From: Suzuki K Poulose <suzuki.poulose@arm.com>
To: kvmarm@lists.linux.dev
Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev,
linux-arm-kernel@lists.infradead.org, maz@kernel.org,
alexandru.elisei@arm.com, joey.gouly@arm.com,
steven.price@arm.com, james.morse@arm.com,
oliver.upton@linux.dev, yuzenghui@huawei.com,
andrew.jones@linux.dev, eric.auger@redhat.com,
Suzuki K Poulose <suzuki.poulose@arm.com>
Subject: [kvm-unit-tests PATCH 00/33] Support for Arm Confidential Compute Architecture
Date: Fri, 12 Apr 2024 11:33:35 +0100 [thread overview]
Message-ID: <20240412103408.2706058-1-suzuki.poulose@arm.com> (raw)
This series adds support for running the kvm-unit-tests in the Arm CCA reference
software architecture.
The changes involve enlightening the boot/setup code with the Realm Service Interface
(RSI). The series also includes new test cases that exercise the RSI calls.
Currently we only support "kvmtool" as the VMM for running Realms. There was
an attempt to add support for running the test scripts using with kvmtool here [1],
which hasn't progressed. It would be good to have that resolved, so that we can
run all the tests without manually specifying the commandlines for each run.
For the purposes of running the Realm specific tests, we have added a "temporary"
script "run-realm-tests" until the kvmtool support is added. We do not expect
this to be merged.
Base Realm Support
-------------------
Realm IPA Space
---------------
When running on in Realm world, the (Guest) Physical Address - aka Intermediate
Physical Address (IPA) in Arm terminology - space of the VM is split into two halves,
protected (lower half) and un-protected (upper half). A protected IPA will
always map pages in the "realm world" and the contents are not accessible to
the host. An unprotected IPA on the other hand can be mapped to page in the
"normal world" and thus shared with the host. All host emulated MMIO ranges must
be in unprotected IPA space.
Realm can query the Realm Management Monitor for the configuration via RSI call
(RSI_REALM_CONFIG) and identify the "boundary" of the "IPA" split.
As far as the hyp/VMM is concerned, there is only one "IPA space" (the lower
half) of memory map. The "upper half" is "unprotected alias" of the memory map.
In the guest, this is achieved by "treating the MSB (1 << (IPA_WIDTH - 1))" as
a protection attribute (we call it - PTE_NS_SHARED), where the Realm applies this
to any address, it thinks is acccessed/managed by host (e.g., MMIO, shared pages).
Given that this is runtime variable (but fixed for a given Realm), uses a
variable to track the value.
All I/O regions are marked as "shared". Care is taken to ensure I/O access (uart)
with MMU off uses the "Unprotected Physical address".
Realm IPA State
---------------
Additionally, each page (4K) in the protected IPA space has a state associated
(Realm IPA State - RIPAS) with it. It is either of :
RIPAS_EMPTY
RIPAS_RAM
Any IPA backed by RAM, must be marked as RIPAS_RAM before an access is made to
it. The hypervisor/VMM does this for the initial image loaded into the Realm
memory before the Realm starts execution. Given the kvm-unit-test flat files do
not contain a metadata header (e.g., like the arm64 Linux kernel Image),
indicating the "actual image size in memory", the VMM cannot transition the
area towards the end of the image (e.g., bss, stack) which are accessed very
early during boot. Thus the early boot assembly code will mark the area upto
the stack as RAM.
Once we land in the C code, we mark target relocation area for FDT and
initrd as RIPAS_RAM. At this point, we can scan the FDT and mark all RAM memory
blocks as RIPAS_RAM.
TODO: It would be good to add an image header to the flat files indicating the
size, which can take the burden off doing the early assembly boot code RSI calls.
Shared Memory support
---------------------
Given the "default" memory of a VM is not accessible to host, we add new page
alloc/free routines for "memory shared" with the host. e.g., GICv3-ITS must use
shared pages for ITS emulation.
RSI Test suites
--------------
There are new testcases added to exercise the RSI interfaces and the RMM flows.
Attestation and measurement services related RSI tests require parsing tokens
and claims returned by the RMM. This is achieved with the help of QCBOR library
[2], which is added as a submodule to the project. We have also added a wrapper
library - libtokenverifier - around the QCBOR to parse the tokens according to
the RMM specifications.
Running Arm CCA Stack
-------------------
See more details on Arm CCA and how to build/run the entire stack here[0]
The easiest way to run the Arm CCA stack is using shrinkwrap and the details
are available in [0].
