From nobody Sun Sep 28 16:59:04 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1756380973; cv=none; d=zohomail.com; s=zohoarc; b=bCLT94ifU0q87iFvKyB9bWyEkyMb7SlpRG7raWpJWvZ7zvEeJLqYBCYJVqaj2ZN1yBIaDWbxe9vxc3PtzetsQZTa1TwfsQLlRTPyosqo66TCDAQ0k6nydU8xkxAd+p+iWYnOmAfQGThzRrXZouUEGiwXEW9AE366uwP80et/hrU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1756380973; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=xU6DtKahST/Q0lK7j2pNj1bQhcUnlvAusucbHEq/Suw=; b=is54kKoc1RxZBZgbttLy6n+mrNZFB5dY/Wh4444DDSv5SnP9+EZIFu3Q4mCWCWdAhNS8aPsDlb9twRtnkVaT793VjHPClu9xX+I+aJLaEjEf2IcrhzZInVsU8knIpT74VNhpzrTWkt3TQ5kPCMhBBwxozg11g6AIqt7hV9GQ2bY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 17563809739111023.6291157238585; Thu, 28 Aug 2025 04:36:13 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urau0-0003IL-Ak; Thu, 28 Aug 2025 07:34:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urats-0003DX-8v for qemu-devel@nongnu.org; Thu, 28 Aug 2025 07:34:40 -0400 Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uratp-0005cd-Su for qemu-devel@nongnu.org; Thu, 28 Aug 2025 07:34:40 -0400 Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-45b55ed86b9so4327445e9.0 for ; Thu, 28 Aug 2025 04:34:37 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45b79799c33sm28691015e9.5.2025.08.28.04.34.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Aug 2025 04:34:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1756380876; x=1756985676; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=xU6DtKahST/Q0lK7j2pNj1bQhcUnlvAusucbHEq/Suw=; b=oGmBplU/TCmeTYzJ5gSMDo9+2m9mbDIGD2sMjH7BLSdmzADduGBUSOKMqEjoyBvUop Q3uyoFBqxsA7qK2h9exMmDysAedu30aT+am+RWNzQMn6DwLtXqLi6UXEzBfUHtQi4/Qk Lpj3rlb7EH5Ld601pm8IiM3vrvygB33rd1BjGfP39RVHLDsmNTOdau/LPJw4sg6Bmd+p nH6uYq11W4bjx+Z3dSTaL+q8PNXkpCRC6Z8UDgNSnTvo0tkp+yE9VsB48bmlNY7BDKFB ru04d8oabQ37UpbFCigF1iQW/L070WLHJ1jdsawNZAHs5WU5W2iK36dLRPgXCb0XV74v jA0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756380876; x=1756985676; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xU6DtKahST/Q0lK7j2pNj1bQhcUnlvAusucbHEq/Suw=; b=DzA3KM9VxtO8Pw7uQNp7bFL/eBeb7thmBjE2QL0lDzCYqK92bBmPHe/7i3uNengCXK Vaenf4e0YOTPzFtIdZCWMjHk8Sng/CLZER+babvTaUChoeWNbzs2b9a6rGAPjuNWbZp8 v4USfwFc66kVbYFPtyq4DQyXSEhNEcwlVOkDmBMuYnr7PgjW81xZD4khB6g3ixoYfayd prDETJYziTWeXdOUxyuH0XHRqb5HWX0XpVCAICm552pAm+cXaWbgoTrM/FFGD+hlS6m2 bBcX2lzbN1de/dY70EeEYQFtf6j3ysajXqT4AKNfCd1nocrUdKPylIaQcCF+GEn7TcHZ HKVA== X-Gm-Message-State: AOJu0Yzh9EuntVb5cPHyeFDjBdFBA8KvTB2HtxAMZDxspeQ7ggwjtTZW Ylmq7Mw7tWfFRyGjQymaiqcb6C8Qdk4ogxBBSEygVNE8eE9XJWC/dedfItkK15oYNbJcZVb8GtS PaSSk X-Gm-Gg: ASbGncuEPFLAqbjl/i4niRjRWK08DCe5/qW8JHCyIkBTYCijABnrJHsaamUwRZZAmCT 3ky/E9oYelNAtzFGiwwtxDrRks3EFodLipUgEn5OCkoqjva1oyGKnpzKjLwS7hbrviifDMIfcdI DvWc4p8ddpGfrQuDod4cee5S+TwRtN0xM4cOVyF5K4/NCPTBm2KSdKsSIJcYyG+L9M0zeRy6rxH iMIu1sQxe+Bth5XM/qUggVg4ujYBaHfn8AwLMy6XWXFLleaMndr/zyiQFhJmd9TKXv0QR1bWbfw t19ZOr3OKUunNR+RP8NCZzJJ4ejTFwzOpGd4ToFyJtRb1vSdMGLvINuy6ATfypC0DlTbpCyBm1K dE3sYrM0+hDrvRkRVmong7RNm07Z8A+AX7aTaRK8= X-Google-Smtp-Source: AGHT+IHRzSwqnkK1HXoQDxf2SbRGNPONMFRQ60xXTHLZOo4yrxuhrDCAAh+8+PU6bfotOzsmOTM6lQ== X-Received: by 2002:a05:600c:3104:b0:45b:47e1:ef6d with SMTP id 5b1f17b1804b1-45b517e0364mr173136375e9.36.1756380876094; Thu, 28 Aug 2025 04:34:36 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PULL 03/32] tests/functional/test_aarch64_rme: update image Date: Thu, 28 Aug 2025 12:34:00 +0100 Message-ID: <20250828113430.3214314-4-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250828113430.3214314-1-peter.maydell@linaro.org> References: <20250828113430.3214314-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::32a; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1756380976696116600 From: Pierrick Bouvier TF-A needs to be patched to enable support for FEAT_TCR2 and FEAT_SCTLR2. This new image contains updated firmware. Signed-off-by: Pierrick Bouvier Signed-off-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daud=C3=A9 Tested-by: Philippe Mathieu-Daud=C3=A9 Message-id: 20250727074202.83141-3-richard.henderson@linaro.org Message-ID: <20250719035838.2284029-3-pierrick.bouvier@linaro.org> [PMM: switch to os.makedirs(..., exist_ok=3DTrue) to improve robustness when re-run after test was cancelled midway] Signed-off-by: Peter Maydell --- tests/functional/aarch64/test_rme_sbsaref.py | 64 ++++++++------- tests/functional/aarch64/test_rme_virt.py | 85 +++++++------------- 2 files changed, 66 insertions(+), 83 deletions(-) diff --git a/tests/functional/aarch64/test_rme_sbsaref.py b/tests/functiona= l/aarch64/test_rme_sbsaref.py index 100f1c7738b..ca892e0a8c9 100755 --- a/tests/functional/aarch64/test_rme_sbsaref.py +++ b/tests/functional/aarch64/test_rme_sbsaref.py @@ -10,21 +10,23 @@ # SPDX-License-Identifier: GPL-2.0-or-later =20 import os +from os.path import join +import shutil =20 from qemu_test import QemuSystemTest, Asset, wait_for_console_pattern from qemu_test import exec_command_and_wait_for_pattern -from test_rme_virt import test_realms_guest =20 =20 class Aarch64RMESbsaRefMachine(QemuSystemTest): =20 - # Stack is built with OP-TEE build environment from those instructions: + # Stack is inspired from: # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/ - # https://github.com/pbo-linaro/qemu-rme-stack + # https://github.com/pbo-linaro/qemu-linux-stack/tree/rme_sbsa_release + # ./build.sh && ./archive_artifacts.sh out.tar.xz ASSET_RME_STACK_SBSA =3D Asset( - ('https://fileserver.linaro.org/s/KJyeBxL82mz2r7F/' - 'download/rme-stack-op-tee-4.2.0-cca-v4-sbsa.tar.gz'), - 'dd9ab28ec869bdf3b5376116cb3689103b43433fd5c4bca0f4a8d8b3c104999e= ') + ('https://github.com/pbo-linaro/qemu-linux-stack/' + 'releases/download/build/rme_sbsa_release-a7f02cf.tar.xz'), + '27d8400b11befb828d6db0cab97e7ae102d0992c928d3dfbf38b24b6cf6c324c= ') =20 # This tests the FEAT_RME cpu implementation, by booting a VM supporti= ng it, # and launching a nested VM using it. @@ -35,35 +37,41 @@ def test_aarch64_rme_sbsaref(self): =20 self.vm.set_console() =20 - stack_path_tar_gz =3D self.ASSET_RME_STACK_SBSA.fetch() - self.archive_extract(stack_path_tar_gz, format=3D"tar") + stack_path_tar =3D self.ASSET_RME_STACK_SBSA.fetch() + self.archive_extract(stack_path_tar, format=3D"tar") =20 - rme_stack =3D self.scratch_file('rme-stack-op-tee-4.2.0-cca-v4-sbs= a') - pflash0 =3D os.path.join(rme_stack, 'images', 'SBSA_FLASH0.fd') - pflash1 =3D os.path.join(rme_stack, 'images', 'SBSA_FLASH1.fd') - virtual =3D os.path.join(rme_stack, 'images', 'disks', 'virtual') - drive =3D os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4= ') + rme_stack =3D self.scratch_file('.') + pflash0 =3D join(rme_stack, 'out', 'SBSA_FLASH0.fd') + pflash1 =3D join(rme_stack, 'out', 'SBSA_FLASH1.fd') + rootfs =3D join(rme_stack, 'out', 'host.ext4') =20 - self.vm.add_args('-cpu', 'max,x-rme=3Don,pauth-impdef=3Don') + efi =3D join(rme_stack, 'out', 'EFI') + os.makedirs(efi, exist_ok=3DTrue) + shutil.copyfile(join(rme_stack, 'out', 'Image'), join(efi, 'Image'= )) + with