RME_STACK = Asset(
>>> + ('https://fileserver.linaro.org/s/JX7oNgfDeGXSxcY/'
>>> + 'download/rme-stack-op-tee-4.2.0.tar.gz'),
>>> + '1f240f55e8a7a66489c2b7db5d40391e5dcfdd54c82600bd0d4b2145b9a0fbfb')
>>> +
>>> + # This tests the FEAT_RME cpu implementation, by booting a VM supporting it,
>>> + # and launching a nested VM using it.
>>> + def test_aarch64_virt_rme(self):
>>> + stack_path_tar_gz = self.ASSET_RME_STACK.fetch()
>>> + archive_extract(stack_path_tar_gz, self.workdir)
>>> +
>>> + self.set_machine('virt')
>>> + self.vm.set_console()
>>> + self.require_accelerator('tcg')
>>> +
>>> + rme_stack = os.path.join(self.workdir, 'rme-stack')
>>> + kernel = os.path.join(rme_stack, 'out', 'bin', 'Image')
>>> + bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin')
>>> + drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4')
>>> +
>>> + self.vm.add_args('-accel', 'tcg')
>>> + self.vm.add_args('-cpu', 'max,x-rme=on')
>>> + self.vm.add_args('-m', '2048')
>>> + self.vm.add_args('-M', 'virt,acpi=off,'
>>> + 'virtualization=on,'
>>> + 'secure=on,'
>>> + 'gic-version=3')
>>> + self.vm.add_args('-bios', bios)
>>> + self.vm.add_args('-kernel', kernel)
>>> + self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0')
>>> + self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0')
>>> + self.vm.add_args('-device', 'virtio-9p-device,fsdev=shr0,mount_tag=shr0')
>>> + self.vm.add_args('-fsdev', f'local,security_model=none,path={rme_stack},id=shr0')
>>> + self.vm.add_args('-device', 'virtio-net-pci,netdev=net0')
>>> + self.vm.add_args('-netdev', 'user,id=net0')
>>> + self.vm.add_args('-append', 'root=/dev/vda')
>>> +
>>> + self.vm.launch()
>>> + self.wait_for_console_pattern('Welcome to Buildroot')
>>> + time.sleep(0.1)
>>> + exec_command(self, 'root')
>>> + time.sleep(0.1)
>>> +
>>> + # We now boot the (nested) guest VM
>>> + exec_command(self,
>>> + 'qemu-system-aarch64 -M virt,gic-version=3 '
>>> + '-cpu host -enable-kvm -m 512M '
>>> + '-M confidential-guest-support=rme0 '
>>> + '-object rme-guest,id=rme0,measurement-algo=sha512 '
>>> + '-device virtio-net-pci,netdev=net0,romfile= '
>>> + '-netdev user,id=net0 '
>>> + '-kernel /mnt/out/bin/Image '
>>> + '-initrd /mnt/out-br/images/rootfs.cpio '
>>> + '-serial stdio')
>>> + # Detect Realm activation during boot.
>>> + self.wait_for_console_pattern('SMC_RMI_REALM_ACTIVATE')
>>> + # Wait for boot to complete.
>>> + self.wait_for_console_pattern('Welcome to Buildroot')
>> This is the same as above? Or the console of the guest?
>>
>
> It's the guest yes, as the comment try to explain.
> I chose to implement it this way, instead of going with a separate
> socket, because it would make the test code much more complicated with
> no real benefit.
Can you interact with that console? I'm wondering if we can stimulate
the realm to do something a bit more than to get to the login prompt.
I agree sinking multiple serial ports would make the test more complex
and we shouldn't do it if we can prove everything works via the guests
interaction.
>> Could we also check the output of the other serial posts?
>>
>
> Host does not print anything.
> We already check guest.
> Message 'SMC_RMI_REALM_ACTIVATE' comes from the firmware.
> Secure terminal is completely silent.
>
> Were you thinking to something else?