The patches are also available here :
https://gitlab.arm.com/linux-arm/kvm-unit-tests-cca cca/v1
Changes since rfc:
[ https://lkml.kernel.org/r/20230127114108.10025-1-joey.gouly@arm.com ]
- Add support for RMM-v1.0-EAC5, changes to RSI ABIs
- Some hardening checks (FDT overlapping the BSS sections)
- Selftest for memory stress
- Enable PMU/SVE tests for Realms
[0] https://lkml.kernel.org/r/20240412084056.1733704-1-steven.price@arm.com
[1] https://lkml.kernel.org/r/20210702163122.96110-1-alexandru.elisei@arm.com
[2] https://github.com/laurencelundblade/QCBOR
Alexandru Elisei (3):
arm64: Expand SMCCC arguments and return values
arm: selftest: realm: skip pabt test when running in a realm
NOT-FOR-MERGING: add run-realm-tests
Djordje Kovacevic (1):
arm: realm: Add tests for in realm SEA
Gareth Stockwell (1):
arm: realm: add hvc and RSI_HOST_CALL tests
Jean-Philippe Brucker (1):
arm: Move io_init after vm initialization
Joey Gouly (10):
arm: Make physical address mask dynamic
arm64: Introduce NS_SHARED PTE attribute
arm: realm: Add RSI interface header
arm: realm: Make uart available before MMU is enabled
arm: realm: Add RSI version test
arm64: add ESR_ELx EC.SVE
arm64: enable SVE at startup
arm64: selftest: add realm SVE VL test
lib/alloc_page: Add shared page allocation support
arm: Add memtest support
Mate Toth-Pal (2):
arm: Add a library to verify tokens using the QCBOR library
arm: realm: Add Realm attestation tests
Subhasish Ghosh (1):
arm: realm: Add test for FPU/SIMD context save/restore
Suzuki K Poulose (14):
arm: Add necessary header files in asm/pgtable.h
arm: Detect FDT overlap with uninitialised data
arm: realm: Realm initialisation
arm: realm: Add support for changing the state of memory
arm: realm: Set RIPAS state for RAM
arm: realm: Early memory setup
arm: gic-v3-its: Use shared pages wherever needed
arm: realm: Enable memory encryption
qcbor: Add QCBOR as a submodule
arm: Add build steps for QCBOR library
arm: realm: add RSI interface for attestation measurements
arm: realm: Add helpers to decode RSI return codes
arm: realm: Add Realm attestation tests
arm: realm: Add a test for shared memory
.gitmodules | 3 +
arm/Makefile.arm64 | 25 +-
arm/cstart.S | 49 +-
arm/cstart64.S | 154 +++-
arm/fpu.c | 424 +++++++++
arm/realm-attest.c | 1251 +++++++++++++++++++++++++++
arm/realm-ns-memory.c | 86 ++
arm/realm-rsi.c | 159 ++++
arm/realm-sea.c | 143 +++
arm/run-realm-tests | 112 +++
arm/selftest.c | 138 ++-
arm/unittests.cfg | 96 +-
lib/alloc_page.c | 20 +-
lib/alloc_page.h | 24 +
lib/arm/asm/arm-smccc.h | 44 +
lib/arm/asm/io.h | 6 +
lib/arm/asm/pgtable.h | 9 +
lib/arm/asm/psci.h | 13 +-
lib/arm/asm/rsi.h | 21 +
lib/arm/asm/sve-vl-test.h | 9 +
lib/arm/gic-v3.c | 6 +-
lib/arm/io.c | 24 +-
lib/arm/mmu.c | 80 +-
lib/arm/psci.c | 19 +-
lib/arm/setup.c | 26 +-
lib/arm64/asm/arm-smccc.h | 6 +
lib/arm64/asm/esr.h | 1 +
lib/arm64/asm/io.h | 6 +
lib/arm64/asm/pgtable-hwdef.h | 6 -
lib/arm64/asm/pgtable.h | 20 +
lib/arm64/asm/processor.h | 34 +
lib/arm64/asm/rsi.h | 89 ++
lib/arm64/asm/smc-rsi.h | 173 ++++
lib/arm64/asm/sve-vl-test.h | 28 +
lib/arm64/asm/sysreg.h | 7 +
lib/arm64/gic-v3-its.c | 6 +-
lib/arm64/processor.c | 1 +
lib/arm64/rsi.c | 188 ++++
lib/asm-generic/io.h | 12 +
lib/libcflat.h | 1 +
lib/qcbor | 1 +
lib/token_verifier/attest_defines.h | 50 ++
lib/token_verifier/token_dumper.c | 157 ++++
lib/token_verifier/token_dumper.h | 15 +
lib/token_verifier/token_verifier.c | 591 +++++++++++++
lib/token_verifier/token_verifier.h | 77 ++
46 files changed, 4355 insertions(+), 55 deletions(-)
create mode 100644 .gitmodules
create mode 100644 arm/fpu.c
create mode 100644 arm/realm-attest.c
create mode 100644 arm/realm-ns-memory.c
create mode 100644 arm/realm-rsi.c
create mode 100644 arm/realm-sea.c
create mode 100755 arm/run-realm-tests
create mode 100644 lib/arm/asm/arm-smccc.h
create mode 100644 lib/arm/asm/rsi.h
create mode 100644 lib/arm/asm/sve-vl-test.h
create mode 100644 lib/arm64/asm/arm-smccc.h
create mode 100644 lib/arm64/asm/rsi.h
create mode 100644 lib/arm64/asm/smc-rsi.h
create mode 100644 lib/arm64/asm/sve-vl-test.h
create mode 100644 lib/arm64/rsi.c
create mode 160000 lib/qcbor
create mode 100644 lib/token_verifier/attest_defines.h
create mode 100644 lib/token_verifier/token_dumper.c
create mode 100644 lib/token_verifier/token_dumper.h
create mode 100644 lib/token_verifier/token_verifier.c
create mode 100644 lib/token_verifier/token_verifier.h
--
2.34.1
next reply other threads:[~2024-04-12 10:34 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-12 10:33 Suzuki K Poulose [this message]