open(join(efi, 'startup.nsh'), 'w') as startup: + startup.write('fs0:Image nokaslr root=3D/dev/vda rw init=3D/in= it --' + ' /host/out/lkvm run --realm' + ' -m 256m' + ' --restricted_mem' + ' --kernel /host/out/Image' + ' --disk /host/out/guest.ext4' + ' --params "root=3D/dev/vda rw init=3D/init"') + + self.vm.add_args('-cpu', 'max,x-rme=3Don') + self.vm.add_args('-smp', '2') self.vm.add_args('-m', '2G') self.vm.add_args('-M', 'sbsa-ref') self.vm.add_args('-drive', f'file=3D{pflash0},format=3Draw,if=3Dpf= lash') self.vm.add_args('-drive', f'file=3D{pflash1},format=3Draw,if=3Dpf= lash') - self.vm.add_args('-drive', f'file=3Dfat:rw:{virtual},format=3Draw') - self.vm.add_args('-drive', f'format=3Draw,if=3Dnone,file=3D{drive}= ,id=3Dhd0') - self.vm.add_args('-device', 'virtio-blk-pci,drive=3Dhd0') - self.vm.add_args('-device', 'virtio-9p-pci,fsdev=3Dshr0,mount_tag= =3Dshr0') - self.vm.add_args('-fsdev', f'local,security_model=3Dnone,path=3D{r= me_stack},id=3Dshr0') - self.vm.add_args('-device', 'virtio-net-pci,netdev=3Dnet0') - self.vm.add_args('-netdev', 'user,id=3Dnet0') - + self.vm.add_args('-drive', f'file=3Dfat:rw:{efi},format=3Draw') + self.vm.add_args('-drive', f'format=3Draw,file=3D{rootfs},if=3Dvir= tio') + self.vm.add_args('-virtfs', + f'local,path=3D{rme_stack}/,mount_tag=3Dhost,' + 'security_model=3Dmapped,readonly=3Doff') self.vm.launch() - # Wait for host VM boot to complete. - wait_for_console_pattern(self, 'Welcome to Buildroot', - failure_message=3D'Synchronous Exception = at') - exec_command_and_wait_for_pattern(self, 'root', '#') - - test_realms_guest(self) + # Wait for host and guest VM boot to complete. + wait_for_console_pattern(self, 'root@guest', + failure_message=3D'Kernel panic') =20 if __name__ =3D=3D '__main__': QemuSystemTest.main() diff --git a/tests/functional/aarch64/test_rme_virt.py b/tests/functional/a= arch64/test_rme_virt.py index 8452d27928f..bb603aaa26c 100755 --- a/tests/functional/aarch64/test_rme_virt.py +++ b/tests/functional/aarch64/test_rme_virt.py @@ -9,50 +9,22 @@ # # SPDX-License-Identifier: GPL-2.0-or-later =20 -import os +from os.path import join =20 from qemu_test import QemuSystemTest, Asset from qemu_test import exec_command, wait_for_console_pattern from qemu_test import exec_command_and_wait_for_pattern =20 -def test_realms_guest(test_rme_instance): - - # Boot the (nested) guest VM - exec_command(test_rme_instance, - 'qemu-system-aarch64 -M virt,gic-version=3D3 ' - '-cpu host -enable-kvm -m 512M ' - '-M confidential-guest-support=3Drme0 ' - '-object rme-guest,id=3Drme0 ' - '-device virtio-net-pci,netdev=3Dnet0,romfile=3D ' - '-netdev user,id=3Dnet0 ' - '-kernel /mnt/out/bin/Image ' - '-initrd /mnt/out-br/images/rootfs.cpio ' - '-serial stdio') - # Detect Realm activation during (nested) guest boot. - wait_for_console_pattern(test_rme_instance, - 'SMC_RMI_REALM_ACTIVATE') - # Wait for (nested) guest boot to complete. - wait_for_console_pattern(test_rme_instance, - 'Welcome to Buildroot') - exec_command_and_wait_for_pattern(test_rme_instance, 'root', '#') - # query (nested) guest cca report - exec_command(test_rme_instance, 'cca-workload-attestation report') - wait_for_console_pattern(test_rme_instance, - '"cca-platform-hash-algo-id": "sha-256"') - wait_for_console_pattern(test_rme_instance, - '"cca-realm-hash-algo-id": "sha-512"') - wait_for_console_pattern(test_rme_instance, - '"cca-realm-public-key-hash-algo-id": "sha-25= 6"') - class Aarch64RMEVirtMachine(QemuSystemTest): =20 - # Stack is built with OP-TEE build environment from those instructions: + # Stack is inspired from: # https://linaro.atlassian.net/wiki/spaces/QEMU/pages/29051027459/ - # https://github.com/pbo-linaro/qemu-rme-stack + # https://github.com/pbo-linaro/qemu-linux-stack/tree/rme_release + # ./build.sh && ./archive_artifacts.sh out.tar.xz ASSET_RME_STACK_VIRT =3D Asset( - ('https://fileserver.linaro.org/s/iaRsNDJp2CXHMSJ/' - 'download/rme-stack-op-tee-4.2.0-cca-v4-qemu_v8.tar.gz'), - '1851adc232b094384d8b879b9a2cfff07ef3d6205032b85e9b3a4a9ae6b0b7ad= ') + ('https://github.com/pbo-linaro/qemu-linux-stack/' + 'releases/download/build/rme_release-86101e5.tar.xz'), + 'e42fef8439badb52a071ac446fc33cff4cb7d61314c7a28fdbe61a11e1faad3a= ') =20 # This tests the FEAT_RME cpu implementation, by booting a VM supporti= ng it, # and launching a nested VM using it. @@ -63,15 +35,16 @@ def test_aarch64_rme_virt(self): =20 self.vm.set_console() =20 - stack_path_tar_gz =3D self.ASSET_RME_STACK_VIRT.fetch() - self.archive_extract(stack_path_tar_gz, format=3D"tar") + stack_path_tar =3D self.ASSET_RME_STACK_VIRT.fetch() + self.archive_extract(stack_path_tar, format=3D"tar") =20 - rme_stack =3D self.scratch_file('rme-stack-op-tee-4.2.0-cca-v4-qem= u_v8') - kernel =3D os.path.join(rme_stack, 'out', 'bin', 'Image') - bios =3D os.path.join(rme_stack, 'out', 'bin', 'flash.bin') - drive =3D os.path.join(rme_stack, 'out-br', 'images', 'rootfs.ext4= ') + rme_stack =3D self.scratch_file('.') + kernel =3D join(rme_stack, 'out', 'Image') + bios =3D join(rme_stack, 'out', 'flash.bin') + rootfs =3D join(rme_stack, 'out', 'host.ext4') =20 - self.vm.add_args('-cpu', 'max,x-rme=3Don,pauth-impdef=3Don') + self.vm.add_args('-cpu', 'max,x-rme=3Don') + self.vm.add_args('-smp', '2') self.vm.add_args('-m', '2G') self.vm.add_args('-M', 'virt,acpi=3Doff,' 'virtualization=3Don,' @@ -79,23 +52,25 @@ def test_aarch64_rme_virt(self): 'gic-version=3D3') self.vm.add_args('-bios', bios) self.vm.add_args('-kernel', kernel) - self.vm.add_args('-drive', f'format=3Draw,if=3Dnone,file=3D{drive}= ,id=3Dhd0') - self.vm.add_args('-device', 'virtio-blk-pci,drive=3Dhd0') - self.vm.add_args('-device', 'virtio-9p-device,fsdev=3Dshr0,mount_t= ag=3Dshr0') - self.vm.add_args('-fsdev', f'local,security_model=3Dnone,path=3D{r= me_stack},id=3Dshr0') - self.vm.add_args('-device', 'virtio-net-pci,netdev=3Dnet0') - self.vm.add_args('-netdev', 'user,id=3Dnet0') + self.vm.add_args('-drive', f'format=3Draw,file=3D{rootfs},if=3Dvir= tio') + self.vm.add_args('-virtfs', + f'local,path=3D{rme_stack}/,mount_tag=3Dhost,' + 'security_model=3Dmapped,readonly=3Doff') # We need to add nokaslr to avoid triggering this sporadic bug: # https://gitlab.com/qemu-project/qemu/-/issues/2823 - self.vm.add_args('-append', 'root=3D/dev/vda nokaslr') + self.vm.add_args('-append', + 'nokaslr root=3D/dev/vda rw init=3D/init --' + ' /host/out/lkvm run --realm' + ' -m 256m' + ' --restricted_mem' + ' --kernel /host/out/Image' + ' --disk /host/out/guest.ext4' + ' --params "root=3D/dev/vda rw init=3D/init"') =20 self.vm.launch() - # Wait for host VM boot to complete. - wait_for_console_pattern(self, 'Welcome to Buildroot', - failure_message=3D'Synchronous Exception = at') - exec_command_and_wait_for_pattern(self, 'root', '#') - - test_realms_guest(self) + # Wait for host and guest VM boot to complete. + wait_for_console_pattern(self, 'root@guest', + failure_message=3D'Kernel panic') =20 if __name__ =3D=3D '__main__': QemuSystemTest.main() --=20 2.43.0