From: Itaru Kitayama <itaru.kitayama@linux.dev>
To: Suzuki K Poulose <suzuki.poulose@arm.com>
Cc: kvmarm@lists.linux.dev, kvm@vger.kernel.org,
linux-coco@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
maz@kernel.org, alexandru.elisei@arm.com, joey.gouly@arm.com,
steven.price@arm.com, james.morse@arm.com,
oliver.upton@linux.dev, yuzenghui@huawei.com,
andrew.jones@linux.dev, eric.auger@redhat.com
Subject: Re: [kvm-unit-tests PATCH 00/33] Support for Arm Confidential Compute Architecture
Date: Thu, 11 Apr 2024 01:17:28 +0900 [thread overview]
Message-ID: <Zha7mFYTPJk34+cO@vm3> (raw)
In-Reply-To: <20240412103408.2706058-1-suzuki.poulose@arm.com>
Hi Suzuki,
On Fri, Apr 12, 2024 at 11:33:35AM +0100, Suzuki K Poulose wrote:
> This series adds support for running the kvm-unit-tests in the Arm CCA reference
> software architecture.
>
>
> The changes involve enlightening the boot/setup code with the Realm Service Interface
> (RSI). The series also includes new test cases that exercise the RSI calls.
>
> Currently we only support "kvmtool" as the VMM for running Realms. There was
> an attempt to add support for running the test scripts using with kvmtool here [1],
> which hasn't progressed. It would be good to have that resolved, so that we can
> run all the tests without manually specifying the commandlines for each run.
>
> For the purposes of running the Realm specific tests, we have added a "temporary"
> script "run-realm-tests" until the kvmtool support is added. We do not expect
> this to be merged.
>
>
> Base Realm Support
> -------------------
>
> Realm IPA Space
> ---------------
> When running on in Realm world, the (Guest) Physical Address - aka Intermediate
> Physical Address (IPA) in Arm terminology - space of the VM is split into two halves,
> protected (lower half) and un-protected (upper half). A protected IPA will
> always map pages in the "realm world" and the contents are not accessible to
> the host. An unprotected IPA on the other hand can be mapped to page in the
> "normal world" and thus shared with the host. All host emulated MMIO ranges must
> be in unprotected IPA space.
>
> Realm can query the Realm Management Monitor for the configuration via RSI call
> (RSI_REALM_CONFIG) and identify the "boundary" of the "IPA" split.
>
> As far as the hyp/VMM is concerned, there is only one "IPA space" (the lower
> half) of memory map. The "upper half" is "unprotected alias" of the memory map.
>
> In the guest, this is achieved by "treating the MSB (1 << (IPA_WIDTH - 1))" as
> a protection attribute (we call it - PTE_NS_SHARED), where the Realm applies this
> to any address, it thinks is acccessed/managed by host (e.g., MMIO, shared pages).
> Given that this is runtime variable (but fixed for a given Realm), uses a
> variable to track the value.
>
> All I/O regions are marked as "shared". Care is taken to ensure I/O access (uart)
> with MMU off uses the "Unprotected Physical address".
>
>
> Realm IPA State
> ---------------
> Additionally, each page (4K) in the protected IPA space has a state associated
> (Realm IPA State - RIPAS) with it. It is either of :
> RIPAS_EMPTY
> RIPAS_RAM
>
> Any IPA backed by RAM, must be marked as RIPAS_RAM before an access is made to
> it. The hypervisor/VMM does this for the initial image loaded into the Realm
> memory before the Realm starts execution. Given the kvm-unit-test flat files do
> not contain a metadata header (e.g., like the arm64 Linux kernel Image),
> indicating the "actual image size in memory", the VMM cannot transition the
> area towards the end of the image (e.g., bss, stack) which are accessed very
> early during boot. Thus the early boot assembly code will mark the area upto
> the stack as RAM.
