From nobody Sat Apr 5 17:48:46 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1737726155; cv=none; d=zohomail.com; s=zohoarc; b=gNChrs0OXxJnhdQRVNx+qInyZXs/gRbRoFGZmsOb5b/cIxDA6zYnPITB/hqGvb0VXXPB5JEOjEC77bNYwuWTswVKLJVavlbOz+ipegtuoQ1yMhTGHVgUYQgm8XKpY5kKebQTI+2aT0O4GPR70pMai1c5xsZTSiFdkhI8KgtYJxE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1737726155; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=lNjYMsjFkikcDRojc5WNqfmBF21JNvTLcu5hQ88uazY=; b=ZTCpLET6EF14UM4tBiPI4C6GQ+362Kyrxhd43JOUPcmHWAVms72pbyqw+YBlmwmIGIyrssaPXwM+ZM7TFPAeT5N+9UTSCKLyfFFSyWxY98JmZ/bf3vjhsybJWEztjsjV5fghXPvuDoTFf2EN/lDpIMnlJI4EflzNdiM3cSk9+B8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1737726155466724.1938801449393; Fri, 24 Jan 2025 05:42:35 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tbJt0-0004bH-NQ; Fri, 24 Jan 2025 08:38:14 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tbJsz-0004ZF-Ex for qemu-devel@nongnu.org; Fri, 24 Jan 2025 08:38:13 -0500 Received: from mgamail.intel.com ([198.175.65.13]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tbJsx-0003xi-NV for qemu-devel@nongnu.org; Fri, 24 Jan 2025 08:38:13 -0500 Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:58 -0800 Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:54 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725892; x=1769261892; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=57vNewpNjlNsOGxCHvti2rQKSJRLR2ytKnQk0AXe0PQ=; b=f68/DXsGct632z5AHh0J5QyZUp5A4kCVpDZaERR13NQ3xopXCqCt+BSY BYRvp0Gxv96S8BxOSY5FrwI8qoMR3zxkmUShipo91GiIdT6tuoIa0e7Sb SgYSEWYD2wlTZX7r/ncMj/keCru5L6b2IpQdC3NYXQRXt/7z7FflLHEDi C2wa7PKLeN7bSjkJH3qTnzAXr6J/cNJPxMTkkU/XkCK5/t1ADA2DcuC0n KadnhcY43iBbeBLWVqKeDMPmBSFyiRmEhtZ5drU5/wXNjce5jyUajLrkJ +zzllON5b95h6heIdvwj3v5uf1A+aETuRv+NuQe3bTvksWRkbK6eWqQVO w==; X-CSE-ConnectionGUID: U+pu/YCHT7WrwRbUGxx90g== X-CSE-MsgGUID: orBELbw3QICHKx1zPoF0lQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246299" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246299" X-CSE-ConnectionGUID: 0CXDbUQTSmOIl/OBnySsXw== X-CSE-MsgGUID: PxUwDFD5TKmZmxHT4HD22w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804234" From: Xiaoyao Li To: Paolo Bonzini , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 15/52] i386/tdx: load TDVF for TD guest Date: Fri, 24 Jan 2025 08:20:11 -0500 Message-Id: <20250124132048.3229049-16-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=198.175.65.13; envelope-from=xiaoyao.li@intel.com; helo=mgamail.intel.com X-Spam_score_int: -63 X-Spam_score: -6.4 X-Spam_bar: ------ X-Spam_report: (-6.4 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.996, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.998, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @intel.com) X-ZM-MESSAGEID: 1737726156904019100 Content-Type: text/plain; charset="utf-8" From: Chao Peng TDVF(OVMF) needs to run at private memory for TD guest. TDX cannot support pflash device since it doesn't support read-only private memory. Thus load TDVF(OVMF) with -bios option for TDs. Use memory_region_init_ram_guest_memfd() to allocate the MemoryRegion for TDVF because it needs to be located at private memory. Also store the MemoryRegion pointer of TDVF since the shared ramblock of it can be discared after it gets copied to private ramblock. Signed-off-by: Chao Peng Co-developed-by: Xiaoyao Li Signed-off-by: Xiaoyao Li --- hw/i386/x86-common.c | 6 +++++- target/i386/kvm/tdx.c | 6 ++++++ target/i386/kvm/tdx.h | 3 +++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index 008496b5b851..1f9492c2dbfd 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -44,6 +44,7 @@ #include "standard-headers/asm-x86/bootparam.h" #include CONFIG_DEVICES #include "kvm/kvm_i386.h" +#include "kvm/tdx.h" =20 #ifdef CONFIG_XEN_EMU #include "hw/xen/xen.h" @@ -1035,11 +1036,14 @@ void x86_bios_rom_init(X86MachineState *x86ms, cons= t char *default_firmware, if (machine_require_guest_memfd(MACHINE(x86ms))) { memory_region_init_ram_guest_memfd(&x86ms->bios, NULL, "pc.bios", bios_size, &error_fatal); + if (is_tdx_vm()) { + tdx_set_tdvf_region(&x86ms->bios); + } } else { memory_region_init_ram(&x86ms->bios, NULL, "pc.bios", bios_size, &error_fatal); } - if (sev_enabled()) { + if (sev_enabled() || is_tdx_vm()) { /* * The concept of a "reset" simply doesn't exist for * confidential computing guests, we have to destroy and diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 2124284e1653..f1c0553e6d4a 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -137,6 +137,12 @@ static int get_tdx_capabilities(Error **errp) return 0; } =20 +void tdx_set_tdvf_region(MemoryRegion *tdvf_mr) +{ + assert(!tdx_guest->tdvf_mr); + tdx_guest->tdvf_mr =3D tdvf_mr; +} + static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { TdxGuest *tdx =3D TDX_GUEST(cgs); diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index d39e733d9fcc..b73461b8d8a3 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -30,6 +30,8 @@ typedef struct TdxGuest { char *mrconfigid; /* base64 encoded sha348 digest */ char *mrowner; /* base64 encoded sha348 digest */ char *mrownerconfig; /* base64 encoded sha348 digest */ + + MemoryRegion *tdvf_mr; } TdxGuest; =20 #ifdef CONFIG_TDX @@ -39,5 +41,6 @@ bool is_tdx_vm(void); #endif /* CONFIG_TDX */ =20 int tdx_pre_create_vcpu(CPUState *cpu, Error **errp); +void tdx_set_tdvf_region(MemoryRegion *tdvf_mr); =20 #endif /* QEMU_I386_TDX_H */ --=20 2.34.1