>
> Feel free to try [1], you can build and launch the vm in two commands
> without having to install anything on your machine.
>
> [1] https://github.com/pbo-linaro/qemu-rme-stack
Nice ;-)
>
>>> if __name__ == '__main__':
>>> QemuSystemTest.main()
>>
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
On 11/26/24 02:51, Alex Bennée wrote:
> Pierrick Bouvier <pierrick.bouvier@linaro.org> writes:
>
>> On 11/25/24 10:00, Alex Bennée wrote:
>>> Pierrick Bouvier <pierrick.bouvier@linaro.org> writes:
>>>
>>>> This boot an OP-TEE environment, and launch a nested guest VM inside it
>>>> using the Realms feature.
>>>>
>>>> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
>>>> ---
>>>> tests/functional/test_aarch64_virt.py | 62 +++++++++++++++++++++++++++
>>>> 1 file changed, 62 insertions(+)
>>>>
>>>> diff --git a/tests/functional/test_aarch64_virt.py b/tests/functional/test_aarch64_virt.py
>>>> index 30bab5a677c..3e8f9372132 100755
>>>> --- a/tests/functional/test_aarch64_virt.py
>>>> +++ b/tests/functional/test_aarch64_virt.py
>>>> @@ -18,6 +18,7 @@
>>>> from qemu_test import QemuSystemTest, Asset
>>>> from qemu_test import exec_command, wait_for_console_pattern
>>>> from qemu_test import get_qemu_img, run_cmd
>>>> +from qemu_test.utils import archive_extract
>>>> class Aarch64VirtMachine(QemuSystemTest):
>>>> @@ -129,6 +130,67 @@ def test_aarch64_virt_gicv2(self):
>>>> return
>>>> self.common_aarch64_virt("virt,gic-version=2")
>>>> + # Stack is built with OP-TEE build environment from those
>>>> instructions:
>>>> + # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/
>>>> + # https://github.com/pbo-linaro/qemu-rme-stack
>>>> + ASSET_RME_STACK = Asset(
>>>> + ('https://fileserver.linaro.org/s/JX7oNgfDeGXSxcY/'
>>>> + 'download/rme-stack-op-tee-4.2.0.tar.gz'),
>>>> + '1f240f55e8a7a66489c2b7db5d40391e5dcfdd54c82600bd0d4b2145b9a0fbfb')
>>>> +
>>>> + # This tests the FEAT_RME cpu implementation, by booting a VM supporting it,
>>>> + # and launching a nested VM using it.
>>>> + def test_aarch64_virt_rme(self):
>>>> + stack_path_tar_gz = self.ASSET_RME_STACK.fetch()
>>>> + archive_extract(stack_path_tar_gz, self.workdir)
>>>> +
>>>> + self.set_machine('virt')
>>>> + self.vm.set_console()
>>>> + self.require_accelerator('tcg')
>>>> +
>>>> + rme_stack = os.path.join(self.workdir, 'rme-stack')
>>>> + kernel = os.path.join(rme_stack, 'out', 'bin', 'Image')
>>>> + bios = os.path.join(rme_stack, 'out', 'bin', 'flash.bin')
>>>> + drive = os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4')
>>>> +
>>>> + self.vm.add_args('-accel', 'tcg')
>>>> + self.vm.add_args('-cpu', 'max,x-rme=on')
>>>> + self.vm.add_args('-m', '2048')
>>>> + self.vm.add_args('-M', 'virt,acpi=off,'
>>>> + 'virtualization=on,'
>>>> + 'secure=on,'
>>>> + 'gic-version=3')
>>>> + self.vm.add_args('-bios', bios)
>>>> + self.vm.add_args('-kernel', kernel)
>>>> + self.vm.add_args('-drive', f'format=raw,if=none,file={drive},id=hd0')
>>>> + self.vm.add_args('-device', 'virtio-blk-pci,drive=hd0')
>>>> + self.vm.add_args('-device', 'virtio-9p-device,fsdev=shr0,mount_tag=shr0')
>>>> + self.vm.add_args('-fsdev', f'local,security_model=none,path={rme_stack},id=shr0')
>>>> + self.vm.add_args('-device', 'virtio-net-pci,netdev=net0')