>
> Once we land in the C code, we mark target relocation area for FDT and
> initrd as RIPAS_RAM. At this point, we can scan the FDT and mark all RAM memory
> blocks as RIPAS_RAM.
>
> TODO: It would be good to add an image header to the flat files indicating the
> size, which can take the burden off doing the early assembly boot code RSI calls.
>
> Shared Memory support
> ---------------------
> Given the "default" memory of a VM is not accessible to host, we add new page
> alloc/free routines for "memory shared" with the host. e.g., GICv3-ITS must use
> shared pages for ITS emulation.
>
> RSI Test suites
> --------------
> There are new testcases added to exercise the RSI interfaces and the RMM flows.
>
> Attestation and measurement services related RSI tests require parsing tokens
> and claims returned by the RMM. This is achieved with the help of QCBOR library
> [2], which is added as a submodule to the project. We have also added a wrapper
> library - libtokenverifier - around the QCBOR to parse the tokens according to
> the RMM specifications.
>
> Running Arm CCA Stack
> -------------------
>
> See more details on Arm CCA and how to build/run the entire stack here[0]
> The easiest way to run the Arm CCA stack is using shrinkwrap and the details
> are available in [0].
>
>
> The patches are also available here :
>
> https://gitlab.arm.com/linux-arm/kvm-unit-tests-cca cca/v1
>
>
> Changes since rfc:
> [ https://lkml.kernel.org/r/20230127114108.10025-1-joey.gouly@arm.com ]
> - Add support for RMM-v1.0-EAC5, changes to RSI ABIs
> - Some hardening checks (FDT overlapping the BSS sections)
> - Selftest for memory stress
> - Enable PMU/SVE tests for Realms
>
> [0] https://lkml.kernel.org/r/20240412084056.1733704-1-steven.price@arm.com
> [1] https://lkml.kernel.org/r/20210702163122.96110-1-alexandru.elisei@arm.com
> [2] https://github.com/laurencelundblade/QCBOR
>
> Alexandru Elisei (3):
> arm64: Expand SMCCC arguments and return values
> arm: selftest: realm: skip pabt test when running in a realm
> NOT-FOR-MERGING: add run-realm-tests
>
> Djordje Kovacevic (1):
> arm: realm: Add tests for in realm SEA
>
> Gareth Stockwell (1):
> arm: realm: add hvc and RSI_HOST_CALL tests
>
> Jean-Philippe Brucker (1):
> arm: Move io_init after vm initialization
>
> Joey Gouly (10):
> arm: Make physical address mask dynamic
> arm64: Introduce NS_SHARED PTE attribute
> arm: realm: Add RSI interface header
> arm: realm: Make uart available before MMU is enabled
> arm: realm: Add RSI version test
> arm64: add ESR_ELx EC.SVE
> arm64: enable SVE at startup
> arm64: selftest: add realm SVE VL test
> lib/alloc_page: Add shared page allocation support
> arm: Add memtest support
>
> Mate Toth-Pal (2):
> arm: Add a library to verify tokens using the QCBOR library
> arm: realm: Add Realm attestation tests
>
> Subhasish Ghosh (1):
> arm: realm: Add test for FPU/SIMD context save/restore
>
> Suzuki K Poulose (14):
> arm: Add necessary header files in asm/pgtable.h
> arm: Detect FDT overlap with uninitialised data
> arm: realm: Realm initialisation
> arm: realm: Add support for changing the state of memory
