| Message ID | cover.1740663410.git.roy.hopkins@randomman.co.uk (mailing list archive) |
|---|---|
| Headers | show |
| Series | Introduce support for IGVM files | expand |
Hi Roy, On Thu, Feb 27, 2025 at 01:38:08PM +0000, Roy Hopkins wrote: >Here is v7 of the set of patches to add support for IGVM files to QEMU. This is >based on commit 40efe733e10cc00e4fb4f9f5790a28e744e63c62 of qemu. Thanks again for this work! I noticed that the last patch for this series is missing, also patchew didn't receive it: https://patchew.org/QEMU/cover.1740663410.git.roy.hopkins@randomman.co.uk/ If you're using git-publish you can do: $ git publish --skip 16 -S \ -R cover.1740663410.git.roy.hopkins@randomman.co.uk Thanks, Stefano > >Firstly, apologies for the amount of time between the last version and this one. >I moved roles to a different company and, although I always planned to see this >patch series to completion, it took a while before I found time to setup a >development environment and be in a position to send a new version. I will >continue this series using a personal email address for now, hence the change >to the author and signed-off-by emails. > >The only changes in this version are to rebase on the current master branch and >update commit metadata, including Signed-Off-By and Author emails for my >replacement email address, and to include the final Reviewed-By that were added >in the last review. There were no requested changes on the previous version [1] >so I believe this series is ready to merge. > >As always, thanks to those that have been following along, reviewing and testing >this series. This v7 patch series is also available on github: [2] > >For testing IGVM support in QEMU you need to generate an IGVM file that is >configured for the platform you want to launch. You can use the `buildigvm` >test tool [3] to allow generation of IGVM files for all currently supported >platforms. Patch 11/17 contains information on how to generate an IGVM file >using this tool. > >Changes in v7: > >* Update version numbers for IGVM support to 10.0 >* Add Reviewed-by to relevant commits. >* Update Author email and sign-offs to my new email address > >Patch summary: > >1-11: Add support and documentation for processing IGVM files for SEV, SEV-ES, >SEV-SNP and native platforms. > >12-15: Processing of policy and SEV-SNP ID_BLOCK from IGVM file. > >16: Add pre-processing of IGVM file to support synchronization of 'SEV_FEATURES' >from IGVM VMSA to KVM. > >[1] Link to v6: >https://lore.kernel.org/qemu-devel/cover.1727341768.git.roy.hopkins@suse.com/ > >[2] v7 patches also available here: >https://github.com/roy-hopkins/qemu/tree/igvm_master_v7 > >[3] `buildigvm` tool v0.2.0 >https://github.com/roy-hopkins/buildigvm/releases/tag/v0.2.0 > >Roy Hopkins (16): > meson: Add optional dependency on IGVM library > backends/confidential-guest-support: Add functions to support IGVM > backends/igvm: Add IGVM loader and configuration > hw/i386: Add igvm-cfg object and processing for IGVM files > i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with > IGVM > sev: Update launch_update_data functions to use Error handling > target/i386: Allow setting of R_LDTR and R_TR with > cpu_x86_load_seg_cache() > i386/sev: Refactor setting of reset vector and initial CPU state > i386/sev: Implement ConfidentialGuestSupport functions for SEV > docs/system: Add documentation on support for IGVM > docs/interop/firmware.json: Add igvm to FirmwareDevice > backends/confidential-guest-support: Add set_guest_policy() function > backends/igvm: Process initialization sections in IGVM file > backends/igvm: Handle policy for SEV guests > i386/sev: Add implementation of CGS set_guest_policy() > sev: Provide sev_features flags from IGVM VMSA to KVM_SEV_INIT2 > > backends/confidential-guest-support.c | 43 + > backends/igvm-cfg.c | 52 ++ > backends/igvm.c | 967 ++++++++++++++++++++ > backends/igvm.h | 23 + > backends/meson.build | 5 + > docs/interop/firmware.json | 30 +- > docs/system/i386/amd-memory-encryption.rst | 2 + > docs/system/igvm.rst | 173 ++++ > docs/system/index.rst | 1 + > hw/i386/pc.c | 12 + > hw/i386/pc_piix.c | 10 + > hw/i386/pc_q35.c | 10 + > hw/i386/pc_sysfw.c | 31 +- > include/hw/i386/x86.h | 3 + > include/system/confidential-guest-support.h | 88 ++ > include/system/igvm-cfg.h | 47 + > meson.build | 8 + > meson_options.txt | 2 + > qapi/qom.json | 17 + > qemu-options.hx | 28 + > scripts/meson-buildoptions.sh | 3 + > target/i386/cpu.h | 9 +- > target/i386/sev.c | 850 +++++++++++++++-- > target/i386/sev.h | 124 +++ > 24 files changed, 2454 insertions(+), 84 deletions(-) > create mode 100644 backends/igvm-cfg.c > create mode 100644 backends/igvm.c > create mode 100644 backends/igvm.h > create mode 100644 docs/system/igvm.rst > create mode 100644 include/system/igvm-cfg.h > >-- >2.43.0 >