2024-04-10 16:17 ` [kvm-unit-tests PATCH 00/33] Support for Arm Confidential Compute Architecture Itaru Kitayama
2024-04-15 8:59 ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 01/33] arm: Add necessary header files in asm/pgtable.h Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 02/33] arm: Detect FDT overlap with uninitialised data Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 03/33] arm64: Expand SMCCC arguments and return values Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 04/33] arm: Make physical address mask dynamic Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 05/33] arm64: Introduce NS_SHARED PTE attribute Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 06/33] arm: Move io_init after vm initialization Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 07/33] arm: realm: Add RSI interface header Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 08/33] arm: realm: Make uart available before MMU is enabled Suzuki K Poulose
2024-04-22 11:58 ` Alexandru Elisei
2024-04-22 12:09 ` Suzuki K Poulose
2024-04-22 12:23 ` Alexandru Elisei
2024-04-22 12:36 ` Alexandru Elisei
2024-04-22 13:09 ` Suzuki K Poulose
2024-04-22 15:38 ` Alexandru Elisei
2024-04-22 16:05 ` Suzuki K Poulose
2024-04-22 16:15 ` Alexandru Elisei
2024-04-26 11:15 ` Suzuki K Poulose
2024-04-26 13:51 ` Alexandru Elisei
2024-04-12 10:33 ` [kvm-unit-tests PATCH 09/33] arm: realm: Realm initialisation Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 10/33] arm: realm: Add support for changing the state of memory Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 11/33] arm: realm: Set RIPAS state for RAM Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 12/33] arm: realm: Early memory setup Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 13/33] arm: realm: Add RSI version test Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 14/33] arm: selftest: realm: skip pabt test when running in a realm Suzuki K Poulose
2024-04-22 15:48 ` Alexandru Elisei
2024-04-12 10:33 ` [kvm-unit-tests PATCH 15/33] arm: realm: add hvc and RSI_HOST_CALL tests Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 16/33] arm64: add ESR_ELx EC.SVE Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 17/33] arm64: enable SVE at startup Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 18/33] arm: realm: Add test for FPU/SIMD context save/restore Suzuki K Poulose
2024-05-10 15:28 ` Andrew Jones
2024-05-14 10:27 ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 19/33] arm64: selftest: add realm SVE VL test Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 20/33] arm: realm: Add tests for in realm SEA Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 21/33] lib/alloc_page: Add shared page allocation support Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 22/33] arm: gic-v3-its: Use shared pages wherever needed Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 23/33] arm: realm: Enable memory encryption Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 24/33] qcbor: Add QCBOR as a submodule Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 25/33] arm: Add build steps for QCBOR library Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 26/33] arm: Add a library to verify tokens using the " Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 27/33] arm: realm: add RSI interface for attestation measurements Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 28/33] arm: realm: Add helpers to decode RSI return codes Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 29/33] arm: realm: Add Realm attestation tests Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 30/33] " Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 31/33] arm: realm: Add a test for shared memory Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 32/33] arm: Add memtest support Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 33/33] NOT-FOR-MERGING: add run-realm-tests Suzuki K Poulose
2024-04-16 14:28 ` [kvm-unit-tests PATCH 00/33] Support for Arm Confidential Compute Architecture Jean-Philippe Brucker
2024-05-10 15:23 ` Andrew Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240412103408.2706058-1-suzuki.poulose@arm.com \
--to=suzuki.poulose@arm.com \
--cc=alexandru.elisei@arm.com \
--cc=andrew.jones@linux.dev \
--cc=eric.auger@redhat.com \
--cc=james.morse@arm.com \
--cc=joey.gouly@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-coco@lists.linux.dev \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=steven.price@arm.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).