> arm: realm: Set RIPAS state for RAM
> arm: realm: Early memory setup
> arm: gic-v3-its: Use shared pages wherever needed
> arm: realm: Enable memory encryption
> qcbor: Add QCBOR as a submodule
> arm: Add build steps for QCBOR library
> arm: realm: add RSI interface for attestation measurements
> arm: realm: Add helpers to decode RSI return codes
> arm: realm: Add Realm attestation tests
> arm: realm: Add a test for shared memory
>
> .gitmodules | 3 +
> arm/Makefile.arm64 | 25 +-
> arm/cstart.S | 49 +-
> arm/cstart64.S | 154 +++-
> arm/fpu.c | 424 +++++++++
> arm/realm-attest.c | 1251 +++++++++++++++++++++++++++
> arm/realm-ns-memory.c | 86 ++
> arm/realm-rsi.c | 159 ++++
> arm/realm-sea.c | 143 +++
> arm/run-realm-tests | 112 +++
> arm/selftest.c | 138 ++-
> arm/unittests.cfg | 96 +-
> lib/alloc_page.c | 20 +-
> lib/alloc_page.h | 24 +
> lib/arm/asm/arm-smccc.h | 44 +
> lib/arm/asm/io.h | 6 +
> lib/arm/asm/pgtable.h | 9 +
> lib/arm/asm/psci.h | 13 +-
> lib/arm/asm/rsi.h | 21 +
> lib/arm/asm/sve-vl-test.h | 9 +
> lib/arm/gic-v3.c | 6 +-
> lib/arm/io.c | 24 +-
> lib/arm/mmu.c | 80 +-
> lib/arm/psci.c | 19 +-
> lib/arm/setup.c | 26 +-
> lib/arm64/asm/arm-smccc.h | 6 +
> lib/arm64/asm/esr.h | 1 +
> lib/arm64/asm/io.h | 6 +
> lib/arm64/asm/pgtable-hwdef.h | 6 -
> lib/arm64/asm/pgtable.h | 20 +
> lib/arm64/asm/processor.h | 34 +
> lib/arm64/asm/rsi.h | 89 ++
> lib/arm64/asm/smc-rsi.h | 173 ++++
> lib/arm64/asm/sve-vl-test.h | 28 +
> lib/arm64/asm/sysreg.h | 7 +
> lib/arm64/gic-v3-its.c | 6 +-
> lib/arm64/processor.c | 1 +
> lib/arm64/rsi.c | 188 ++++
> lib/asm-generic/io.h | 12 +
> lib/libcflat.h | 1 +
> lib/qcbor | 1 +
> lib/token_verifier/attest_defines.h | 50 ++
> lib/token_verifier/token_dumper.c | 157 ++++
> lib/token_verifier/token_dumper.h | 15 +
> lib/token_verifier/token_verifier.c | 591 +++++++++++++
> lib/token_verifier/token_verifier.h | 77 ++
> 46 files changed, 4355 insertions(+), 55 deletions(-)
> create mode 100644 .gitmodules
> create mode 100644 arm/fpu.c
> create mode 100644 arm/realm-attest.c
> create mode 100644 arm/realm-ns-memory.c
> create mode 100644 arm/realm-rsi.c
> create mode 100644 arm/realm-sea.c
> create mode 100755 arm/run-realm-tests
> create mode 100644 lib/arm/asm/arm-smccc.h
> create mode 100644 lib/arm/asm/rsi.h
> create mode 100644 lib/arm/asm/sve-vl-test.h
> create mode 100644 lib/arm64/asm/arm-smccc.h
> create mode 100644 lib/arm64/asm/rsi.h
> create mode 100644 lib/arm64/asm/smc-rsi.h
> create mode 100644 lib/arm64/asm/sve-vl-test.h
> create mode 100644 lib/arm64/rsi.c
> create mode 160000 lib/qcbor
> create mode 100644 lib/token_verifier/attest_defines.h
> create mode 100644 lib/token_verifier/token_dumper.c
> create mode 100644 lib/token_verifier/token_dumper.h
> create mode 100644 lib/token_verifier/token_verifier.c
> create mode 100644 lib/token_verifier/token_verifier.h
Thanks for the update! I'll go through the series one by one in the
coming weeks. Just curious one thing - do you guys wish to add Realm tests to the kvm-unit-test package, but not to kselftests?
Thanks,
Itaru.
