diff mbox series

[kvm-unit-tests,v2,04/16] x86/efi: Add support for running tests with UEFI in SEV-SNP environment

Message ID 20240718124932.114121-5-papaluri@amd.com (mailing list archive)
State New, archived
Headers show
Series Introduce SEV-SNP support | expand

Commit Message

Paluri, PavanKumar July 18, 2024, 12:49 p.m. UTC 
SEV-SNP guests require different QEMU command line parameters in
comparison to SEV-ES, so adjust the QEMU options accordingly. It is
important to note that SEV-SNP guests have some additional requirements
versus an SEV/SEV-ES guest:
  - bios: SEV-SNP guests need a UEFI BIOS, and unlike with SEV-ES they
	  cannot be loaded via pflash and instead rely on -bios option.
  - cpu:  guest CPUID values are validated by SEV-SNP firmware and only
	  a strictly-validated set of features should be advertised to the
	  guest. This will usually require the use of an updated/architected
          QEMU CPU model version. "-cpu EPYC-v4" is used here as it has
          most common set of features compared to EPYC-Milan*/EPYC-Turin*/etc.
	  models.
  - memory-backend-memfd: To support freeing memory after it is
	  converted from shared->private, QEMU relies on
	  memory that can be discarded via FALLOC_FL_PUNCH_HOLE, which
	  is provided via object memory-backend-memfd.

Add these options to the QEMU cmdline (in x86/eri/run) for bringing up
SEV-SNP guest only when EFI_SNP is enabled.

Signed-off-by: Pavan Kumar Paluri <papaluri@amd.com>
---
 x86/efi/README.md |  6 ++++++
 x86/efi/run       | 33 +++++++++++++++++++++++++--------
 2 files changed, 31 insertions(+), 8 deletions(-)
diff mbox series

Patch

diff --git a/x86/efi/README.md b/x86/efi/README.md
index af6e339c2cca..2c61dba336ec 100644
--- a/x86/efi/README.md
+++ b/x86/efi/README.md
@@ -34,6 +34,12 @@  the env variable `EFI_UEFI`:
 
     EFI_UEFI=/path/to/OVMF.fd ./x86/efi/run ./x86/msr.efi
 
+### Run SEV-SNP tests with UEFI
+
+To run SEV-SNP related unit tests with UEFI:
+
+    EFI_SNP=y ./x86/efi/run ./x86/amd_sev.efi
+
 ## Code structure
 
 ### Code from GNU-EFI
diff --git a/x86/efi/run b/x86/efi/run
index 85aeb94fe605..da74eef4bd58 100755
--- a/x86/efi/run
+++ b/x86/efi/run
@@ -18,6 +18,7 @@  source config.mak
 : "${EFI_TEST:=efi-tests}"
 : "${EFI_SMP:=1}"
 : "${EFI_CASE:=$(basename $1 .efi)}"
+: "${EFI_SNP:=n}"
 
 if [ ! -f "$EFI_UEFI" ]; then
 	echo "UEFI firmware not found: $EFI_UEFI"
@@ -54,11 +55,27 @@  cp "$EFI_SRC/$EFI_CASE.efi" "$EFI_CASE_BINARY"
 # to x86/run. This `smp` flag overrides any previous `smp` flags (e.g.,
 # `-smp 4`). This is necessary because KVM-Unit-Tests do not currently support
 # SMP under UEFI. This last flag should be removed when this issue is resolved.
-"$TEST_DIR/run" \
-	-drive file="$EFI_UEFI",format=raw,if=pflash,readonly=on \
-	-drive file.dir="$EFI_TEST/$EFI_CASE/",file.driver=vvfat,file.rw=on,format=raw,if=virtio \
-	-net none \
-	-nographic \
-	-m 256 \
-	"$@" \
-	-smp "$EFI_SMP"
+if [ "$EFI_SNP" != "y" ]; then
+	"$TEST_DIR/run" \
+		-drive file="$EFI_UEFI",format=raw,if=pflash,readonly=on \
+		-drive file.dir="$EFI_TEST/$EFI_CASE/",file.driver=vvfat,file.rw=on,format=raw,if=virtio \
+		-net none \
+		-nographic \
+		-m 256 \
+		"$@" \
+		-smp "$EFI_SMP"
+
+else
+	"$TEST_DIR/run" \
+		-bios "${EFI_UEFI}" \
+		-drive file.dir="$EFI_TEST/$EFI_CASE/",file.driver=vvfat,file.rw=on,format=raw,if=virtio \
+		-net none \
+		-nographic \
+		-m 256 \
+		-object memory-backend-memfd,id=ram1,size=256M,share=true,prealloc=false \
+		-machine q35,confidential-guest-support=sev0,memory-backend=ram1 \
+		-object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1 \
+		-cpu EPYC-v4 \
+		"$@" \
+		-smp "$EFI_SMP"
+fi