>>>> + self.vm.add_args('-netdev', 'user,id=net0')
>>>> + self.vm.add_args('-append', 'root=/dev/vda')
>>>> +
>>>> + self.vm.launch()
>>>> + self.wait_for_console_pattern('Welcome to Buildroot')
>>>> + time.sleep(0.1)
>>>> + exec_command(self, 'root')
>>>> + time.sleep(0.1)
>>>> +
>>>> + # We now boot the (nested) guest VM
>>>> + exec_command(self,
>>>> + 'qemu-system-aarch64 -M virt,gic-version=3 '
>>>> + '-cpu host -enable-kvm -m 512M '
>>>> + '-M confidential-guest-support=rme0 '
>>>> + '-object rme-guest,id=rme0,measurement-algo=sha512 '
>>>> + '-device virtio-net-pci,netdev=net0,romfile= '
>>>> + '-netdev user,id=net0 '
>>>> + '-kernel /mnt/out/bin/Image '
>>>> + '-initrd /mnt/out-br/images/rootfs.cpio '
>>>> + '-serial stdio')
>>>> + # Detect Realm activation during boot.
>>>> + self.wait_for_console_pattern('SMC_RMI_REALM_ACTIVATE')
>>>> + # Wait for boot to complete.
>>>> + self.wait_for_console_pattern('Welcome to Buildroot')
>>> This is the same as above? Or the console of the guest?
>>>
>>
>> It's the guest yes, as the comment try to explain.
>> I chose to implement it this way, instead of going with a separate
>> socket, because it would make the test code much more complicated with
>> no real benefit.
>
> Can you interact with that console? I'm wondering if we can stimulate
> the realm to do something a bit more than to get to the login prompt.
>
Yes, we can login and run anything, or even poweroff the VM. At this
point of the test, the terminal *is* the (nested) guest. We would need
to poweroff before accessing the host again, or send a ctrl-z.
I asked to Jean-Philippe suggestions to run a specific command to stress
the implementation a bit more than simply booting.
> I agree sinking multiple serial ports would make the test more complex
> and we shouldn't do it if we can prove everything works via the guests
> interaction.
>
>>> Could we also check the output of the other serial posts?
>>>
>>
>> Host does not print anything.
>> We already check guest.
>> Message 'SMC_RMI_REALM_ACTIVATE' comes from the firmware.
>> Secure terminal is completely silent.
>>
>> Were you thinking to something else?
>>
>> Feel free to try [1], you can build and launch the vm in two commands
>> without having to install anything on your machine.
>>
>> [1] https://github.com/pbo-linaro/qemu-rme-stack
>
> Nice ;-)
>
Kudos to Jean-Philippe for the clear and simple instructions to build it!
>>
>>>> if __name__ == '__main__':
>>>> QemuSystemTest.main()
>>>
>
On 11/25/24 00:59, Pierrick Bouvier wrote:
> + self.vm.launch()
> + self.wait_for_console_pattern('Welcome to Buildroot')
> + time.sleep(0.1)
> + exec_command(self, 'root')
> + time.sleep(0.1)
There are patches on list or just merged to allow matching login/ps1 prompts instead of
sleeping.
r~
On 11/25/24 06:14, Richard Henderson wrote:
> On 11/25/24 00:59, Pierrick Bouvier wrote:
>> + self.vm.launch()
>> + self.wait_for_console_pattern('Welcome to Buildroot')
>> + time.sleep(0.1)
>> + exec_command(self, 'root')
>> + time.sleep(0.1)
>
> There are patches on list or just merged to allow matching login/ps1 prompts instead of
> sleeping.
>
>
> r~
>
Indeed, exec_command_and_wait_for_pattern function seems a better
choice. I'll use it.
© 2016 - 2025 Red Hat, Inc.