>
> --
> 2.34.1
>
next prev parent reply other threads:[~2024-04-13 3:22 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-12 10:33 [kvm-unit-tests PATCH 00/33] Support for Arm Confidential Compute Architecture Suzuki K Poulose
2024-04-10 16:17 ` Itaru Kitayama [this message]
2024-04-15 8:59 ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 01/33] arm: Add necessary header files in asm/pgtable.h Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 02/33] arm: Detect FDT overlap with uninitialised data Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 03/33] arm64: Expand SMCCC arguments and return values Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 04/33] arm: Make physical address mask dynamic Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 05/33] arm64: Introduce NS_SHARED PTE attribute Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 06/33] arm: Move io_init after vm initialization Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 07/33] arm: realm: Add RSI interface header Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 08/33] arm: realm: Make uart available before MMU is enabled Suzuki K Poulose
2024-04-22 11:58 ` Alexandru Elisei
2024-04-22 12:09 ` Suzuki K Poulose
2024-04-22 12:23 ` Alexandru Elisei
2024-04-22 12:36 ` Alexandru Elisei
2024-04-22 13:09 ` Suzuki K Poulose
2024-04-22 15:38 ` Alexandru Elisei
2024-04-22 16:05 ` Suzuki K Poulose
2024-04-22 16:15 ` Alexandru Elisei
2024-04-26 11:15 ` Suzuki K Poulose
2024-04-26 13:51 ` Alexandru Elisei
2024-04-12 10:33 ` [kvm-unit-tests PATCH 09/33] arm: realm: Realm initialisation Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 10/33] arm: realm: Add support for changing the state of memory Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 11/33] arm: realm: Set RIPAS state for RAM Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 12/33] arm: realm: Early memory setup Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 13/33] arm: realm: Add RSI version test Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 14/33] arm: selftest: realm: skip pabt test when running in a realm Suzuki K Poulose
2024-04-22 15:48 ` Alexandru Elisei
2024-04-12 10:33 ` [kvm-unit-tests PATCH 15/33] arm: realm: add hvc and RSI_HOST_CALL tests Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 16/33] arm64: add ESR_ELx EC.SVE Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 17/33] arm64: enable SVE at startup Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 18/33] arm: realm: Add test for FPU/SIMD context save/restore Suzuki K Poulose
2024-05-10 15:28 ` Andrew Jones
2024-05-14 10:27 ` Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 19/33] arm64: selftest: add realm SVE VL test Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 20/33] arm: realm: Add tests for in realm SEA Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 21/33] lib/alloc_page: Add shared page allocation support Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 22/33] arm: gic-v3-its: Use shared pages wherever needed Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 23/33] arm: realm: Enable memory encryption Suzuki K Poulose
2024-04-12 10:33 ` [kvm-unit-tests PATCH 24/33] qcbor: Add QCBOR as a submodule Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 25/33] arm: Add build steps for QCBOR library Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 26/33] arm: Add a library to verify tokens using the " Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 27/33] arm: realm: add RSI interface for attestation measurements Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 28/33] arm: realm: Add helpers to decode RSI return codes Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 29/33] arm: realm: Add Realm attestation tests Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 30/33] " Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 31/33] arm: realm: Add a test for shared memory Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 32/33] arm: Add memtest support Suzuki K Poulose
2024-04-12 10:34 ` [kvm-unit-tests PATCH 33/33] NOT-FOR-MERGING: add run-realm-tests Suzuki K Poulose
2024-04-16 14:28 ` [kvm-unit-tests PATCH 00/33] Support for Arm Confidential Compute Architecture Jean-Philippe Brucker
2024-05-10 15:23 ` Andrew Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zha7mFYTPJk34+cO@vm3 \
--to=itaru.kitayama@linux.dev \
--cc=alexandru.elisei@arm.com \
--cc=andrew.jones@linux.dev \
--cc=eric.auger@redhat.com \
--cc=james.morse@arm.com \
--cc=joey.gouly@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-coco@lists.linux.dev \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=steven.price@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).