On Thu, 2025-02-27 at 16:32 +0100, Stefano Garzarella wrote: > Hi Roy, > > On Thu, Feb 27, 2025 at 01:38:08PM +0000, Roy Hopkins wrote: > > Here is v7 of the set of patches to add support for IGVM files to > > QEMU. This is > > based on commit 40efe733e10cc00e4fb4f9f5790a28e744e63c62 of qemu. > > Thanks again for this work! > > I noticed that the last patch for this series is missing, also > patchew > didn't receive it: > > https://patchew.org/QEMU/cover.1740663410.git.roy.hopkins@randomman.co.uk/ > > If you're using git-publish you can do: > > $ git publish --skip 16 -S \ > -R cover.1740663410.git.roy.hopkins@randomman.co.uk > > Thanks, > Stefano > Thanks Stefano. I had all sorts of problems getting git send-mail to send using my mail service provider. I've sorted it now and sent the missing patch. Regards, Roy > > > > Firstly, apologies for the amount of time between the last version > > and this one. > > I moved roles to a different company and, although I always planned > > to see this > > patch series to completion, it took a while before I found time to > > setup a > > development environment and be in a position to send a new version. > > I will > > continue this series using a personal email address for now, hence > > the change > > to the author and signed-off-by emails. > > > > The only changes in this version are to rebase on the current > > master branch and > > update commit metadata, including Signed-Off-By and Author emails > > for my > > replacement email address, and to include the final Reviewed-By > > that were added > > in the last review. There were no requested changes on the previous > > version [1] > > so I believe this series is ready to merge. > > > > As always, thanks to those that have been following along, > > reviewing and testing > > this series. This v7 patch series is also available on github: [2] > > > > For testing IGVM support in QEMU you need to generate an IGVM file > > that is > > configured for the platform you want to launch. You can use the > > `buildigvm` > > test tool [3] to allow generation of IGVM files for all currently > > supported > > platforms. Patch 11/17 contains information on how to generate an > > IGVM file > > using this tool. > > > > Changes in v7: > > > > * Update version numbers for IGVM support to 10.0 > > * Add Reviewed-by to relevant commits. > > * Update Author email and sign-offs to my new email address > > > > Patch summary: > > > > 1-11: Add support and documentation for processing IGVM files for > > SEV, SEV-ES, > > SEV-SNP and native platforms. > > > > 12-15: Processing of policy and SEV-SNP ID_BLOCK from IGVM file. > > > > 16: Add pre-processing of IGVM file to support synchronization of > > 'SEV_FEATURES' > > from IGVM VMSA to KVM. > > > > [1] Link to v6: > > https://lore.kernel.org/qemu-devel/cover.1727341768.git.roy.hopkins@suse.com/ > > > > [2] v7 patches also available here: > > https://github.com/roy-hopkins/qemu/tree/igvm_master_v7 > > > > [3] `buildigvm` tool v0.2.0 > > https://github.com/roy-hopkins/buildigvm/releases/tag/v0.2.0 > > > > Roy Hopkins (16): > > meson: Add optional dependency on IGVM library > > backends/confidential-guest-support: Add functions to support IGVM > > backends/igvm: Add IGVM loader and configuration > > hw/i386: Add igvm-cfg object and processing for IGVM files > > i386/pc_sysfw: Ensure sysfw flash configuration does not conflict > > with > > IGVM > > sev: Update launch_update_data functions to use Error handling > > target/i386: Allow setting of R_LDTR and R_TR with > > cpu_x86_load_seg_cache() > > i386/sev: Refactor setting of reset vector and initial CPU state > > i386/sev: Implement ConfidentialGuestSupport functions for SEV > > docs/system: Add documentation on support for IGVM > > docs/interop/firmware.json: Add igvm to FirmwareDevice > > backends/confidential-guest-support: Add set_guest_policy() > > function > > backends/igvm: Process initialization sections in IGVM file > > backends/igvm: Handle policy for SEV guests > > i386/sev: Add implementation of CGS set_guest_policy() > > sev: Provide sev_features flags from IGVM VMSA to KVM_SEV_INIT2 > > > > backends/confidential-guest-support.c | 43 + > > backends/igvm-cfg.c | 52 ++ > > backends/igvm.c | 967 > > ++++++++++++++++++++ > > backends/igvm.h | 23 + > > backends/meson.build | 5 + > > docs/interop/firmware.json | 30 +- > > docs/system/i386/amd-memory-encryption.rst | 2 + > > docs/system/igvm.rst | 173 ++++ > > docs/system/index.rst | 1 + > > hw/i386/pc.c | 12 + > > hw/i386/pc_piix.c | 10 + > > hw/i386/pc_q35.c | 10 + > > hw/i386/pc_sysfw.c | 31 +- > > include/hw/i386/x86.h | 3 + > > include/system/confidential-guest-support.h | 88 ++ > > include/system/igvm-cfg.h | 47 + > > meson.build | 8 + > > meson_options.txt | 2 + > > qapi/qom.json | 17 + > > qemu-options.hx | 28 + > > scripts/meson-buildoptions.sh | 3 + > > target/i386/cpu.h | 9 +- > > target/i386/sev.c | 850 +++++++++++++++-- > > target/i386/sev.h | 124 +++ > > 24 files changed, 2454 insertions(+), 84 deletions(-) > > create mode 100644 backends/igvm-cfg.c > > create mode 100644 backends/igvm.c > > create mode 100644 backends/igvm.h > > create mode 100644 docs/system/igvm.rst > > create mode 100644 include/system/igvm-cfg.h > > > > -- > > 2.43.0 > > >
Here is v7 of the set of patches to add support for IGVM files to QEMU. This is based on commit 40efe733e10cc00e4fb4f9f5790a28e744e63c62 of qemu. Firstly, apologies for the amount of time between the last version and this one. I moved roles to a different company and, although I always planned to see this patch series to completion, it took a while before I found time to setup a development environment and be in a position to send a new version. I will continue this series using a personal email address for now, hence the change to the author and signed-off-by emails. The only changes in this version are to rebase on the current master branch and update commit metadata, including Signed-Off-By and Author emails for my replacement email address, and to include the final Reviewed-By that were added in the last review. There were no requested changes on the previous version [1] so I believe this series is ready to merge. As always, thanks to those that have been following along, reviewing and testing this series. This v7 patch series is also available on github: [2] For testing IGVM support in QEMU you need to generate an IGVM file that is configured for the platform you want to launch. You can use the `buildigvm` test tool [3] to allow generation of IGVM files for all currently supported platforms. Patch 11/17 contains information on how to generate an IGVM file using this tool. Changes in v7: * Update version numbers for IGVM support to 10.0 * Add Reviewed-by to relevant commits. * Update Author email and sign-offs to my new email address Patch summary: 1-11: Add support and documentation for processing IGVM files for SEV, SEV-ES, SEV-SNP and native platforms. 12-15: Processing of policy and SEV-SNP ID_BLOCK from IGVM file. 16: Add pre-processing of IGVM file to support synchronization of 'SEV_FEATURES' from IGVM VMSA to KVM. [1] Link to v6: https://lore.kernel.org/qemu-devel/cover.1727341768.git.roy.hopkins@suse.com/ [2] v7 patches also available here: https://github.com/roy-hopkins/qemu/tree/igvm_master_v7 [3] `buildigvm` tool v0.2.0 https://github.com/roy-hopkins/buildigvm/releases/tag/v0.2.0 Roy Hopkins (16): meson: Add optional dependency on IGVM library backends/confidential-guest-support: Add functions to support IGVM backends/igvm: Add IGVM loader and configuration hw/i386: Add igvm-cfg object and processing for IGVM files i386/pc_sysfw: Ensure sysfw flash configuration does not conflict with IGVM sev: Update launch_update_data functions to use Error handling target/i386: Allow setting of R_LDTR and R_TR with cpu_x86_load_seg_cache() i386/sev: Refactor setting of reset vector and initial CPU state i386/sev: Implement ConfidentialGuestSupport functions for SEV docs/system: Add documentation on support for IGVM docs/interop/firmware.json: Add igvm to FirmwareDevice backends/confidential-guest-support: Add set_guest_policy() function backends/igvm: Process initialization sections in IGVM file backends/igvm: Handle policy for SEV guests i386/sev: Add implementation of CGS set_guest_policy() sev: Provide sev_features flags from IGVM VMSA to KVM_SEV_INIT2 backends/confidential-guest-support.c | 43 + backends/igvm-cfg.c | 52 ++ backends/igvm.c | 967 ++++++++++++++++++++ backends/igvm.h | 23 + backends/meson.build | 5 + docs/interop/firmware.json | 30 +- docs/system/i386/amd-memory-encryption.rst | 2 + docs/system/igvm.rst | 173 ++++ docs/system/index.rst | 1 + hw/i386/pc.c | 12 + hw/i386/pc_piix.c | 10 + hw/i386/pc_q35.c | 10 + hw/i386/pc_sysfw.c | 31 +- include/hw/i386/x86.h | 3 + include/system/confidential-guest-support.h | 88 ++ include/system/igvm-cfg.h | 47 + meson.build | 8 + meson_options.txt | 2 + qapi/qom.json | 17 + qemu-options.hx | 28 + scripts/meson-buildoptions.sh | 3 + target/i386/cpu.h | 9 +- target/i386/sev.c | 850 +++++++++++++++-- target/i386/sev.h | 124 +++ 24 files changed, 2454 insertions(+), 84 deletions(-) create mode 100644 backends/igvm-cfg.c create mode 100644 backends/igvm.c create mode 100644 backends/igvm.h create mode 100644 docs/system/igvm.rst create mode 100644 include/system/igvm-cfg.h